Fake emails (phishing scams) are designed to trick you into clicking a link, opening an attachment, or handing over passwords and payment details. If you use email for day-to-day life or run a small business, learning to spot the warning signs can save you from account takeovers, data loss, and expensive clean-ups. This guide is written for everyday users and small businesses, with practical checks you can do in under a minute.
What phishing is (and why it works)
Phishing is a type of scam where someone pretends to be a trusted organisation (your bank, Microsoft, Australia Post, MyGov, a supplier, even your boss) to get you to:
- Enter your password on a fake login page
- Download malware via an attachment
- Pay a fake invoice
- Share personal or business information
It works because the emails look convincing and create pressure “act now”, “your account will be closed”, “payment overdue”.
The fastest way to assess an email: the 30‑second check
Before you click anything, run through these quick checks:
- Do you recognise the sender and were you expecting this email?
- Does the email create urgency or fear?
- Does the sender address look slightly “off”?
- Do the links go where they claim to go?
- Is there an unexpected attachment (especially a ZIP, HTML, or Office file asking you to enable macros)?
- Is the request unusual (gift cards, bank detail changes, password reset you didn’t request)?
If you get even one strong red flag, stop and verify using a trusted method (like calling the company using the number from their website not the email).
Check the sender properly (display name vs real address)
Scammers rely on the fact that most email apps show a friendly display name like “Commonwealth Bank” or “Microsoft Support” while hiding the real address.
What to look for in the sender address
- Misspellings and lookalikes
support@micros0ft.com(zero instead of “o”)accounts@commbank-secure.com(extra words)
- Wrong domain (the part after @)
A real organisation will generally send from their official domain, not a random one. - Free email accounts used for business requests
Invoices or “CEO” requests fromgmail.com/outlook.comare a major warning sign (not always fake, but verify). - Reply-To mismatch
Sometimes the “From” looks fine, but the “Reply-To” goes somewhere else.
How to view the real sender (common apps)
- Gmail (web): click the sender name → view the full email address.
- Outlook (desktop): double-click the email → File → Properties (or view message details).
- Outlook (web): open the message → click the three dots (…) → View → View message details.
- Apple Mail: click the arrow next to the sender.
If you’re unsure, treat it as suspicious and verify another way.
Read the message like a scammer wrote it (because it was)
Phishing messages often share predictable patterns. You’re looking for manipulation and inconsistency.
Common fake email signs in the wording
- Urgent language: “Immediate action required”, “Final warning”, “Your account will be locked today”
- Threats: “We will suspend your account”, “Legal action”, “Penalty fees”
- Too good to be true: “You’ve won”, “Refund available”, “Unexpected prize”
- Vague greeting: “Dear customer”, “Hello user” (not always, but common)
- Odd tone or formatting: strange spacing, random capital letters, mismatched fonts
- Requests that don’t fit the organisation: banks asking for passwords, “IT” asking for your MFA code, suppliers asking you to pay to a new bank account without prior notice
Legitimate organisations can be urgent sometimes (like a real invoice), but they usually provide clear context and don’t pressure you into clicking a random link immediately.
Inspect links safely (without clicking)
Links are one of the biggest phishing tools. The text might say “View invoice” but the link could go anywhere.
How to check a suspicious link
- On a computer: hover your mouse over the link and look at the preview (bottom-left of the browser or in the email app).
- On a phone/tablet: press and hold the link to preview the URL (don’t tap).
What to look for in the URL
- Domain doesn’t match the company
Example: the email claims to be from Australia Post, but the link goes to something unrelated. - Extra words added to look legitimate
mygov-login-secure.example.com(the real domain isexample.com, not “mygov”) - Shortened links (
bit.ly,tinyurl)
Not always malicious, but scammers love them because they hide the destination. - Weird subdomains
auspost.tracking.scamdomain.com→ the real domain isscamdomain.com - Lookalike characters
Some scams use characters that look like letters (international domain tricks). If anything looks odd, don’t proceed.
If you need to visit a site, type the address yourself (e.g., go to your bank’s website using a saved bookmark) rather than using the email link.
Attachments: the highest-risk part of many scams
Attachments can contain malware or lead you to a fake login page.
Treat these attachment types as high risk
- ZIP/RAR files (compressed files that can hide malware)
- HTML/HTM files (often open a fake login page in your browser)
- Office files that ask you to “Enable content” or “Enable macros”
- Unexpected PDFs (can be used in scams; not always dangerous, but be cautious)
- “Invoice” or “remittance” attachments you weren’t expecting
If you weren’t expecting an attachment, verify with the sender via a known phone number or a fresh email address you find independently.
Email scam examples you’ll commonly see
These are patterns that show up regularly for households and small businesses.
1) “Your password expires today” (fake Microsoft/Google)
- You’re told your email will stop working unless you click a link to “keep your account active”.
- The link goes to a fake login page.
