We had a corker of a scam email land recently, supposedly from DocuSign, but actually coming from something called palmwineboys.com (I kid you not). It even had a lovely big red REVIEW DOCUMENTS button, linking off to a sketchy tracking service.
Now, the knee-jerk reaction when something like this hits your inbox is: “My email’s been hacked!” But hold your horses, just because you’ve received a scam email doesn’t mean someone’s broken into your account. It’s no different to takeaway flyers coming through your letterbox. The bloke with the leaflets hasn’t got a copy of your front-door keys.
Spam is just digital junk mail. And just like real junk mail, you’ll sometimes get:
-
A pizza menu when you’re trying to eat healthy.
-
A conservatory flyer even though you live in a third-floor maisonette.
-
A stair-lift catalogue when you’re still running marathons.
So why does spam still get through?
Because there is no magic pill to stop it. Even with proper business-grade services like Microsoft 365 or Google Workspace — which filter out mountains of rubbish every single day — some emails will still sneak through. Why? Because it’s a computer, not a psychic.
Spammers are constantly evolving. They’ll:
-
Spoof addresses so it looks like it’s from someone you know.
-
Hack into Mailchimp or another marketing platform and use those real servers.
-
Exploit dodgy contact forms on insecure websites.
To a filter, some of these look close enough to legit that they squeeze through. And if the filters were any stricter, you’d start missing genuine emails because, let’s be honest — not everyone sets their email up properly. (Looking at you, bargain-basement GoDaddy and IONOS users).
The important bit:
Receiving a scam email does NOT mean you’ve been compromised. It just means your address is on a spam list. The scammers chuck out millions of these, waiting for a few unlucky souls to click.
But how did they get my email in the first place?
-
From someone you’ve emailed before who got hacked.
-
From a sloppy “CC all” on a group message instead of using BCC.
-
From databases of old logins that get leaked and sold on.
-
Or — brace yourself — because you run a business and your email address is literally meant to be public.
What should you do?
-
Don’t panic.
-
Don’t click.
-
If in doubt, forward it to services@tlmartin.ltd.uk and we’ll take a look.
(Pro tip: don’t forward it to your manager or CEO — they’re just going to forward it to us anyway. Save everyone the time and cut out the middleman).
TL;DR:
-
Spam happens — it’s digital junk mail.
-
Microsoft 365/Google Workspace catch most of it, but not all.
-
Receiving a scam email ≠ being hacked.
-
Your address gets out there via leaks, mailing lists, or just being in business.
-
If you’re not sure, don’t click — forward it to us.
Final Thought
Scammers will always try new tricks, but you don’t have to play their game. Just like you don’t buy a conservatory for your third-floor flat, you don’t click on random DocuSign buttons from palmwineboys.com.
Instead, bin it, laugh at the attempt, and if you’re ever unsure — let us check it for you. That’s literally what we’re here for.