How to protect yourself from scam emails and texts

You are currently viewing How to protect yourself from scam emails and texts

A guide to protecting yourself online.

This guide is designed to help you identify scam emails and texts, so you can be careful and confident online and sniff out when something is wrong.

Scam emails and texts are designed to trick you, and unfortunately some are really good at it! They can use company logos and official email headers to pose as a trusted source such as your bank, and other organisations that you have online accounts for.

Want to save this for later? Download our ebook below!

What is the difference between a spam and a scam?

Scam texts or emails are sent with malicious intent by cybercriminals. These will often ask for personal details or to click a specific link in an attempt to steal your identity or defraud you.

On the other hand, spam texts and emails are communications from a real company with offers, advertising and sales. These messages will often have an option to unsubscribe.

Common Signs It’s A Scam

•  The sender’s email address may be different from the trusted organisation’s website address, even if only slightly. The email may be sent from a completely different address or a free webmail address.

• The text message or email begins with “From (company name):” or “Dear Valued Customer”.

•  There is an urgent call to action, such as: ‘unless you act immediately your account may be closed’, ‘ your account has been suspended’ or ‘your account had an “unauthorised login attempt”’.

•  A prominent or strange looking website link with symbols. These can look very similar to the correct company address.

•  A request for personal details such as usernames, passwords, phone numbers or bank details.

•  If you’re not expecting an email or text message from the ‘trusted source’ that the email appears to be from, or if they appear to be asking something unusual of you. You can always directly check with the organisation to be sure.

•  The entire text of the email may be contained within an image, which can contain an embedded link.

•  Spelling, grammar and syntax errors.

•  Lack of details about the sender, or how you can contact the company.

• Unknown company name in contact/sender info.

Safe Email and Text Message Practices

1. Check if it is a known scam.

If you are suspicious of an email or text message (for any of the reasons we’ve listed, or if it just doesn’t seem right), you can check if it is on a list of known spam and scam emails and text messages.

The most common text scam at the moment is a fake delivery notification. These scams take advantage of an increase in online shopping and trick many people if they happen to have a delivery coming that day.

Note: McAfee and Symantec feature spam and scam email lists on their websites.

2. Don’t trust the display name of the sender.

A common tactic is to use a hoax display name, usually one that is similar to a source you would trust. Most user inboxes only present the display name once delivered, not the email address in full. Always check the full email address or contact.

3. Double check the links (without clicking them!).

For scam emails, hover your mouse over any links to preview the URL (it will either appear next to your cursor, or in the bottom left corner of your screen). Beware if the web address looks strange, or doesn’t match what the email says it is.

Although the links can look legitimate, they will often have multiple symbols in them or spelling and grammar errors.

If you want to test the link of an email or text message, open a new window and type in URL manually rather than clicking on the link directly from your email.

4. Don’t give out personal information.

Legitimate banks, the ATO and most other companies will never ask for personal credentials via email or text messages, especially not without consulting you via telephone or in person first.

5. Don’t open attachments, or reply to emails or texts from an unknown source.

If you suspect the email or text might be a scam, don’t open any attachments. They can contain viruses and malware, which can damage files on your computer and phone, or steal information. Also be wary of fake ‘remove’ or ‘exit’ buttons/links that can contain links to dodgy websites.

6. Be skeptical.

Just because an email or text message has convincing brand logos, headers, appropriate language, and a seemingly valid email address, does not mean that it’s legitimate.

7. Use Spam Filters.

Make sure your email accounts, phone and internet security packages have the spam filter activated and that it remains switched on. They won’t be able to protect against everything but it is at least a first line of defence.

Also make sure to check junk mail folders regularly just in case a legitimate email gets through by mistake.

8. Educate older relatives/friends

You should help educate older relatives or friends that may not be good with technology on scams because people over 55 years of age are the most likely to fall victim.

9. Use your MyGov account for Government services

For Government services, always use and refer back to your MyGov account. Any messages to you from the ATO or other Government services will be published to your MyGov account so it is good to check this before you click on an email or text link.

How to protect your business from scams

  • Educate your team about threats and what to look out for, the importance of passwords and password security, and how to manage customer information.
  • Ensure staff only have access to the business systems and information they need.
  • Don’t have shared login details or passwords.
  • Complete a risk assessment of your systems and add cybersecurity to your risk management framework.
  • Develop and implement cyber security policies and protocols.
  • Understand your organisation’s legal obligations.
  • Use multifactor authentication on your systems and third-party systems.
  • Update software and devices regularly
  • Back-up data and have backup protocols in place.
  • If customer data is being shared with related or third parties domiciled overseas, ensure your customer is aware of where their data is domiciled
  • Only collect the customer data you need to provide the goods and services you offer.
  • Ensure protocols are in place for accounts payable.

For more information on scam emails and texts, visit the ScamWatch website.

If you’re interested in Cyber-Safety, you may find the following articles helpful as well..