Australians lost $77 million to email scams last year. Scammers send 'urgent' emails pretending to be from the government, law enforcement and businesses.

They use the same logo and a similar email address as the real organisation. Scammers can also copy or “spoof” the email address of an organisation or business to make the scam email look more real.

On this page

Warning signs it might be a scam

Stop and think. There's a good chance it's a scam if the email:

  • Contains a link or attachment that asks you to log on to an online service with your username and password or to provide other personal information
  • Requests a payment but the bank account and BSB details are new or have changed since the last payment you made
  • Claims to be from a well-known organisation or government agency but is sent from a free webmail address (for example @gmail.com, @yahoo.com.au)

Common scams via email include:

  • asking you to confirm your banking details so they can give you a ‘refund’
  • providing you with a phone number to call urgently
  • making a threat such as immediate arrest, deportation, or blackmail 
  • threatening to stop a service or charge a fine if you don’t act
  • stating you’ve been a victim of identity crime and offering compensation or help to recover money lost to scams

Steps you can take to avoid email scams

These simple steps can help prevent loss of money or personal information to scams:

Check that the email is real 

  • Contact the organisation or person using details you have found yourself (on their website or in the phone book) to check if the email was real
  • Access the organisations’ secure, authenticated portal or app directly (never via a link)

Learn how to protect your email account

  • Use unique passwords for different accounts and consider using a password manager so you don’t need to remember every single password you use.
  • Use multi-factor authentication when you can. This provides an extra layer of protection and means a scammer has to correctly guess your email password and a pin number sent to your phone to gain access to your email account.

eSafety has more advice on how to keep your email secure and the Australian Cyber Security Centre has a step-by-step guide on how to check the security of your email accounts following an incident or suspicious behaviour.

Be scam aware

Watch out for other common signs of a scam and immediately cut contact with anyone who tries to threaten or intimidate you.

Never give personal details or payment to anyone offering compensation or help you recover from a previous scam or data breach or winnings, prizes or an inheritance.

Common Email scam types

Is this page useful?