Menu

Spot scams in your inbox

FEATURE_Emailscams

Do you know your spam from your scams? While spam email is just annoying, scam emails can be truly malicious, trying to trick you into installing viruses on your computer, cheat you out of your hard-earned cash, or worse.

In 2016 alone, Australian businesses lost a whopping $3.8 million to hackers and online scam artists, which was actually a 31% increase from the previous year. As scams become more prevalent and harder to spot, it’s vital to understand how to identify them so you don’t engage with them in the first place.

If you believe you’ve received a scam email, it’s important not to reply, click any links or open any attachments. You should always report, then delete. You can report a scam in the following ways:

  • All scams can be reported to SCAMWATCH.
  • For scams impersonating iiNet, please forward the email as an attachment (learn how) to abuse@iinet.net.au.
  • For scams impersonating another company, check that company’s official website for information about reporting a scam to them.

This article will discuss common tactics used in scam emails, breaking down two examples so you can understand the kind of red flags you should be watching out for.

Example one: Scare tactics

Scare tactics are a typical method used by scam artists to make you feel like you have to react as soon as possible, or something bad will happen. This could be a fine, losing access to your accounts, getting services disconnected, or even just your email storage filling up. By creating a false sense of urgency, they get you hooked before you have a chance to really assess the situation.

Don’t let the massive logo fool you; the example you see here wasn’t sent by iiNet. As one of the major ISPs in Australia, it’s typical for scammers to impersonate us to try to steal our customer’s personal information or account details (this practice is known as “phishing”). Here’s how you can tell it’s a scam:

ScamWatermark_short

It doesn’t look like other iiNet emails: If you’re an iiNet customer, you’re probably very familiar with what our official emails look like, and they look nothing like this. Combined with the fact that the email is written poorly, this should be your first clue that the email isn’t legit.

The company details are wrong: The copyright at the bottom of the email says “iinet.com” but that’s not even our website address (iinet.net.au), let alone our company name. In fact, if you Google that “0800 096 6380” phone number, the first result is for a Netflix phishing scam in 2016. We really can’t stress enough that a little bit of fact-checking can go a really long way in keeping yourself safe.

The logic doesn’t add up: The email is saying your mailbox is full, then it suddenly asks you to click a link to “Verify Now”. Why would you need to verify anything for that? If your inbox really was full, then all you’d need to do is delete some old emails to free up some space. Always pause for a moment and think before you click.

Remember, iiNet will never ask you for your password via email or demand that you verify account details out of the blue. When it comes to serious situations that really do involve service disconnections, trust us: we don’t leave it until the last minute. As per our Customer Relationship Agreement, we’ll always give you at least 30 days’ notice of any detrimental changes to your iiNet account.

If you ever have concerns about an email you’ve received that appears to be from iiNet, you can always contact us to find out if it’s legitimate.

Example two: Bait tactics

ScamWatermark_longOn the flipside of scare tactics, other scam emails may try to entice you with offers that are just too good to be true. The most commonly known example of these “baiting” scams would be the infamous “Nigerian prince” who needs your help getting his vast fortune out of the country, or winning a lottery that you never entered. However, bait scams aren’t always so outlandish. It’s often the more “everyday” offers that you need to watch out for, such as fake competitions, fraudulent charities, and phony job ads.

Seek, one of the largest job listing websites in Australia, has an entire webpage dedicated to safe job searching. I received the example you see here earlier this year, and it really does look like an official email from Seek. However, it’s still clearly a scam, and here’s why:

The email discusses events which never happened: Scammers will often make up fake people and events like to make them seem more “human” so you’ll be more open to interacting with them. If this “Matilda” really existed and had been trying to contact me, there would be evidence of those attempts; previous emails, missed calls, voicemail, text messages, etc. This email arrived completely out of the blue, sent by a stranger, claiming that I’ve already been in contact with someone I’ve never spoken to, about a job I never expressed any interest in. Scam, scam, scam!

The company doesn’t exist: Again, Google can be your best friend when it comes to finding out the facts. The bottom of the email implies that this “Antje Hirsch” company is supposedly based in Hamburg, which was especially confusing, so I Googled it. Surprise, surprise; there’s nothing to indicate that this company actually exists.

