How to Spot a Scam: Identifying Suspicious Emails and Text Messages

Common Types of Scams (Expanded)

1. Phishing

Phishing is one of the most common types of scams, where cybercriminals attempt to impersonate a legitimate organisation to steal your personal data.

How it works:
You might receive an email that appears to come from a bank (e.g. Commonwealth Bank, NAB), a government service like myGov or the Australian Taxation Office (ATO), or popular businesses such as Telstra or Amazon. The message may include official logos and a professional format but usually contains a request to verify your account details or reset your password via a link.

Common examples:

• “Unusual activity detected on your account, please verify now.”

• “You are due a tax refund – log in to claim.”

• “Your account will be suspended unless you confirm your details.”

How to spot it:

• The sender’s email address looks suspicious or doesn’t match the organisation’s official domain.

• Grammar or spelling mistakes.

• Links point to a domain that’s misspelled or unrelated to the organisation.

• The email creates urgency or pressure to act immediately.

2. Smishing (SMS Phishing)

Smishing is phishing via text message and has become a growing concern in Australia. Because SMS messages often feel more personal and less formal, people tend to trust them more than emails.

Common smishing scams include:

• Fake Australia Post delivery alerts asking you to click a link to rearrange delivery.

• Toll road companies (like Linkt) sending messages claiming unpaid tolls with a payment link.

• Texts supposedly from banks or telcos prompting you to update your details.

Why it’s dangerous:

• SMS messages can be spoofed to appear from legitimate numbers.

• Many include shortened URLs (e.g. bit.ly links), hiding the real destination.

• They often direct you to convincing fake login pages designed to steal your credentials.

3. Tech Support Scams

Tech support scams trick people into believing their device is infected or has a technical issue that needs urgent fixing.

How it typically plays out:

• A pop-up appears on your computer or a message arrives by email or phone, warning that your device is infected or compromised.

• You are prompted to call a support number (usually not legitimate) or click a link.

• If you engage, scammers may ask you to install remote access software (such as AnyDesk or TeamViewer).

• They then attempt to access your computer, show fake “errors,” and request payment for unnecessary services or software.

Australian context:
Telstra impersonation is common. Scammers may call claiming to be from Telstra’s technical support, warning of illegal activity on your network.

Red flags:

• You didn’t initiate the contact or request support.

• There is pressure to act urgently.

• You are asked to provide remote access or pay immediately.

4. Banking and Investment Scams

Scammers frequently impersonate financial institutions or investment advisors to steal money or personal information.

Common tactics:

• Fake bank alerts asking you to confirm unusual transactions or log in.

• Unsolicited calls or emails offering high-return investments or cryptocurrency opportunities.

• Clone websites mimicking real banks or trading platforms to steal login credentials.

Australian-specific details:

• ASIC (Australian Securities and Investments Commission) warns about clone companies that copy legitimate Australian firms to trick investors.

• Scamwatch reports numerous cases where victims lose money to fake trading platforms or bogus investment schemes.

Protect yourself:

• Never click on login links from emails or texts.

• Verify suspicious messages by contacting your bank using official numbers or websites.

• Be highly sceptical of unsolicited financial offers.

5. Invoice or Payment Scams

These scams target individuals and businesses, posing as legitimate suppliers or service providers to trick victims into paying fake invoices.

How it works:

• You receive an invoice that appears to be from a supplier but with altered bank account details.

• Alternatively, unsolicited invoices for services you did not request may be sent, such as domain renewals or software subscriptions.

Australia-specific examples:

• Small businesses receiving fake Telstra or energy provider invoices with fraudulent payment instructions.

• Individuals getting fake bills for internet or phone services.

Tips:

• Always verify invoice details by calling the supplier on a known phone number.

• Confirm payment details before sending money.

• Use electronic payment methods that provide fraud protection where possible.

6. Romance Scams

Romance scams exploit emotional trust to extract money or personal information from victims, often through online dating or social media.

Typical pattern:

• The scammer establishes contact on a dating site, social media platform, or messaging app.

• Over weeks or months, they build trust by sharing personal stories or fake photos.

• Eventually, they fabricate a crisis — such as a medical emergency or travel issue — and request financial assistance.

Australian case notes:

• Many victims lose significant amounts, sometimes hundreds of thousands of dollars.

• Scammers typically avoid real-life meetings or video calls, claiming privacy or technical difficulties.

Advice:

• Never send money to someone you haven’t met in person.

• Be cautious if your online partner avoids voice or video communication.

• Talk to friends or family about suspicious requests.

How to Spot a Scam Message

Regardless of the scam type, some warning signs apply universally:

• Poor spelling or grammar, especially in “official” messages.

• Sender email addresses or phone numbers that don’t match official organisations.

• Unexpected attachments or links, especially with file extensions like .zip or .exe.

• Urgent requests for sensitive information, like passwords or bank details.

• Threatening language, e.g., “Your account will be deleted if you don’t respond.”

• Offers that seem too good to be true, such as winning a lottery you never entered.

What to Do If You Receive a Scam Message

• Do not click links or download attachments.

• Do not reply — even replying “STOP” can confirm your number is active.

• Block the sender and report the message to your email or mobile provider.

• Report the scam to Scamwatch, Australia’s official anti-scam service.

• Delete the message once reported.

• If you clicked a suspicious link, immediately change passwords on affected accounts and run a malware scan on your device.

Useful Australian Resources for Scam Prevention and Reporting

• Scamwatch (ACCC) – Reporting scams, tips, and news.

• Stay Smart Online (Australian Cyber Security Centre) – Cyber security advice and alerts.

• Australian Taxation Office (ATO) Scams – Information on tax-related scams.

• Telstra Scam Alerts – Tips on recognising telco scams.

• Office of Fair Trading (State-specific) – Check your state government’s fair-trading office for scam advice and consumer protection.

• IDCARE – Australia’s support service for identity compromise

Final Thoughts

Scams are everywhere, but with awareness and vigilance, they can be avoided. If a message feels suspicious, don’t click links or provide personal details. Always verify independently using official contact channels.

Your safety online is paramount. By staying informed and cautious, you can protect yourself and your family from falling victim to scams.

Stay alert. Stay secure.