How to identify an email phishing scam
Sharing your details by email can lead to credit card fraud. Learn to spot and avoid phishing scams.
We’re committed to our readers and editorial independence. We don’t compare all products in the market and may receive compensation when we refer you to our partners, but this does not influence our opinions or reviews. Learn more about Finder.
A criminal doesn't even need your physical card to commit fraud. All they require are your personal details or card information, and one way they can get these is through a process known as "phishing".
A phishing scam aims to trick people into giving away their personal information so it can be used for fraud. Phishing messages look like they're from legitimate sources and can come through emails, phone calls, text messages or even social media channels. This guide focuses on how to spot email phishing scams, but it can help you avoid other phishing scams as well.
How serious is this type of fraud in Australia?
Most Australian credit card fraud doesn't even involve the scammer getting a hold of the victim's physical card. Data published by the Australian Payments Network in December 2019 shows that this kind of fraud cost Australians around $450 million in the 2018/2019 financial year.
Phishing is one form that this kind of fraud can take. If you want to see a list of current scams that include phishing, you can also check the government's active database on the Scamwatch website.
How to spot an email phishing scam
While phishing scams can vary widely in approach, email scammers will generally pose as a friend, a bank or another trusted organisation in order to trick or scare you into responding or providing details.
Fortunately, the vast majority of scams share a few telltale signs that mark them as being fraudulent. Here are some common signs:
- Unofficial email address. Always check the address the message has been sent from. See if it matches legitimate correspondence that you've had before, or if it has been sent from a generic server like @gmail or @hotmail. Emails from official institutions are usually sent from that institution's own server. For example, a message from the government should come from a ".gov.au" address.
- Suspicious links or attachments. Never follow links to a third-party website from an email. If you think a link may be legitimate, hover over it and check whether it's secure (flagged by "https://" at the start of the link address). Don't download or open attachments unless you're absolutely certain of what they are. If you're not, double-check them with the supposed sender or simply ignore/delete them.
- Urgent demands for payment or information. Scammers will often create a sense of urgency to trick you into doing things you wouldn't normally do. If the email contains threats, demands immediate action or asks for your personal information, don't trust it.
- Poor spelling and grammar. Less sophisticated scams are more likely to be full of typos and grammatical errors than proofread correspondence from your bank. Don't rely on this method alone, though – good grammar doesn't necessarily make it trustworthy either.
Email spam filters often pick up potential phishing scams, but it's important to stay aware. If you suspect an email of being a scam, delete the message and don't click on any links. If you suspect you've been the target of a scam, follow the advice below.
A real example: The Latitude Finance scam
To help give you some idea of what a sophisticated email phishing scam might be like, here's one that was directed at customers holding a Latitude Financial Services Mastercard in January 2020.
Essentially, an official-looking email was sent to holders of a Latitude Mastercard, asking them to update their security details immediately. Following the link took recipients to another official-looking page, where they were prompted to enter their card details. Both the page and the email had proper branding and formatting and language consistent with what you might expect from a financial institution.
Here's a breakdown of what made this scam believable and what gave it away.
|Looked legitimate...||Probably a scam...|
|The email address ended in "@latitudefinancial.com.au". This was done using a hacked mail server.||The use of urgent language such as "action required" was designed to rush recipients into making a decision.|
|Official branding, headers and footers that were consistent with real emails were used.||The lack of personal address in the email and the fact that it did not address the recipient by name.|
|Clicking the link directed users to a convincing replica of Latitude's own page, complete with logos and proper branding.||The fake website it redirected to didn't start with "https://", which would indicate that it's a secure destination.|
|Spelling, grammar and phrasing were correct and the email was well-formatted.||There were still some spacing errors in the email itself.|
|Came through to peoples inboxes (instead of being filtered to their junk mail or spam folders).||The email was related to security. Security and protection "upgrades" or "updates" are some of the most common ways to pressure people into providing information.|
As you can see, there's no guaranteed method of spotting a sophisticated scam. Keeping your guard up can help, but you should always treat any request for personal information in an email with extreme caution, no matter how legitimate the source seems to be.
What should I do if I've been scammed?
- Notify your bank. If you think a scammer has gained access to your credit card or bank details, let your bank know immediately. They can freeze your account and potentially reverse unauthorised transactions. The faster you report it, the better.
- Contact the proper authorities. According to the government's MoneyWatch banking and credit scams page, here's who you should notify for different financial scams:
Banking/credit card scams Your bank or financial institution Fraud and theft The police – call 131 444 Tax-related scams The Australian Taxation Office website or phone 1800 008 540
- Report the scam and help others. No matter the scam, the government also recommends that you report it to Scamwatch so that other people know what to look out for.
Tips to avoid being scammed
Never respond immediately or agree to anything if an email or phone call seems suspicious. Contact the organisation that the person claims to be from, especially if it's a reputable company or group that you've heard of. Ask if they have any knowledge of the communication and go from there.
Some companies and websites only exist for fraudulent activity. Never use a link or contact number given to you in a suspicious communication, as this could be part of the scam.
You can learn more about protecting yourself from fraud and scams with this Finder guide.
More guides on Finder
When a scammer calls: 9 million Aussies targeted by COVID-19 fraudsters
Finder research shows that scammers are capitalising on public fears around the pandemic.
Coronavirus: Common scams to watch out for
Details on the most common scams to avoid during the coronavirus health crisis, plus tips for keeping your information safe online.
Here’s everything you need to know on how to avoid counterfeit masks
These are the red flags when it comes to buying face masks online.
Investment scams spiked during COVID-19 – here’s how to protect yourself
Investment scams rose by 20% between March and May this year, with fake celebrity endorsements increasingly popular.
Bushfires in Australia: How you can donate and help
Here are some ways to help those affected by the Australian bushfires by donating to key organisations.
Dodge Black Friday scammers during your 2019 sale shopping spree
Online scams are on the rise – here's what you need to know to stay safe this Black Friday.
How to sell on Facebook Marketplace
If you want to make money selling on Facebook Marketplace, find out how in this detailed guide.
Finder to the Node: SkyMuster Plus launches as scams intensify
NBN Co has upgraded satellite NBN services, giving regional Australians access to the new Sky Muster Plus plans as NBN-related scams rise.
Finder to the Node: NBN Scams on the rise as high speed plans tumble
Australians are losing $110,000 per month to NBN scammers, while true high speed plans get cut in our round-up of all the week's NBN news.
Bithumb: Alternative exchanges and sites to consider
If you’re looking for cryptocurrency exchanges like Bithumb, here’s our guide to five of the best sites you should consider.
Ask an Expert
Credit Cards Comparison
* The credit card offers compared on this page are chosen from a range of credit cards finder.com.au has access to track details from and is not representative of all the products available in the market. Products are displayed in no particular order or ranking. The use of terms 'Best' and 'Top' are not product ratings and are subject to our disclaimer. You should consider seeking independent financial advice and consider your own personal financial circumstances when comparing cards.