How to protect yourself from email scams.
The first line of defence against phishing schemes can be you noticing the signs of a scam straight away and taking the appropriate action.
We've gathered the best advice, so you can be confident in your own ability to sniff out when something is wrong.
Scam emails are designed to trick you, and unfortunately some are really good at it. They can use company logos and official email headers to pose as a trusted source such as your bank, or another organisation that you have an online account for (such as ASIC or Docusign). Some will even contain your name and address to suggest that they are genuine. Under the pretence of being this trusted source, they often ask you to click on a link, ‘login’ with a password, or disclose other personal information.
Things to look for:
- The sender’s email address may be different from the trusted organisation’s website address, even if only slightly. The email may be sent from a completely different address or a free webmail address.
- The email may not use your proper name, but a non-specific greeting such as “Dear customer.”
- A sense of urgency. E.g. the threat that unless you act immediately your account may be closed. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”
- A prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website.
- A request for personal information such as username, password or bank details.
- Be wary if you weren’t expecting to get an email from the organisation that appears to have sent it.
- The entire text of the email may be contained within an image rather than the usual text format. The image can contain an embedded link.
- Spelling, grammar and syntax errors.
- Lack of details about the sender, or how you can contact the company.
A really obvious example containing all of those tell-tale signs would be this one pretending to be from Apple:
However, scams won’t always be this obvious.
- Check if it is a known scam. If you are suspicious of an email (for any of the reasons listed above, or if it just doesn’t seem right) you can check if it is on a list of known spam and scam emails that some Internet security vendors such as McAfee and Symantec feature on their websites.
Don’t trust the display name of the sender.
A common tactic is to use a hoax display name email, usually one that is similar to a source you would trust. Most user inboxes only present the display name once delivered, not the email address in full. Always check the full email address.
Look but don’t click.
Hover your mouse over any links to preview the URL (it will either appear next to your cursor, or in the bottom left corner of your screen). Beware if the web address looks strange, or doesn’t match what the email says it is. If you want to test the link, open a new window and type in URL manually rather than clicking on the link directly from your email.
Don’t give out personal information.
Legitimate banks and most other companies will never ask for personal credentials via email, especially not without consulting you via telephone or in person first.
Don’t open attachments, or forward or reply to emails from an unknown source.
If you suspect the email might be a scam, don’t open any attachments. They can contain viruses and malware, which can damage files on your computer, or steal information. Also be wary of fake ‘remove’ or ‘exit’ buttons/links that can contain links to dodgy websites.
Don’t believe everything you see
Just because an email has convincing brand logos, headers, appropriate language, and a seemingly valid email address, does not mean that it’s legitimate.
- Use Spam Filters. Make sure your email accounts and internet security packages have the spam filter activated and that it remains switched on. They won’t be able to protect against everything but it is at least a first line of defence. Also make sure to check junk mail folders regularly just in case a legitimate email gets through by mistake.
- Protect your passwords and information. Don't have your email passwords auto-saved into your browser, and don't send confidential information such as passwords and bank details via email.
- Use proactive protection software for your business. Cyber security programs like Practice Protect can minimise the risk of important information being leaked from your online data files.
Download a PDF version of this guide to keep for later:
> A guide to identifying email scams.