How to protect yourself from email scams
7 things you need to check on every dubious email
Tuesday 20 Feb 2018
There was a time when fake emails were easy to spot. They usually announced a million dollar prize in a lottery we never entered or requested urgent access to your bank account on behalf of a long-lost relative. That’s no longer the case.
These days, phishing - defined as attempting to gain personal information for malicious reasons - is a sophisticated enterprise, often run by international criminal gangs who pour a lot of time and money into making their emails (or phone calls) realistic enough to trick consumers and businesses into revealing personal information for their own financial gain.
To prevent you or your business falling victim to a phishing email, here are seven things you should always check.
1. Check who the email comes from
While phishing emails usually purport to come from someone in authority, checking the email address of the sender often reveals that’s not the case. For instance, a senior figure at a respected company won’t email you from their Gmail account or from an organisation whose URL (ie web address, such as www.telstra.com) is different to their own. Sometimes, however, scammers will do a good job of masking their real email address - so it’s important to know this isn’t always a sure fire method for detecting a scam.
2. Check the language
Most phishing emails originate from overseas, so no matter how proficient the email’s author is, it’s likely that some of the language or terminology will be wrong. Check the email carefully to look for missing words, poor spelling or grammar, odd turns of phrase or even poor punctuation.
3. Check the URL they’re directing you to
Phishing emails almost always operate by sending you to a fake website. For instance, if Telstra launches a web-based promotion it’s likely to be hosted on its main site at an address such as telstra.com.au/promotion not promotion.pn/telstra. You can usually check the details of the URL the email is sending you to. To do this, place your cursor above the icon or ‘Click here’ sign, without clicking. Alternatively, if you’ve arrived at the website and you think it’s fake, check the address in the menu bar. But sometimes the fake URL can be very difficult to spot. If you’re unsure, play it safe - don’t click.
4. Check what they want from you
Phishing emails usually rely on tapping into one of two emotions: greed or fear. If you unexpectedly receive notice of a windfall or penalty, chances are it could be an attempt at phishing. Phishing emails also usually try to compel you to act quickly by telling you there will be consequences if you don’t do something soon.
5. Check what information they’re after
Scammers will usually want more information from you than you might feel comfortable giving out. For instance, they may ask you for your internet banking password even where it’s not needed - for instance, if the email says that the sender wants to transfer money into your account. So always be conscious of what information you’re giving out and why.
6. Check for attachments
Some phishing emails will attempt to hijack control of your computer by having you open an executable file, which opens a program and causes your computer to perform certain tasks. Scammers can mask the file type, so even a benign looking file such as a .PDF or .docx file may turn out to be something a lot nastier. Never open an attachment you're not sure about.
7. Check the signoff
Sometimes it can be the little things that let a scammer down and nothing seems more innocuous than your email signoff. But scammers will often miss an important detail, fail to stick to company brand and style, or otherwise make their sign off generic without even mentioning a name. So if you’re used to dealing with an organisation, check how the email signoff compares to their standard. You’d be surprised how often scammers get this wrong.
These are just a few examples of common email scams and there are many more we haven’t included. After all, as particular email scams become less effective, scammers will invent new ones to take their place - often making them even more sophisticated and harder to detect.
But by staying vigilant and checking for these seven things, you should be able to spot and avoid most phishing emails. And, if you’re ever in any doubt, always err on the side of caution and call the organisation direct - not the phone number listed in the suspicious email.
You might also like:
Is that email really from your boss?
This material has been prepared by Macquarie Bank Limited ABN 46 008 583 542 AFSL & Australian Credit Licence 237502 ("Macquarie") for general discussion purposes only, without taking into account your personal objectives, financial situation or needs. Before acting on this general information, you must consider its appropriateness having regard to your own objectives, financial situation and needs. The information provided is not intended to replace or serve as a substitute for any accounting, tax or other professional advice, consultation or service.
Except for Macquarie Bank Limited ABN 46 008 583 542 AFSL and Australian Credit Licence 237502 (MBL), any Macquarie entity referred to on this page is not an authorised deposit-taking institution for the purposes of the Banking Act 1959 (Cth). That entity’s obligations do not represent deposits or other liabilities of MBL. MBL does not guarantee or otherwise provide assurance in respect of the obligations of that entity, unless noted otherwise.