Get the Finder app 🥳

Track your credit score


How to identify an email phishing scam

Sharing your details by email can lead to credit card fraud. Learn to spot and avoid phishing scams.


Fact checked

We’re committed to our readers and editorial independence. We don’t compare all products in the market and may receive compensation when we refer you to our partners, but this does not influence our opinions or reviews. Learn more about Finder.

A criminal doesn't even need your physical card to commit fraud. All they require are your personal details or card information, and one way they can get these is through a process known as "phishing".

A phishing scam aims to trick people into giving away their personal information so it can be used for fraud. Phishing messages look like they're from legitimate sources and can come through emails, phone calls, text messages or even social media channels. This guide focuses on how to spot email phishing scams, but it can help you avoid other phishing scams as well.

How serious is this type of fraud in Australia?

Most Australian credit card fraud doesn't even involve the scammer getting a hold of the victim's physical card. Data published by the Australian Payments Network in December 2019 shows that this kind of fraud cost Australians around $450 million in the 2018/2019 financial year.

Phishing is one form that this kind of fraud can take. If you want to see a list of current scams that include phishing, you can also check the government's active database on the Scamwatch website.

How to spot an email phishing scam

While phishing scams can vary widely in approach, email scammers will generally pose as a friend, a bank or another trusted organisation in order to trick or scare you into responding or providing details.

Fortunately, the vast majority of scams share a few telltale signs that mark them as being fraudulent. Here are some common signs:

  • Unofficial email address. Always check the address the message has been sent from. See if it matches legitimate correspondence that you've had before, or if it has been sent from a generic server like @gmail or @hotmail. Emails from official institutions are usually sent from that institution's own server. For example, a message from the government should come from a "" address.
  • Suspicious links or attachments. Never follow links to a third-party website from an email. If you think a link may be legitimate, hover over it and check whether it's secure (flagged by "https://" at the start of the link address). Don't download or open attachments unless you're absolutely certain of what they are. If you're not, double-check them with the supposed sender or simply ignore/delete them.
  • Urgent demands for payment or information. Scammers will often create a sense of urgency to trick you into doing things you wouldn't normally do. If the email contains threats, demands immediate action or asks for your personal information, don't trust it.
  • Poor spelling and grammar. Less sophisticated scams are more likely to be full of typos and grammatical errors than proofread correspondence from your bank. Don't rely on this method alone, though – good grammar doesn't necessarily make it trustworthy either.

Email spam filters often pick up potential phishing scams, but it's important to stay aware. If you suspect an email of being a scam, delete the message and don't click on any links. If you suspect you've been the target of a scam, follow the advice below.

A real example: The Latitude Finance scam

To help give you some idea of what a sophisticated email phishing scam might be like, here's one that was directed at customers holding a Latitude Financial Services Mastercard in January 2020.

Essentially, an official-looking email was sent to holders of a Latitude Mastercard, asking them to update their security details immediately. Following the link took recipients to another official-looking page, where they were prompted to enter their card details. Both the page and the email had proper branding and formatting and language consistent with what you might expect from a financial institution.

Here's a breakdown of what made this scam believable and what gave it away.

Looked legitimate...Probably a scam...
The email address ended in "". This was done using a hacked mail server.The use of urgent language such as "action required" was designed to rush recipients into making a decision.
Official branding, headers and footers that were consistent with real emails were used.The lack of personal address in the email and the fact that it did not address the recipient by name.
Clicking the link directed users to a convincing replica of Latitude's own page, complete with logos and proper branding.The fake website it redirected to didn't start with "https://", which would indicate that it's a secure destination.
Spelling, grammar and phrasing were correct and the email was well-formatted.There were still some spacing errors in the email itself.
Came through to peoples inboxes (instead of being filtered to their junk mail or spam folders).The email was related to security. Security and protection "upgrades" or "updates" are some of the most common ways to pressure people into providing information.

As you can see, there's no guaranteed method of spotting a sophisticated scam. Keeping your guard up can help, but you should always treat any request for personal information in an email with extreme caution, no matter how legitimate the source seems to be.

What should I do if I've been scammed?

  • Notify your bank. If you think a scammer has gained access to your credit card or bank details, let your bank know immediately. They can freeze your account and potentially reverse unauthorised transactions. The faster you report it, the better.
  • Contact the proper authorities. According to the government's MoneyWatch banking and credit scams page, here's who you should notify for different financial scams:
    Banking/credit card scamsYour bank or financial institution
    Fraud and theftThe police – call 131 444
    Tax-related scamsThe Australian Taxation Office website or phone 1800 008 540
  • Report the scam and help others. No matter the scam, the government also recommends that you report it to Scamwatch so that other people know what to look out for.

Tips to avoid being scammed

Never respond immediately or agree to anything if an email or phone call seems suspicious. Contact the organisation that the person claims to be from, especially if it's a reputable company or group that you've heard of. Ask if they have any knowledge of the communication and go from there.

Some companies and websites only exist for fraudulent activity. Never use a link or contact number given to you in a suspicious communication, as this could be part of the scam.

You can learn more about protecting yourself from fraud and scams with this Finder guide.

More guides on Finder

Ask an Expert

You are about to post a question on

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.

Credit Cards Comparison

Data indicated here is updated regularly
Name Product Purchase rate Balance transfer rate Annual fee
Citi Rewards Card - Exclusive Offer
21.49% p.a.
0% p.a. for 30 months
$49 annual fee for the first year ($149 p.a. thereafter)
Finder Exclusive
Save on interest with 0% p.a. on balance transfers for 30 months with no balance transfer fee. Plus, a $49 first-year annual fee and Citi Rewards.
Coles No Annual Fee Mastercard
19.99% p.a.
0% p.a. for 18 months with 1.5% balance transfer fee
Earn Flybuys points for your spending and save with an ongoing $0 annual fee and 0% p.a. on balance transfers for 18 months.
Qantas American Express Premium Card
20.74% p.a.
Enjoy 100,000 bonus Qantas Points, 50 bonus Status Credits and 2 complimentary Qantas Club lounge invitations per year. Ends 4 November 2020.
Citi Rewards Card - $500 Voucher Offer
21.49% p.a.
0% p.a. for 12 months
$99 annual fee for the first year ($199 p.a. thereafter)
Get a $500 e-voucher to spend at Myer, JB Hi-Fi or Coles when you spend $3,000 in the first 90 days. Plus, earn points with the Citi Rewards Program.

Compare up to 4 providers

* The credit card offers compared on this page are chosen from a range of credit cards has access to track details from and is not representative of all the products available in the market. Products are displayed in no particular order or ranking. The use of terms 'Best' and 'Top' are not product ratings and are subject to our disclaimer. You should consider seeking independent financial advice and consider your own personal financial circumstances when comparing cards.

Go to site