Email scams

Sending bulk messages is one of the most common ways for scammers to target you, so you need to be careful with emails that arrive in your inbox, even if they look legit.

What it is

The most common type of email scam is a ‘phishing’ scam.  A phishing email will ask you to either click a link and enter personal information, or open an attachment in the email.

In a phishing scam, the sender pretends to be someone trustworthy. This could be an organisation you trust– like a bank or government agency – or a person you know, like a colleague or supplier. 

A phishing email will ask you to click a link and enter personal information, open an attachment in the email, or buy a gift card or voucher.

Phishing is the email version of ‘smishing’ or text message scams.

Text message scams

How it works

Phishing is a type of email scam. A phishing email will ask you to either click a link and enter personal information, or open an attachment in the email.

Phishing emails can look and feel legitimate. They use the same design and logos as the company or organisation they’re pretending to be, and the same kind of language.

Most phishing emails look like they come from:

  • a bank
  • a social media site
  • a government agency
  • an online game, or
  • an online service with access to your financial details, like iTunes, Netflix or Google.

Reputable companies and organisations will never ask you to provide them with personal information by email.

Phishing emails that ask for personal information

The email will ask you to click a link, where you'll be prompted to enter personal information. This could be:

  • your credit card information
  • your internet banking details
  • personal information and documents, like your driver's licence or passport
  • usernames or passwords for your online accounts, including social media accounts, or Microsoft or Google accounts.

For example, you may be directed to a website that looks like your bank’s website, and asked to enter your internet banking login details. This will give the attacker access to both your login information, and your bank accounts.

Phishing emails with attachments

Clicking an attachment in a phishing email allows the sender to infect your computer with malicious software, or ' '. This gives them access to your personal information without you knowing.

For example, you might get an email saying that you’ve been charged for services you didn’t receive – like lawn mowing, for example – with an invoice for the job. If you open the invoice to check the details, it could download malware to your computer without you realising.


How do phishers get your email address?

Attackers can get lists of email addresses:

  • from contact details found on web pages and social media sites
  • from email lists or data breaches that are shared and sold online
  • by guessing addresses that might be in use.

Information leaks