How to protect yourself from email scams

7 things you need to check on every dubious email

Tuesday 24 May 2016

There was a time when fake emails were easy to spot. They usually announced a million dollar prize in a lottery we never entered or requested urgent access to your bank account on behalf of a long-lost relative. That’s no longer the case.

These days, phishing - defined as attempting to gain personal information for malicious reasons - is a sophisticated enterprise, often run by international criminal gangs who pour a lot of time and money into making their emails (or phone calls) realistic enough to trick consumers and businesses into revealing personal information for their own financial gain.

To prevent you or your business falling victim to a phishing email, here are seven things you should always check.

1. Check who the email comes from

While phishing emails usually purport to come from someone in authority, checking the email address of the sender often reveals that’s not the case. For instance, a senior figure at a respected company won’t email you from their Gmail account or from an organisation whose URL (ie web address, such as www.telstra.com) is different to their own. Sometimes, however, scammers will do a good job of masking their real email address - so it’s important to know this isn’t always a sure fire method for detecting a scam.

2. Check the language

Most phishing emails originate from overseas, so no matter how proficient the email’s author is, it’s likely that some of the language or terminology will be wrong. Check the email carefully to look for missing words, poor spelling or grammar, odd turns of phrase or even poor punctuation.

3. Check the URL they’re directing you to

Phishing emails almost always operate by sending you to a fake website. For instance, if Telstra launches a web-based promotion it’s likely to be hosted on its main site at an address such as telstra.com.au/promotion not promotion.pn/telstra. You can usually check the details of the URL the email is sending you to. To do this, place your cursor above the icon or ‘Click here’ sign, without clicking. Alternatively, if you’ve arrived at the website and you think it’s fake, check the address in the menu bar. But sometimes the fake URL can be very difficult to spot. If you’re unsure, play it safe - don’t click.

4. Check what they want from you

Phishing emails usually rely on tapping into one of two emotions: greed or fear. If you unexpectedly receive notice of a windfall or penalty, chances are it could be an attempt at phishing. Phishing emails also usually try to compel you to act quickly by telling you there will be consequences if you don’t do something soon.

"Phishing emails usually try to compel you to act quickly."

5. Check what information they’re after

Scammers will usually want more information from you than you might feel comfortable giving out. For instance, they may ask you for your internet banking password even where it’s not needed - for instance, if the email says that the sender wants to transfer money into your account. So always be conscious of what information you’re giving out and why.

6. Check for attachments

Some phishing emails will attempt to hijack control of your computer by having you open an executable file, which opens a program and causes your computer to perform certain tasks. Scammers can mask the file type, so even a benign looking file such as a .PDF or .docx file may turn out to be something a lot nastier. Never open an attachment you're not sure about.

Never open an attachment you’re not sure about.

7. Check the signoff

Sometimes it can be the little things that let a scammer down and nothing seems more innocuous than your email signoff. But scammers will often miss an important detail, fail to stick to company brand and style, or otherwise make their sign off generic without even mentioning a name. So if you’re used to dealing with an organisation, check how the email signoff compares to their standard. You’d be surprised how often scammers get this wrong.

And finally…

These are just a few examples of common email scams and there are many more we haven’t included. After all, as particular email scams become less effective, scammers will invent new ones to take their place - often making them even more sophisticated and harder to detect.

But by staying vigilant and checking for these seven things, you should be able to spot and avoid most phishing emails. And, if you’re ever in any doubt, always err on the side of caution and call the organisation direct - not the phone number listed in the suspicious email.

You might also like:
How well do you really know your clients?
An article on why building a personal relationship can help prevent fraud.

Any information on this page in relation to mortgages has been prepared by Macquarie Securitisation Limited (MSL) Australian Credit Licence (ACL) 237863 ACN 003 297 336.

All other information has been prepared by Macquarie Bank Limited (MBL) (AFSL and ACL 237502) ABN 46 008 583 542 and does not take into account your client’s objectives, financial situation or needs.

This information is provided for the use of licensed and accredited brokers and financial advisers only. In no circumstances is it to be used by a potential client for the purposes of making a decision about a financial product or class of products.

Except for Macquarie Bank Limited ABN 46 008 583 542 AFSL and Australian Credit Licence 237502 (MBL), any Macquarie entity referred to on this page is not an authorised deposit-taking institution for the purposes of the Banking Act 1959 (Cth). That entity's obligations do not represent deposits or other liabilities of MBL. MBL does not guarantee or otherwise provide assurance in respect of the obligations of that entity, unless noted otherwise.