06 Feb Best practices for dealing with spam / scam emails
We all know about scam emails like “get pills now”, “singles in your area”, etc. but did you know that most spam / scam emails now look exactly like legitimate companies? Scammers can easily steal assets such as company logos or even newsletter templates off the web to pretend to be that company.
One of the latest scam emails going around have been for power companies such as AGL that say you have an invoice due with a pdf attached. DO NOT open the pdf or click any links in the email! The PDF is usually fake, disguised as a pdf but it is something more threatening like a virus or cryptolocker.
Some other companies which have been affected by fake scam emails are Australia Post, Crazy Domains, GoDaddy, Netflix, Xero, Officeworks and more.
How do you identify scam emails?
- Check the ‘from’ email address. If the email address is from a different email to where they should be from then the email is not legitimate. Sometimes they will try to be tricky and have an email like email@example.com – this is probably not real.
- If you don’t have anything to do with that company, eg. a NAB email but you don’t have an account with NAB, it is probably fake.
- Some scam emails just appear as text eg. “Is this you in this photo? Click here” – sometimes these kinds of emails can come from someone you know. This means that they may have a virus on their computer, or their email may have been compromised.
- Emails from legitimate companies will usually address you by your first name and last name, fake emails tend to use generic greeting such as “Dear Paypal member” or “Dear Sir / Madam”.
Here are some examples of scam emails, note the email addresses:
Why do I get scam emails?
Usually you will receive spam or scam emails because your email address has been added to a spam list somewhere. This can happen when you register a domain name without privacy or add your email address directly on your website. If your email address is on your website there are automated robots which search for this information, which is why we always use “Click here to email” for email addresses on our websites. Unfortunately, if you have an email address on the internet it will probably end up being found somewhere, we suggest paying for domain privacy when you purchase a domain name to help with this.
Best practices to deal with scam emails
- Do not click anything in the email, these links can lead to fake websites that ask for login information.
- Check your online account. If you have an account with the company online, go to the website then login and check your invoices there. DO NOT click anything in the email as it might bring up a fake website – this is how they can steal login details.
- Mark the email as junk and block the sender
- Make sure to permanently delete the email
- If in doubt give the company a call from the phone number that you know are real or even go and see them in person.
- Do not use your login details on anywhere but official / legitimate websites.
- Make sure to have different passwords for your accounts and update them regularly.
- Purchase an antivirus software which also scans your emails.
- Check out https://www.scamwatch.gov.au/ for some of the latest news of scams, to report a scam or report if you have fallen victim to a scam.
- If you believe your computer may be infected, turn it off as soon as possible and take it into a computer or IT support company.