The email has an unsubscribe option: Unsubscribe options are mandatory under the Spam Act for commercial emails such as marketing messages, which are typically sent to mailing lists containing thousands of people at once. In scam emails, they could be dangerous, so it’s best just to delete the email without clicking them. However, seeing any unsubscribe option at all is a clear indication that the email has been sent to a large number of people. If an email really was being sent to you and only you, it would never have an unsubscribe option. The iOS 10+ Mail app for iPhone automatically flags emails that have been sent using a mailing list at the top of the email. On all other email programs, you’ll typically find an unsubscribe link at the bottom of an email.

Reporting scams

To recap; once you suspect an email is a scam:

  • Don’t engage: Don’t reply, click any links or open any attachments.
  • Report, then delete: Report the email to SCAMWATCH, or check the company’s official website for information about reporting a scam to them.
  • Reach out: You should always contact a company if you think your account with them has been compromised. They’ll be able to check their records for any sign of suspicious activity and help you re-secure your account.

If you believe your iiNet account has been compromised, please call us on 13 22 58. Likewise, if you suspect that your credit card details are at risk, contact your bank immediately.

To keep up-to-date with all the latest in scams and dodgy dealers, be sure to bookmark the ACCC’s SCAMWATCH website.

22 comments

  1. Kaye Phillips says:

    G’day Great article 1 point you mention the unsubscribe link is found at the bottom at of the email – however you forgot to advise the readers to go get their magnifying glass or stretch their font size out to 572 before they try to find it.

    One of the things I have noticed about scam/spam emails is the overall wording of the email is hinky, in the one you show above the opening sentence starts with “As” I personally expect that a person sending out an email of the type you showed above to:

    1. Have a rudimentary grasp of Grammar and spelling or at the very least be able you use both spell and grammar checker.

    2. Maintain a consistent layout within their email, not have some new paragraphs separated by a line break and others not separated.

    3. Not mix Single and plural in the 1 sentence.

    Another I am assuming as I have never read one scam email is one which I often receive which starts with Hi Anthony or some other name, on the surface it looks like it went to the wrong address, I am thinking it is designed to get people to read it so they can jump on the band wagon if it is something good, (as I said I don’t read them).

    1 of my least favourite type of email comes from well meaning friends things like WORST VIRUS EVER or Amber Alert, I can’t count the times I have said to family or friends if you get an email like this copy the name of the virus or missing person then go to Dr Google and paste it in.

    My delete key works really good for these emails.

  2. Hi all, I was told by a IT that not to click Unsubscribe as this then get’s them in, I don’t know but I don’t do it now.

    One other thing not quite relevant, but there is a phone thing? going round, when you answer a soft voice says “can you hear me” when you answer “yes” they are into what ever they want of your system. Just what I was told. It’s worth mentioning.

  3. Don Munro says:

    I think you have only covered a tiny proportion of the types of scam emails, often purporting to be from a company one has dealt with. One easy way to check most of them is to look at the originating email address – it’s almost never genuine in appearance.

  4. Mavis Miller says:

    Another clue is in the senders address which is at the top of the message and is usually ignored. Here you’ll find ‘company’ names like Newsletter@hardallfun.com, which reveal, when googled, a common ‘Newsletter’ word that Google lists with 8 others, all scams.
    Really appreciate this article. I didn’t know about the unsubscribe detail – but had found the these don’t actually work, or don’t exist at all.

  5. Tracey says:

    I have so many spam emails but can’t see anyway to block them. Even when I use the Spam button the same emails keep coming through from the same people. How do I block them?

  6. Deb says:

    Another way to protect yourself is to disable images because they can hide other code.

    I only download images from people I know, and NEVER any from companies. Any offer they email, can be found on their website. I don’t need photos of the item(s).

    Unsubscribing tells the phisher your address is live & ANY click can result in installing code on your computer.

  7. Terry says:

    May I suggest that for those using MS Outlook, a right click on the suspect and unopened item gives you the option to view the unseen header which accompanies every mail item.
    In that header, you can see quite a bit of information as to the track history and entity relating to the sender.
    Using ‘who is this’ or similar apps. can be quite revealing.
    Sometimes this shows a message had its origin in a domain with which you have no connection or one you wish to avoid.

