How to Recognise Email Scams

Email and internet scams are becoming incredibly sophisticated to fool people in to believing their requests are authentic. From expertly replicating banking emails and login screens, to impersonating people and organisations like Booking.com that might request payments from you. 

Being able to recognise email and internet scams is crucial for protecting yourself and your information online.

Here are some key tips to help you keep safe:

Check the sender's email address

Verify the sender's email address carefully. Scammers often use email addresses that mimic legitimate organisations but may have slight variations or misspellings. This is the first thing you should check and often these easiest way to identify it as a scam email.

Look for generic greetings

Be cautious of emails that use generic greetings like "Dear User" or "Hello Sir/Madam." Legitimate organisations usually personalise their communications with your name.

Beware of urgent requests 

Scammers often create a sense of urgency to pressure you into taking immediate action. Be extremely skeptical of emails that demand urgent responses or threaten consequences if you don't comply.

Verify links before clicking

Hover your mouse over links in emails to see the actual URL. Be cautious of shortened URLs or links that redirect you to suspicious websites. Verify the legitimacy of links by visiting the organisation's official website independently.

Watch out for poor grammar and spelling

Many scam emails contain spelling mistakes, grammatical errors, or awkward phrasing. Legitimate organisations typically have professional communications.

Don't share sensitive information

Emails requesting sensitive information like passwords, credit card numbers, or bank account details are a key indicator of a scam. Legitimate organisations never ask for such information via email, they will also not send emails with links to login to your account. As a rule always login to your online accounts by visiting the main website for the organisation.

Verify unexpected attachments

Don't open email attachments from unknown senders or unexpected sources. They could contain malware or viruses that compromise your device's security.

Research the organisation

If you're unsure about the legitimacy of an email, research the organisation or sender online. Check their official website, contact information, and reviews to confirm their authenticity.

Stay updated on common scams

Keep yourself informed about common email and internet scams by following reputable sources for cybersecurity news and updates. In New Zealand, Netsafe is a great source to see some of the latest scams.

Trust your instincts 

If an email seems too good to be true or raises suspicion, trust your instincts and proceed with caution. When in doubt, contact the organisation directly through official channels to verify the authenticity of the email.

Common scams to keep an eye out for

We recommend you check the Netsafe website for any current scams circulating if you are unsure about an email or message your have received, however here are a selection of some we have come across recently:

• Booking.com scam: Scammers impersonate accommodation properties on Booking.com and email users asking for payment details. See more here

• Website Host or Domain name scam emails: Emails impersonating a website or domain name host advising your domain or hosting is expiring and you need to urgently renew it to prevent your website from going down. There's a few things you can do with these: Firstly check the senders' email address to confirm it's a legitimate address from your usual provider. Secondly confirm they are indeed your website or domain name host (it may be a completely different company). Finally, rather than responding to the email or clicking on any links, login to your usual website/domain host account to check if your service is expiring - and only do payments using your normal method in your login account. These steps are recommended for any email that you suspect may not be legitimate.

• Emails impersonating a popular organisation that say you have won a prize, but ask for you to pay for the delivery costs. 

• Emails or text messages saying you have a delivery waiting to clear customs and you need to pay for the GST to release the package. For these always refer back to the original tracking information provided to you for online orders you know you have made at the time, rather than reacting to messages asking for payment.

• Facebook scam messages: You may receive messages in the Facebook messenger app that impersonates Facebook and sent from a unnamed "Facebook User". One example is, a message warning you that your Facebook account may be deactivated and to follow a verification process where they can then obtain your personal Facebook login details. Note: Facebook will always send you emails directly for this kind of issue rather than sending via messenger from a "user".

• Facebook spam comments with links: these can be difficult to prevent, but it can help by not having text in your posts that might attract spammers like "free giveaway", "enter to win" and instead have this text on images you create for the post. Make sure you monitor post comments to delete spam/scam links immediately. You can also be clear with your followers how you will communicate with winners and advise them not to click on comment links that aren't from you.