12-11-2024
Hundreds of billions of emails are sent each day around the globe – and it’s no wonder when email is a fast, efficient, and free way to communicate. But how can you tell when an email is from a scammer?
Fake or phishing emails range from the downright obvious to the alarming lookalikes. Their goal is to trick you into thinking the sender is an organisation you’re familiar with or someone you know to get your personal information.
What is a phishing email?
A phishing email is a type of scam that’s designed to look like it comes from an organisation you’re familiar with, like your bank, service providers for things like power or internet, a government agency, or even someone you know.
Scammers ‘fish’ for personal information by emailing thousands of people hoping a portion of unsuspecting victims will take the bait. Their goal is to obtain enough information to be able to access your finances, commit fraud or identity theft.
Links or attachments in emails can also download malware or viruses that infect your device and allow scammers access to sensitive information.
Phishing scams come in many forms including text messages, phone calls, and ads or posts on social media.
How to tell if an email is from a scammer:
Some email scams can be easy to spot by poor grammar and spelling or blurry company logos. For trickier emails that look more like the real thing, there are other clues you can look for.
Mismatched sender details
Look at the email address. Does the domain name (the part of the email address that comes after the @ symbol) match the name in the From field?
If you can’t see the email address, tap or click on the sender’s name. An obvious mismatch would be an email that claims to be from Microsoft but the email address reads microsoftcustomerhelp8@gmail.com. No large legitimate organisation will send you an email from a free webmail address such as Gmail, Yahoo or Outlook.com.
Unfortunately, mismatched details are not always so obvious. Scammers can use technology to disguise their email address to make it look more like a company’s domain name – this is known as spoofing. Look out for misspellings, extra characters, numbers, or words in a domain name that make it look similar but not the same as the official domain. For example, @nabbank.com.au or @nab.com compared with the official @nab.com.au domain.
If you’re unsure whether an email address is legitimate, check for other clues in the email or do an online search to see what comes up.
Subject lines that create a sense of urgency
Scammers use language to incite emotions such as fear, curiosity, or excitement to get your attention and create a sense of urgency. Here are some examples of what they may say to encourage you to open their email:
- Unusual activity has been detected on your account
- Your account has been suspended
- You are due to receive a refund
- Your refund failed due to incorrect bank details
- Congratulations, you’ve won a prize.
Emails that require urgent action
Once the scammer has your attention, their goal is to encourage you to click on a link in the email or download an attachment. Usually, the link takes you to a fake website that’s designed to capture your login details to important online accounts or your banking or credit card details.
Be wary of emails that deliver urgent news (good or bad) that ask you to click on a link to provide some sort of personal information. For example, they may ask you to sign in to your account, update or verify your personal details.
Generic greetings
Some phishing email scams use generic greetings such as ‘Dear customer’, ‘Dear user’ or no greeting at all. While it’s not unusual to receive generic emails that don’t include your name, most legitimate organisations like your bank, service providers or government agencies will use your name in the greeting. The type of greeting alone won’t give a fake email away so be sure to look for other signs that tell you whether the email is real.
Tips to protect yourself against phishing emails
As a rule, you should guard your personal information online the same way you would in person. Treat requests for things like your passwords, banking information, driver licence or Medicare number with great care.
Here are a few other tips to help you stay savvy against scammers: - When asked to provide personal information online (or even over the phone) take a moment to ask yourself whether it sounds right to you.
- Never sign in to an online account via a link in an email unless you are certain about the sender. Instead, visit the website directly by typing in the URL in the web browser or use the mobile app to access your account.
- Never provide your passwords, multi-factor authentication codes or one-time passcodes over email, even if the sender claims to be from your bank or a government agency.
- If you’re unsure about an email, contact the organisation it claims to be from directly – don’t use the contact details provided in the email.
- If you’ve clicked on a link that takes you to a website, always check the URL to see whether it’s the official company web address.
- Use anti-virus software to protect your devices.
What to do if you think you’ve received a phishing email
If you’ve opened what you think could be a phishing email, don’t panic. Just be sure not to click on any links or download attachments. Instead, report phishing or suspicious emails to your email provider to help them update their filters, protect users, or move the email from your inbox to the spam folder.
There should be an option to report the email when it’s opened. For example, in Gmail you can select More (the three vertical dots next to Reply) to see Report phishing. Similarly, Outlook.com (previously Hotmail) has a Report option in the email’s menu bar next to Reply.
If you’re not entirely sure whether an email is a phishing scam, but it looks suspicious, you can try blocking the email.
For more information
The best protection against scams is staying up to date with current scams so you can spot the signs when you see one. Here are a few websites to help you do just that. https://www.cyber.gov.au/learn-basics/explore-basics/recognise-and-report-scams
Scamwatch – run by the National Anti-Scam Centre, it not only collects reports about scams to help warn others, but it also provides up to date information about current scams and ways you can spot them.
ABC News Scams and Fraud page – a collection of scams related news articles.