7 ways to spot an email scam

Scam emails are not only landing in our inboxes more frequently, but they are also becoming harder to recognise. 

Scammers are getting smarter and more sophisticated. Some will replicate the branding, design and language of well-known companies like Netflix, Telstra, PayPal, Apple, the Australian Taxation Office and Australia Post to try and trick you into revealing personal details, passwords, bank account numbers and credit card information.

So how can you tell the real emails from the fakes? Here are our top 7 tips for spotting a scam email.

1. Check the "from" address

While the sender’s name may seem legit, a scam email will usually have a pretty strange email address that it is being sent from. Click on the sender’s name or hover your cursor over it and the email address that the email is really coming from should appear.

2. Is the email subject trying to scare you?

Scam emails will try to hook you into opening them by using headings to worry you – “We found an issue with your account”, “Your user ID was used to sign in via a web browser” “Your account has been suspended” or advising you about a purchase you know you haven’t made.

If you are concerned about your account security, contact the company via the email or phone number you normally use for them, or visit the company’s website or secure app and access your account as you would normally, instead of following links within the email.

3. Is the greeting impersonal?

It’s easy to personalise an email and if you’re a valued customer or client, most companies will use your first name in the greeting. Does the greeting the same it appears in usual emails from this company? Or is it something more generic and impersonal like “Dear Client”, “Dear Customer”, “Dear Account Holder” or even just your email address. 

4. Is the language clunky or use poor grammar?

Most companies hire marketing and/or communication professionals to write and produce their emails, so their emails have a fairly consistent tone of voice and language. An odd typo or two is forgivable, but if the grammar, spelling and punctuation is repeatedly poor, or the language consistently clunky, with missed words, or not consistent with what you expect from the company, then it’s more likely to be a scam.

5 Are linked websites legit?

5. Are linked websites genuine?

Email footers usually have some standard info, like links to privacy policies, contact information, addresses, ways to unsubscribe and so on. Can you actually click on the links? Are the websites hyperlinked in the email genuine? If you hover over a genuine link, the web address it leads to will appear in the bottom-left hand corner of your browser. If you accidentally click on the link, look at the web address that appears at the top of the page. Is it the same as the company’s website that you normally use?

6. Does the email ask for personal, bank or log-in details?

Most companies will never ask for personal or bank details via an email or ask you to supply log-in info, passwords, pin numbers or answers to security questions. Nor will they ask you to check your account by clicking on a link in the email. If your online account information has been genuinely, legitimately compromised they will usually ask you to sign into your account on their website or via their secure app and change your security information yourself.

7. Is the company branding accurate?

Scammers are getting smarter. The scam emails they send and the fake websites they create can look almost identical to the real thing. However, if you look closely, there are usually sometimes basic errors in font style or size, spelling (e.g. Australian vs American English), colours or how the email is presented, which can give away that it’s a scam.  Does it look and sound like similar emails you have received from the company?