  8. Bev McGrane says:

    You say to google that number “0800 096 6380”. Which country uses 0800 numbers .. I know the USA has this type of thing ending with four digits, whereas Australian 1800 numbers end in only three digits.

  9. Andy says:

    If I click on ‘unsubscribe’ in spam email, does that just verify to the sender that my address is real and therefore worth sending more spam to?
    Or could clicking on ‘unsubscribe’ possibly redirect me to a malicious site?

    • Gina Thompson says:

      Hi Andy,
      Yes, it’s possible. You shouldn’t click any links in an email which you suspect may be a scam email. I’ve edited the article to make this more clear.

      Cheers,
      Gina

  10. Ronald Tan says:

    I always check the email header and hover my mouse over every link. I can then see where the link is from, very often from some very dodgy country! Searching the domain will then give you further interesting information.

  11. Peter says:

    I use an email client (Becky) rather then web email access. I always remotely view the mail on the server before downloading and I have HTML switched off, viewing emails in plaintext. I have an option to convert an email to HTML format. Spam is deleted on the server.

    Spam is often sent to a whole list without even looking at the recipients’ country domain. I have received emails promising a quick way to migrate to Australia and find work in Australia (where I already live).

  12. Jen says:

    Can iinet please add a block sender feature to our email accounts. This is a feature people can then use instead of clicking on unsubscribe in emails. Other mail accounts have this feature.

  13. Rosemarie says:

    Interesting information about scam. It seems to me that they keep on trying especially offering attractive prizes such as $100 Bunnings card, Woolworths card, Aldi card etc I often block the domain but another pops up and they are usually from countries such as Hungary, France, Poland, Portugal, Texas, Italy etc and sometimes with the wrong spelling of Woolworths. I was informed not to click unsubscribe as this will reveal that my account is alive. How do they receive my email in the first place and how do I stop them apart from blocking them individually as they arrive?

  14. rudolf fletcher says:

    I always right click on a link that I’m not sure of and in the drop down menu I copy link location. I then paste this into notepad or something similar and I can see where it’s going to take me.
    I often find that all the links in a scam email go to the same place even if the link is named something else, such as unsubscribe.

    Sometimes this method will also give me the name of the site involved enabling me to check it out.

  15. Philip Robinson says:

    Very useful article.

  16. DAVRON says:

    If in doubt shut it out Dont know them don’t open them

  17. Andrew says:

    1. Check the email header
    2. Do not click on any links but hover mouse over link and this will show where the link is going make sure the link is going to the same address that you can read in the email. (this works in Outlook and some other programs)
    3. Any phone number or physical address in an email search the phone number and address in Google or hard copy phone book. Also look at the scamwatch website at https://www.scamwatch.gov.au/
    4. Many scams play on your emotions make you feel that if you answer you will get what your wish for could be money, love or holiday if the scam asks for any financial information about you do not reply, If the scam asks for payment of any kind do not pay. If it asks for personal information be very cautious. Never reveal passwords or pin numbers or BSB or account numbers. Never reveal anything that might be an answer to secret questions some legitimate websites use to verify your identity.
    5.If it was from a company that you are not a customer of and have not contacted them before it is highly likely that it will be a scam.

  18. Andy G says:

    Hi Ive just read the article and find myself in the same position as Rosemary. Is there anything I can do to stop them coming in or do I just delete everytime and hope that one day it will stop. It just appears to be getting worse. Thanks Andy G.

  19. Tony W says:

    Scams are a difficult problem to deal with.
    Might I suggest that one solution is to have 2 email accounts; one for trusted friends and business and the second, a junk account,for other emails.
    When the junk account becomes loaded with spam, delete the account and open another email account with a different name.

  20. I also would like to see a settings area in MailBox so I can block repeat offenders. At present, I can block them only after the offending emails arrive on my PC: but they are there in my ‘Junk’ folder and I have to sort through lots of them to make sure none is from a trusted source before I delete them

  21. john Byrne says:

    Hi,
    I have a slightly different approach.
    I use webmail, and if it looks dodgy, I delete it.
    If I don’t know and am doubtful, I close my computer down and restart with a live CD (Usually a Puppy), and then go and look at the email. That way if it is a scam and if it tries to install anything, it will be lost when I close down.
    John B

Menu

Search