It's easy to think you can spot a scam email, with all the talk about spelling mistakes, "too good to be true" offers, and strange web addresses. But scammers have come a very long way.
"It's rare to see poor spelling and grammar now, because these scammers are using original logos and content and only using a small part to take you to their own URL," said Craig McDonald, head of cybersecurity firm Mailguard.
More National News Videos
Relationship scam warning
If something doesn't seem quite right, stop and ask yourself: Do I really know who I am dealing with? Vision: ACCC
"They know what people are looking out for. They're doing what marketers are doing with A/B testing, sending two versions and seeing which one performs better."
Mary Julian, a retiree from Glebe, recently received an email from the "Department of Human Services" about a subsidy benefit and an another from "AGL" regarding an $834 electricity bill. They both appeared genuine.
"But I thought I'd check, and I pasted the subject line 'Your 2016 subsidy benefit' into the search engine, and there were all these scam warnings and I got the shock of my life," she said.
"With the AGL email, I was with EnergyAustralia and presumed they had merged, so I rang to double check and that's when I found I had nearly been conned."
At least $37.5 million was swindled by fraudsters using online scam methods in 2015 - and that's just based on 41,000 reports that year to the Australian Competition and Consumer Commission.
With this in mind, take Fairfax Media's test and see if you can spot the scam. Answers are at the bottom.
AGL
Real or fake? Email from energy provider AGL. Photo: Supplied
This scam uses a fake AGL energy bill that infects computers with "ransomware" and holds them hostage. Tens of thousands are believed to have fallen victim last year.
The energy company issued a warning last June, saying it would never send an email asking for personal banking or financial details.
"Instead of downloading an invoice you are downloading a virus that logs everything you type on your computer keyboard and encrypts files," says Raymond Schippers from Check Point.
Ticketek
Real or fake? Confirmation email from Ticketek. Photo: Supplied
Last year, many Australians received a fake confirmation email from "Ticketek" with a link to print tickets. Those who took the bait instead downloaded malware.
"A common subject line is 'Thank you for buying coupon on Ticketek'," says the Australian Communications and Media Authority.
"The emails are linking to fake websites which contain the word 'ticketek' to make the website appear legitimate."
Australian Tax Office
Real of fake? Email from the Australian Tax Office. Photo: Supplied
During peak periods, the ATO receives more than 750 scam reports a day. While phone scams have declined, fraudulent emails are on the rise.
This one with the subject line "Your next activity statement" may affect small to medium businesses who regularly lodge BAS forms with the ATO.
"Some scam emails can look very convincing. Some even have privacy warnings and other text to make them look more real," says ATO's assistant commissioner Graham Whyte.
Commonwealth Bank
Real or fake? Commonwealth Bank's internet banking sign in webpage. Photo: Supplied
There are many different types of CBA-branded scams. Remember, the bank never sends emails requesting customers to confirm, update or disclose confidential banking information.
On Friday, May 13, last year there was a "fast-breaking", "large-scale" email scam that used the subject line: "You've a new statement". A link transported users to a fake Netbank login portal.
"The spammers were able to gain control of a government level domain name and add their own records, which is called 'domain shadowing'," says Mailguard.
Australia Post
Real or fake? Email from Australia Post. Photo: Supplied
In the era of online shopping, it may not seem strange to receive a delivery email from Australia Post. But there are plenty of hoax emails going around.
"Do not click or paste the link in your browser and delete the email immediately. If you are expecting a parcel and are unsure of an email you may have received, please go to the Australia Post [website] or our app to track your delivery," it says.
This email scam uses various popular company names to look pass off as real, including ASOS, David Jones, JB Hi Fi and Terry White.
Netflix
Real or fake? Netflix's log in webpage. Photo: Supplied
Earlier this year, Australian Netflix users were urged to delete a "Membership on hold" email that led to a website that could dynamically change.
Once the user signed in and filled in the empty boxes, the website would identify your financial institution based on the credit card number, and then accordingly ask for additional authentication by, for example, using "MasterCard SecureCode" or "Verify with Visa" boxes.
"If a particular bank asks for additional security information, it will determine that based on your credit card details and the form will change. It's a very clever website," says Bruce Matthews, a cybersecurity expert at the ACMA.
PayPal
Real or fake? Email from Paypal. Photo: Supplied
A simple (but not foolproof) way to check whether a PayPal email is real is to remember the company always addresses you by your full name.
Fake emails tend to use "Dear Paypal member". Also, try to hover your mouse over a link to see the destination web address.
"If unsure, forward the suspicious email to phishing@paypal.com.au and we'll let you know if it's really coming from us or not," PayPal says.
Federal Circuit Court of Australia
Real or fake? An email from the Federal Circuit Court of Australia. Photo: Supplied
A bogus "You've been subpoenaed" email hit inboxes across Australia last year, scaring a lot of people.
It purported to subpoena the recipient to attend court at a specific time and asked them to click on a link to both the court address and case-related information.
"Neither the Federal Court nor the Federal Circuit Court issue subpoenas in such an informal way," a spokesman says.
Answers
- AGL - Right a fake
- Ticketek - Right a fake
- Australian Tax Office - Fake
- Commonwealth Bank - Left a fake
- Australia Post - Both are fake
- Netflix - Left a fake
- PayPal - Top a fake
- Federal Circuit Court - Fake
Top 10 tips to protect yourself
- Watch out - scammers target you anytime, anywhere, anyhow
- Don't respond - ignore suspicious emails, letters, house visits, phones calls or SMS messages
- Don't immediately agree to an offer - do your research and seek independent advice
- Ask yourself who you're really dealing with - scammers tend to pose as those you trust
- Don't let scammers push your buttons - scammers will play on your emotions
- Keep your computer secure - update your firewall, anti-virus and anti-spyware software
- Use a secure payment service - look for a URL starting with 'https' and a closed padlock symbol
- Never send money to someone you don't know and trust - it's rare to recover money
- Protect your identity - your personal details are private and invaluable
- Spread the word - if you've spotted a scam, report it to www.scamwatch.gov.au
(source: ACCC's The Little Black Book of Scams)