The number ONE first thing to do with every email BEFORE you open it is to look at the Senders email address. Do not just check the person or institution that the email appears to come from.

 

The first warning sign is that a message is sent from a public email domain

 

No legitimate organisation will send emails from an address that ends '@gmail.com'.

No legitimate person will send an email from an address which looks like ‘@au1765#$21Urgent2021”

 

Most organisations, except some small operations, will have their own email domain and company accounts. For example, legitimate emails from Google will read '@google.com'.

​

If the domain name (the bit after the @ symbol) matches the apparent sender of the email, the message is probably legitimate. However checking the email domain name alone is not enough. Be very careful to thoroughly check the spelling of the domain name as crooks use examples like @comrnonwealth…, which contains an intentional spelling mistake. The best way to check an organisation's domain name is to type the company's name into a search engine.

 

When crooks create their bogus email addresses, they often have the choice to select the display name, which doesn't have to relate to the email address at all. They can, therefore, use a bogus email address that will turn up in your inbox with the display name Google or Commonwealth Bank or some other legitimate name.

 

Remember, it takes only one mistake to miss a malicious email which can completely lock up your computer and ransom is then demanded.

 

The email has poor grammar or poor spelling

 

You can often tell if an email is a scam if it contains poor spelling and grammar. Many people will tell you that such errors are part of a filtering system' in which cyber criminals target only the most gullible people.

 

The theory is that, if someone ignores clues about the way the message is written, they're less likely to pick up clues during the scammer's endgame. In other words scammers look to the lower educated for mistakes. Spelling can often be perfect in an malicious email because the use of spell checkers can almost eliminate those errors.

 

However emails with poor grammar is my number two main indicator of a scam. If it reads in a way that would be a normal constructed sentence as we would use here in Australia then again its very possible that the email is malicious.

 

It includes any attachments or links

​

Malicious emails come in many forms. The email message itself is not dangerous it is the attachment that contains the  danger. Even if the emails address and the domain name appear to be legitimate it is still possible that an infected attachment is able to do immense harm to you.

 

Beware of emails:

 

• That come:

  • Unannounced

  • Unexpectedly (such as an invoice that you have overlooked)

  • A message from a service provider offering new services

  • Changes to the way you do business

• That have offers of reward or information you would like to know:

  • That your delivery is expected to arrive any day

  • That you have won a prize

  • That your account is in danger of being closed

  • That the Tax Office is looking at you because of unpaid tax

• That comes from a person saying there is a contract attached.

• Emails purportedly come from an interstate company about a service for an interstate purpose. For example, as conveyancers, we get emails saying that our client has bought a property at an address in Queensland.

 

Unless you have had a phone call or a message that an email is coming with such things NEVER click on the attachment. Crooks are getting better and better at imitating legitimate persons and institutions and companies. If any doubt exists you have to independently contact the sender by means other than a phone number which is in the email. The phone number in the email may have you speaking to the actual crook is is trying to set you up.

 

The message says you need to urgently do something

 

The crook knows the longer we think about something, the more likely you are to notice things that don't seem right. Maybe you realise that the organisation doesn't contact you by that email address, or you speak to a colleague and learn that they didn't send you a document. That's why so many scams request that you act now or else it will be too late. They use scare tactics. Don’t be fooled.

 

It is true that anything really important will not be sent by email without prior contact. Most reputable companies, banks or institutions or the like know that for safety reasons emails are not the way to go for the initial contact.

 

A general rule to follow is that if you have contacted someone and asked for contact, and the email address is a legitimate domain name, then it's probably OK to open the email. I do not open emails from people or institutions that I have not previously contacted or spoken with.