How to Detect Email Scams – A Practical Guide 

Over 675,000 (3.1%) Australians were victimised by scam-related activities in FY 2023-2024 according to the Australian Bureau of Statistics (ABS). Payment redirection and phishing – email tactics to prompt an individual to disclose passwords, bank, and personal information – were reported to be among the top five forms of scams. 

As a business, we have encountered numerous impersonation, payment redirection and phishing attempts, so our team has now learned to single them out and stay vigilant. A rule of thumb is, when in doubt: 

  • Never click on any links 

  • Do not engage 

  • Inform your team right away 

  • Report it 

  • Delete! 

Do you want to know how to identify these schemes before they impact your business? Check out our list to help you easily recognise these malicious activities. 

Common Scam Tip-Offs 

 

1. Suspicious sender email address   

Be wary of email addresses with spelling errors, inconsistencies, and generic domains (yahoo.com, hotmail.com, outlook.com, bigpond.com, etc.) as most businesses use their own email domains (e.g., admtech.com.au). If you received an email with vague and suspicious content, check the email address and match it with the sender’s signature details. If there are discrepancies and grammatical errors, chances are it is a scam. 

Example 1 

Addresses don't match

Example 2

Grammatical and spelling errors
 
 
2. Impersonation 

These types of emails come from someone posing as your team member or a contact. They would usually start with harmless messages that could gradually evolve to solicitation of information, invitation to download or click on links, etc. once you “trust” them to be legit.  

The information they collect from you could result in monetary loss or compromised accounting records, so beware.  

Example

Impersonating Kristin Brown
 
 
3. Urgent requests 

Emails that prompt you to act fast are red flags. If you receive vague emails asking you to pay immediately, regardless of whether you know the source or not, always double check as your contact’s email account may have been hacked.   

Action required immediately

 

 
4. Generic and stilted emails

Verbose emails that are addressed to no one may be scam. These emails would usually contain money-related matters, like requests to change payment details (payment redirection) or asking for payments.  

A common one we receive starts with, ‘Hello, do you have time to correspond with me?’”

Here are other actual examples of scam emails we received in the past.  

Generic and stilted emails
 
5. Unexpected requests for information 

When an unknown sender asks you for any personal information like birth dates, this is without a doubt a scam. Again, do not engage. Personal information such as birth dates are typically used as passwords that they could use to access your bank accounts. 

Example

Asking for birth date
 
6. Unexpected attachments 

These emails may contain various kinds of attachments that you did not ask for. It may instruct you to listen to an audio file, scan a QR code, download a file from a vague link, or ask you to click on a PDF file and submit it to a cloud repository. When in doubt, do not click, report, and delete! 

Example 1

Scam QR code

 

Example 2

Audio file

Example 3

PDF DocuSign
 
7. AI-generated email threads

As a bonus item, our last and definitely one of the scariest scams: AI-generated email thread complete with invoice attachment, correct addressee details and professional sender information.

These types of scams combine impersonation and some clever tactics to make you believe that a member of your team has just completed a business transaction that requires payment.  

Should you get email scams like this, it does not matter how big or small the amount they were asking you to settle, always check with your team.  

Below is the actual sample of the email thread we received asking for over 48,000 USD payment for a legal service. We presume that our team's details were taken from LinkedIn, and the scheme was built to reflect this information.  

 

Example

AI-generated email threads

In most cases, email scams may contain a combination of the features above. Some are quite easy to pick, but the rest are good with very subtle telltale signs that could easily be overlooked.  

 

What should You do if you Click on Links by Mistake? 

There is no shame if by any chance you clicked on any links by mistake. You can follow the steps below to mitigate any implications this may cause you:  

  1. Disconnect your device from the internet, and run any anti-virus software you may have installed. 

  1. If you filled out a form through any links, change your passwords immediately and enable multi-factor authentication (MFA). 

  1. If you entered your bank details, call your bank and ask them to freeze your account. 

  1. For any other details you may have shared, report to Scamwatch and/or get assistance from IDCARE identity check.  

  1. Monitor your accounts, and consider getting a credit report e.g., from Equifax. 

Did we miss out on anything that you would like to add to this list? Help us stay safe from these scams, share it with our team

 

Anything to share? Click here!

 

Practical Guide to Scam Emails
x