How do I protect against scam and phishing emails?
Some deliberate thought and caution is all you need.
What are scam and phishing emails?
They're emails trying to dupe you and are generally always criminal in intent. While the purpose is probably to steal from you, the emails differ in their approach.
These generally ask for money and want you to answer their email. For example, you might be told of an inheritance or lotto win. To claim it, you need to pay a fee. Maybe it's a job offer or way to make money from home, but again you need to pay to apply. You may also get a bill for something you didn't buy, or asked to donate to a charity.
Phishing emails try to steal your data. They look like authentic emails from a reputable outfit such as bank, electricity provider or online shopping company that you may deal with. They want you to click on the link in the email which takes you to a fake web page. There, they'll ask for bank details of private information like log-ins and passwords.
How do I identify fake emails?
Never take any email at face value. Look for these tell-tale signs:
- You don't know the sender, even if the email suggests they know you.
- You receive an improbable promise or offer. If it sounds too good to be true, it usually is.
- You're asked to part with your money.
- The 'from 'email address is slightly different than usual. Or the email isn't from an official website. For example, if the sender address is 'firstname.lastname@example.org' instead of 'email@example.com'. Check the address of other emails sent to you by that company.
- The email design looks a bit different or has a different logo than normal.
- They use impersonal greetings such as “Dear Sir or Madam”. Or address you by your business name instead of your own name. Organisations you deal with should know your name.
- The email tries to panic you by threatening to terminate a service or take legal action.
- Your bills are paid, but you receive an overdue payment reminder with an invitation to click on a link.
I've received a bogus email. What do I do?
If you suspect an email is fake, the simplest remedy is to delete it. What if you want to verify the email before you delete it? Simply call the company that sent it to you, but don't use the number on the email.
If you’ve received a bogus email and your email provider offers a “Report” functionality, report the email. Depending on the email provider, they may be able to block either the sender, the IP, or both if they receive enough reports.
The most important things to remember are:
- Never reply to the email. If you do, scammers know your email address is valid and will send more scam emails.
- Never phone the number on the email. Scammers will answer, and they'll know your phone number.
- Never click website links in the email. You'll reveal your email address is active and the website could install malware.
- Never open attachments. They can release malware.
Find out more about safe online practices from Telstra or watch the miniseries on cyber security. View the latest news and alerts on scams from government agency Scamwatch and see Government tips on how to protect yourself online.