Tips for spotting a scam email

Protecting you from being fooled by cyber scams

This article has been reprinted. It was originally published in the June 2019 edition of Edvest.

We’re all conscious of the need for cyber security these days and most of us would even say we’re adept at spotting a dodgy email. Why then, do so many of us fall victim to cyber scams?

A man sits at his kitchen table using his phone and laptop to bank securely.

According to the federal government, nearly 40% of scams occur through email, over the internet or via social media.

The main reason it’s so hard to spot a scam is that the fraudsters are getting so good at tripping us up. 

Scam emails used to arrive from strange-sounding company names, with weird logos and questionable spelling and grammar. But today’s criminals use spell-checkers and do-it-yourself graphics tools that can create authentic logos and letterheads. Everything about the email will be crafted so perfectly that it could fool pretty much anyone.

If you know what you are looking for, it is possible to spot spam and phishing emails. Here are a few tips for identifying such emails and protecting yourself from cyber criminals.

Sender’s email address

It sounds obvious, but it’s easy to overlook small details. 

Be aware that businesses registered in Australia are the only ones that can use ‘.au’ on the end of their email addresses. It may be preceded by ‘org’ or ‘com’ or ‘gov’, for example. If there’s no ‘.au’ but the email purports to come from an Australian company, search for the company online to confirm it’s legitimate.

Sender’s signature

Check the bottom of the email for the sender’s name. Suspect emails will often have a generic company or department name rather than a specific team member. 

What are the sender’s contact details? Do they look legit? If there’s a contact phone number, search for it online. It may be listed on a scam-warning site. 


You can spot a phishing email because it will often not address you by name. It may start with something like 'Dear Customer' because it has been sent to a large group of people.

Spear-phishing emails are more intelligent because they target you by name. They can still be easy to identify, though. Do they say, ‘Dear Mr Peter Jones’ or ‘Dear Mr Peter’?

Does the way you are addressed seem odd? 


Subject lines on suspect emails try to tempt you into opening the email. Watch out for special offers, prizes or discounts. 


If the email message contains a link, never click on it. Instead, try hovering your mouse over it to show where the link leads.

Additionally, always be suspicious if:

  • an email tells you to act urgently to avoid missing out.
  • you’re asked to lower your security settings to allow you to access something.
  • there is a document attached.

In general, if you are unfamiliar with the company who sent the email, always contact them directly to make sure the email is official correspondence before responding.

Cyber security is not just about avoiding financial losses. It is also about protecting your private information, your data and personal documents. In addition, scammers can gain access to your contacts database and target your friends and family by impersonating you!

If you do happen to fall victim to an email scam, act fast! 

Here are a few suggestions for what you should do:

  • Run a virus scan on your computer.
  • Contact your bank.
  • Warn friends and family.
  • File a police report.
  • Report the scam to a reporting agency. The Government’s Money Smart website has a list of relevant agencies and their contact details.

Unfortunately, cybercrime is here to stay and cyber crooks are becoming more sophisticated all the time. Remember that they have access to the same technology as you, so you have to keep a step ahead. 

Always keep your anti-virus software up to date and remember to remain vigilant, be suspicious and stay safe!