Scammers nowadays have access to all sorts of sneaky tactics that enable them to create fake email addresses, clone legitimate phone numbers and even design websites that are virtually identical to the originals.
It would almost be admirable, if it weren't for the fact that they're using their powers to rip people off.
No-one would blame you if you were hoodwinked by one of these slick scams, so it's a good idea to approach every email and message with a healthy dose of caution.
Here are some simple steps you can take to check if an email or message is authentic or the work of some crafty scammers.
CHOICE campaigner Yelena received this very official-looking email, supposedly from Afterpay. The wording, branding and message are all very convincing.
The only reason she realised it was a scam is that she doesn't have an Afterpay account.
The only thing that alerted Yelena to this scam was that she's not an Afterpay customer.
"When I contacted the real Afterpay they confirmed that there is no account under my name," says Yelena.
"The email address that this was sent from was firstname.lastname@example.org which to me looked legitimate."
The mention of "help[ing] prevent unauthorized people from accessing your account" is an especially clever touch, since it seems to convey a concern for privacy. Very clever, but also very sneaky!
Since so many people use Afterpay, a slick-looking email like this could easily catch many of us out – even someone like Yelena, who's very up-to-date on scam tactics. She was just very fortunate that the fact that she doesn't have an Afterpay account helped her realise that it was a scam.
Here are some steps to take to help you identify a scam email or text.
The very first thing you should do before engaging with any email or message is to proceed with caution.
Scam messages can be so convincing that it's hard to tell them apart from the real deal – it's no wonder that people fall victim to them.
To keep yourself safe, it's a good idea to treat every email or message asking for money, personal details or some form of assistance with suspicion. You shouldn't assume that the sender is who they say they are, no matter how convincing they might seem.
It can take just a few minutes to fall foul of a scam, so before you do anything, stop and ask yourself, "could this be dodgy?".
A surefire way to find out if an email or message is dodgy is to go straight to the source: the business or individual the message is supposedly from.
But first, a few tips:
Find business contact details yourself
Never rely on the contact details from the email or text – they could be directing you straight to the scammer's fake site or phone line. Go to the business' official website and use the contact details you find there.
Whatever you do, don't use the link in the message – it could well lead you straight into the scammer's trap.
Whatever you do, don't use the link in the message – it could lead you straight into the scammer's trap
Talk to them on the phone
Talking directly to someone within the business is a good place to start. They'll be able to tell you if they sent it – and if they didn't, they'll want to know that a scammer is impersonating them so they can work to keep their customers safe.
Again, make sure you're calling the real business by searching for the number yourself, instead of assuming the contact details in an email are correct.
Log in to the website or app
If you use a portal or app for the business, it's a good place to verify whether the message is telling you the truth or not.
For instance, if you've been told that there's some unusual activity on your bank account, go and double-check the transactions yourself through the app or the bank's official website.
If you receive a message saying your Netflix account is about to be suspended, log in to Netflix and check what's happening there.
While you're there, read up on the company's approaches to protecting customers from scams. They may say that they'll never send emails containing links or asking for personal information, so if the email you're leery of does these things, you'll know it's a scam.
CHOICE tip: To check an email address or link, hover over it with your mouse. The full email or URL should pop up, either next to the email address or in the bottom corner of the page. If it looks dodgy, label the email as spam and delete it.
The infamous 'Hi mum' scam is designed to catch out doting parents. Image: supplied.
Contact the friend or family member another way
Got a message from a friend or family member from a new number? It could be legit, or it could be scammers trying to fleece you.
You've probably heard of the "Hi mum" scam, where people receive messages supposedly from their children saying they've lost their phone and need money to buy a new one. It's easy to fall for this scam because your natural instinct is to look after your child.
But before you jump to someone's aid, take a few steps to make sure they really are who they say they are.
If you receive a message from someone on a new number, try calling them on the existing number you have for them first
If you receive a message from someone on a new number, try calling them on the existing number you have for them first. If they've actually lost their phone, you obviously won't be able to get through. If they answer, you can find out straight from the source if it's legit or the work of a scammer.
You could also try contacting the person a different way – through their social media accounts, for instance, which they could access through methods other than their (lost) phone. It can be a bit of a long shot, but it's always worth trying.
Alternatively, you can ask the sender to answer a question about you that only someone who knows you can answer – that'll weed out the fakes from the friends quick smart.
An easy giveaway for a scam is a dodgy-looking URL.
Scammers are becoming savvier, creating email addresses, email signatures and websites to trick people. Some are so convincing that most people would struggle to tell the difference between the scam and the real deal.
If you're even the slightest bit suspicious, take a close look and see if you can spot any variations like special characters, full stops or numbers that might indicate it's a scam.
Unfortunately it's quite easy to create a plausible-sounding email address these days – even one ending in the business' URL. But it's always worth checking the sender's address since a dodgy-looking email address is a dead giveaway.
It's always worth checking the sender's address since a dodgy-looking email address is a dead giveaway
Other telltale signs of a scam are spelling errors and strange or unusual phrasing, particularly if it sounds different to the tone of previous messages from that business. A legitimate business is unlikely to send out an email with typos or poor grammar (although it does happen!), so be on the lookout for these.
Before you hand over a single cent or skerrick of personal info to a person or business you haven't dealt with before, look them up online. Do they have a website, LinkedIn profile or plausible-sounding reviews? (Here's how to spot a fake online review.)
Try searching their business name plus "scam" to see what comes up – other people might've fallen foul of them and shared their stories to warn others.
Just bear in mind that some scammers are paying to have their fake websites appear at the top of searches, so don't assume that the first search result is a legitimate one.
If someone is claiming to be a financial adviser or charity representative, for instance, you should be able to find them through a register relevant to their industry. If they don't show on the register, there's a chance they're not actually who they say they are.
Here are some registers that might come in handy:
- Financial advisers register: moneysmart.gov.au/financial-advice/financial-advisers-register
- Charity register: acnc.gov.au/charity/charities
- ABN lookup: abr.business.gov.au
Stock images: Getty, unless otherwise stated.