Spot scams in your inbox

Do you know your spam from your scams? While spam email is just annoying, scam emails can be truly malicious, trying to trick you into installing viruses on your computer, cheat you out of your hard-earned cash, or worse.

In 2016 alone, Australian businesses lost a whopping $3.8 million to hackers and online scam artists, which was actually a 31% increase from the previous year. As scams become more prevalent and harder to spot, it’s vital to understand how to identify them so you don’t engage with them in the first place.

If you believe you’ve received a scam email, it’s important not to reply, click any links or open any attachments. You should always report, then delete. You can report a scam in the following ways:

• All scams can be reported to SCAMWATCH.
• For scams impersonating iiNet, please forward the email as an attachment (learn how) to abuse@iinet.net.au.
• For scams impersonating another company, check that company’s official website for information about reporting a scam to them.

This article will discuss common tactics used in scam emails, breaking down examples so you can understand the kind of red flags you should be watching out for.

Example one: Scare tactics

Scare tactics are a typical method used by scam artists to make you feel like you have to react as soon as possible, or something bad will happen. This could be a fine, losing access to your accounts, getting services disconnected, or even just your email storage filling up. By creating a false sense of urgency, they get you hooked before you have a chance to really assess the situation.

Don’t let the massive logo fool you; the example you see here wasn’t sent by iiNet. As one of the major ISPs in Australia, it’s typical for scammers to impersonate us to try to steal our customer’s personal information or account details (this practice is known as “phishing”). Here’s how you can tell it’s a scam:

It doesn’t look like other iiNet emails: If you’re an iiNet customer, you’re probably very familiar with what our official emails look like, and they look nothing like this. Combined with the fact that the email is written poorly, this should be your first clue that the email isn’t legit.

The company details are wrong: The copyright at the bottom of the email says “iinet.com” but that’s not even our website address (iinet.net.au), let alone our company name. In fact, if you Google that “0800 096 6380” phone number, the first result is for a Netflix phishing scam in 2016. We really can’t stress enough that a little bit of fact-checking can go a really long way in keeping yourself safe.

The logic doesn’t add up: The email is saying your mailbox is full, then it suddenly asks you to click a link to “Verify Now”. Why would you need to verify anything for that? If your inbox really was full, then all you’d need to do is delete some old emails to free up some space. Always pause for a moment and think before you click.

Remember, iiNet will never ask you for your password via email or demand that you verify account details out of the blue. When it comes to serious situations that really do involve service disconnections, trust us: we don’t leave it until the last minute. As per our Customer Relationship Agreement, we’ll always give you at least 30 days’ notice of any detrimental changes to your iiNet account.

If you ever have concerns about an email you’ve received that appears to be from iiNet, you can always contact us to find out if it’s legitimate.

Example two: Bait tactics

On the flipside of scare tactics, other scam emails may try to entice you with offers that are just too good to be true. The most commonly known example of these “baiting” scams would be the infamous “Nigerian prince” who needs your help getting his vast fortune out of the country, or winning a lottery that you never entered. However, bait scams aren’t always so outlandish. It’s often the more “everyday” offers that you need to watch out for, such as fake competitions, fraudulent charities, and phony job ads.

Seek, one of the largest job listing websites in Australia, has an entire webpage dedicated to safe job searching. I received the example you see here earlier this year, and it really does look like an official email from Seek. However, it’s still clearly a scam, and here’s why:

The email discusses events which never happened: Scammers will often make up fake people and events like to make them seem more “human” so you’ll be more open to interacting with them. If this “Matilda” really existed and had been trying to contact me, there would be evidence of those attempts; previous emails, missed calls, voicemail, text messages, etc. This email arrived completely out of the blue, sent by a stranger, claiming that I’ve already been in contact with someone I’ve never spoken to, about a job I never expressed any interest in. Scam, scam, scam!

The company doesn’t exist: Again, Google can be your best friend when it comes to finding out the facts. The bottom of the email implies that this “Antje Hirsch” company is supposedly based in Hamburg, which was especially confusing, so I Googled it. Surprise, surprise; there’s nothing to indicate that this company actually exists.

The email has an unsubscribe option: Unsubscribe options are mandatory under the Spam Act for commercial emails such as marketing messages, which are typically sent to mailing lists containing thousands of people at once. In scam emails, they could be dangerous, so it’s best just to delete the email without clicking them. However, seeing any unsubscribe option at all is a clear indication that the email has been sent to a large number of people. If an email really was being sent to you and only you, it would never have an unsubscribe option. The iOS 10+ Mail app for iPhone automatically flags emails that have been sent using a mailing list at the top of the email. On all other email programs, you’ll typically find an unsubscribe link at the bottom of an email.

 

 

 

 

 

 

Always check before you click

The example below is the most concerning because it was made by copying a real iiNet email, so it looks almost identical to the real thing. All the buttons at the bottom of the email link through to the iiNet websites that they should link through to, so it looks even more legitimate. This scammer was banking on customers taking the email at face value and clicking the “Login To Your Account” link in the email, which links to a fraudulent website instead of an iiNet website.

Checking the  destination of a link only takes a moment and it can save you a huge amount of stress when it comes to email scams. You can check the link without clicking in in the following ways:

• On a desktop PC, hover your mouse over the link without clicking. A box will come up with the destination URL, as shown in the example above.
• On iPhone and iPads, tap and hold the link without releasing your finger. After a moment, a menu will come up with the destination URL at the top as shown in this example. Tap “Cancel” to close the menu.
• On Android smartphones and tablets, tap and hold the link without releasing your finger. After a moment, a menu will come up with the destination URL at the top as shown in this example. Tap anywhere on the screen outside of the menu box to close the menu.

If the destination URL looks dodgy, don’t click the link. Instead, visit our main website iinet.net.au and log in to Toolbox from there to check your account.

Reporting scams

To recap; once you suspect an email is a scam:

• Don’t engage: Don’t reply, click any links or open any attachments.
• Report, then delete: Report the email to SCAMWATCH, or check the company’s official website for information about reporting a scam to them.
• Reach out: You should always contact a company if you think your account with them has been compromised. They’ll be able to check their records for any sign of suspicious activity and help you re-secure your account.

If you believe your iiNet account has been compromised, please call us on 13 22 58. Likewise, if you suspect that your credit card details are at risk, contact your bank immediately.

To keep up-to-date with all the latest in scams and dodgy dealers, be sure to bookmark the ACCC’s SCAMWATCH website.

Search