A scam email is a malicious email that aims to trick recipients into giving up their sensitive information, such as bank accounts and passwords. This is one of the ways scammers have used to steal money from individuals easily. Learn how to spot scam emails, the most common types, how to avoid becoming a victim and what to do if you’ve been scammed.

How to Spot a Scam Email

Here are some ways to recognise a malicious email:

• It came from an infrequent sender.
• It has an urgent call to action or an alarming tone.
• It has unexpected attachments and suspicious links.
• There are multiple spelling errors and bad grammar used in the message.
• The email address or domain name are misspelt or altered.
• Email greeting is not personalised or uses a generic format like “Dear madam or sir”.

The Most Common Types of Scam Emails

• Sextortion or doxing
• Business email imposters
• Fake contest or raffle prizes
• Account update and password reset requests
• Fake charity membership from famous personalities
• Too good to be true subscription promos and renewal discounts

What Happens When You Respond to a Scam Email

Clicking on a suspicious link may open a phishing website that pretends to be a legitimate online shop or bank to collect your login credentials and other information. On the other hand, downloading an attachment can install malware on your device. Malware like ransomware can encrypt your files and hold them for ransom. Some can install malicious software that records device activities to get your data. Once scammers have your information, they can use it to steal money directly from your bank accounts and credit cards. Or worse, take over your email and other connected accounts and cause more damage.

How to Avoid Becoming a Scam Victim

Educating yourself about the ins and outs of scam emails is still the most effective way for you to avoid being targeted by these attacks. Until then, follow these recommendations:

1. Practice good email hygiene.
   • Never disclose sensitive or confidential information through email. If in doubt, verify with the person or company first to avoid possible issues.
   • Think before you click. Avoid opening links and attachments from unknown senders.
   • Create a strong and unique email account password. Use Trend Micro Password Generator to help you generate better passwords for your accounts.

TIP: Change your passwords regularly. Trend Micro recommends you update them at least every three months if you are not using a password manager.

2. Look at the email address, not just the sender.
   • Check if the message is sent from a public email domain. Legitimate organisations use a single domain for email addresses. They will not send emails from an address that ends in @gmail.com. If the domain name (what comes after the @ symbol) matches the sender of the email, the message is most likely legitimate.
   • A message that comes from a different domain is suspicious.
3. Enhance your device security and privacy.
   • Turn on the Firewall for your Windows PC.
   • Update your operating system and web browsers regularly.
4. Watch out for suspicious links.
   • You should not click links or download files even if they come from strange sources.
   • Check for mismatched URLs. Hovering above the link may show a different web address.
   • Avoid clicking links in emails unless you are sure it is a safe link.
5. Look for any grammatical errors and spelling mistakes.
   • Companies will often hire proofreaders and editors to ensure content they send out are free from errors.
6. Do not be frightened by messages that have an alarming tone.
   • Doublecheck with the company if you are uncertain about the status of your accounts.
   • Many of these scam email requests you to act quickly or else it will be too late.
     

7. Look out for generic greetings like “Dear Customer”
   • Scam emails are designed to be sent to a large amount of people, so they need to be as impersonal as possible.
   • Check whether the message contains a generic subject and a greeting. This is a sign of a phishing attempt.
8. Take note of unusual information in the message.
   • Any mentions of operating systems and software that are not commonly used can often be a sign of a scam or phishing attempt.
9. Watch out for unsolicited messages.
   • Organisations do not practice sending confirmation emails unless there have important reasons.
   • Most of them avoid sending unsolicited messages unless it is for company updates, newsletters, or advertising purposes.

Why Do I See Scam Emails?

Wondering why you receive these emails? Cybercriminals may have obtained your email address from a data leak, fake website, public sources like social media, or even illegally purchase your data.

What To Do After Realising You’ve Been Scammed

1. Change the password of your email and other online accounts.
2. Contact your financial institutions including your bank and see how they can help you further.
3. Report the scam to prevent more victims.
   • Australia: ScamWatch  
   • New Zealand: NetSafe