Email scams

The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.

What are email scams?

Criminals use email to manipulate or trick you into unintentionally sharing personal information, financial details, or money.

These ‘malicious actors’ will use different tactics to trick you into sharing personal information, including:

  • pretending to be from a well-known, trusted business or organisation, such as energy or telecommunications providers, Australia Post, banks and law enforcement agencies, sending invoices or fines that may include threats to cancel your service or charge an excessive penalty if you don\’t pay immediately

  • money scams or financial schemes such as the ‘Nigerian prince’ scams, offering unexpected prizes and auctions to get you to give money or personal identification

  • phishing emails that enlists a ‘call to action’ to trick you into revealing personal identification.

An email scam likely includes attachments or links where you can download ‘proof’ of legitimacy; however, opening the attachment or downloading the file can infect your computer with malware.

How do I recover from an email scam?

If you\’ve lost money or given personal information to a scammer, there are immediate steps you can take to limit the damage and protect yourself from further loss:

  • Inform the organisation the scammer pretended to be from.

  • If you’ve sent money or personal banking details to a scammer contact your bank immediately. Most big banks will cover any loss if someone makes an unauthorised transaction on your account, as long as you have protected your client number and passwords.

  • Report scams to the Australian Competition and Consumer Commission’s Scamwatch. Include as much information as possible about the scam email in your report (e.g. the email itself, or a screenshot).

  • If the phishing has led to a crime, file a report with Australian Cybercrime Online Reporting Network (ACORN).

How do I prevent email scams?

  • Be aware: don’t open or click on links in emails from people or organisations you don’t know, or in unsolicited messages.

  • Don’t open attachments in unsolicited messages.

  • Before opening an email, consider who is sending it to you and what they are asking you to do. If you’re unsure, call the organisation using contact details from a verified website or other trusted source.

  • Use a spam filter to stop deceptive messages from even reaching you.

Businesses should also educate employees at all levels about identifying and managing suspicious emails.

Verifying emails

  • Read the email carefully, extracting any unique information such as tracking numbers, names, attachment names, email sender, message subject and URLs. Hover your mouse over links to see the web address (usually shown at the bottom of the browser window).

  • Google the extracted information to see if others have reported it as malicious.

  • Call the organisation of the sender and provide them details from the message.

  • Use other methods such as the organisation’s mobile phone app, web site or social media page to verify details from the message.

Stay ahead of the latest cyber threats. Sign up for Stay Smart Online alert, a free service to inform you of the latest cyber threats and how to manage them.