2) “You have a new voicemail / scanned document”
- Often includes an attachment (HTML/ZIP) or a link.
- Designed to steal your email password.
3) “Invoice overdue” or “Payment required” (business email compromise)
- Looks like a supplier invoice.
- May request payment to new bank details or include a link to “view invoice”.
4) “MyGov / ATO refund” or “toll notice”
- Creates urgency and fear of penalties.
- Leads to a fake payment page.
5) “CEO request” (gift cards or urgent bank transfer)
- Appears to be your boss or manager.
- Asks for gift cards, account details, or a quick transfer often with secrecy and urgency.
Common causes (why people get caught)
- The email arrives during a busy moment (end of day, during meetings, school pickup)
- The sender name looks familiar but the address is different
- The scam uses real branding (logos, colours, signatures)
- You’re expecting something similar (a parcel, invoice, password reset)
- The message pressures you to act fast and skip verification
- On mobile, it’s harder to inspect addresses and links
What you can try safely (before you click anything)
Follow these steps to reduce risk without needing advanced technical skills.
- Pause and verify the context
- Ask: “Was I expecting this?” and “Does this request make sense?”
- If it’s unexpected, assume it could be fake until proven otherwise.
- Check the sender address (not just the name)
- Open the sender details and look for misspellings or strange domains.
- If it’s a business request from a free email account, verify by phone.
- Preview links without opening them
- Hover (computer) or long-press (phone).
- If the domain is unfamiliar or doesn’t match, don’t click.
- Don’t open unexpected attachments
- Especially ZIP/HTML or Office files requesting macros.
- If it claims to be from a supplier, contact them using a trusted number.
- Use a separate path to log in
- If the email says “Your account has an issue”, open your browser and type the official website yourself (or use your saved bookmark).
- Never log in via a link you don’t fully trust.
- Use multi-factor authentication (MFA) wherever possible
- MFA won’t stop every scam, but it makes stolen passwords much less useful.
- Prefer an authenticator app over SMS where possible.
- Helpful next step: spot a scam email (before you click it)
- Report and delete
- Use your email client’s “Report phishing” option.
- In a business, tell staff what it looked like so others don’t fall for the same message.
What to do if you clicked a phishing link (or entered your password)
Act quickly, but don’t panic. The right steps depend on what happened.
If you only clicked the link (and didn’t enter details)
- Close the tab immediately
- Run a reputable antivirus/malware scan
- Watch for follow-up emails or account alerts
- If it was a work device, tell your IT support so they can check logs and protect other accounts
If you entered your password
Warning: Changing passwords can lock you out of synced devices or business systems if done incorrectly. If this is a work account, coordinate the change so you don’t break shared access or lose data.
- Change your password immediately (from the real website, typed in manually)
- Enable MFA if it isn’t already on
- Sign out of other sessions/devices
- Most email providers have “Sign out of all devices” or “Log out of other sessions”
- Check account settings for tampering
- Look for new mail forwarding rules, “auto-delete” rules, or new recovery email/phone numbers
- Check your Sent items
- If scammers sent emails from your account, warn contacts not to trust messages from you
If it’s a business email (especially Microsoft 365 or Google Workspace), also check for suspicious mailbox rules and OAuth app access. A quick clean-up step-by-step guide can help: best practices for cybersecurity in small businesses
If you downloaded/opened an attachment
- Disconnect from Wi‑Fi/Ethernet (to limit spread)
- Run a full antivirus scan
- Do not keep “trying again” to open the file
- If the device is used for business, stop using it for email/banking until it’s checked
- If you suspect ransomware (files suddenly encrypted, ransom note appears), power down and get professional help immediately
If you entered card details or made a payment
- Contact your bank using the number on the back of your card or the bank’s official website.
- Monitor transactions and follow the bank’s fraud process.
Data backup warning (important)
If you suspect malware or ransomware, don’t rely on the device as your only copy of important files. If you have backups, keep them disconnected until you’re sure the system is clean some malware can target connected drives and cloud sync folders. If you’re unsure, get help before restoring. For planning safer backups: best practices for creating strong passwords
When to call a professional
Get hands-on help if any of these apply:
- You entered a password for your email, Microsoft 365, Google, or banking
- You can’t log in (password changed, MFA changed, recovery details altered)
- You see new inbox rules/forwarding you didn’t create
- Your contacts are receiving emails you didn’t send
- You opened an attachment and your device is behaving oddly (pop-ups, slowness, unknown programs)
- You’re a small business and the email involved invoices, supplier details, payroll, or customer data
In Ballarat, it’s common for small businesses to have shared mailboxes, bookkeeping systems, and multiple devices linked to the same account quick action can prevent the scam spreading to staff, clients, or suppliers.
Quick summary / checklist
Use this checklist whenever you’re unsure:
- [ ] Was I expecting this email?
- [ ] Does it use urgency, threats, or “act now” language?
- [ ] Does the sender address match the real organisation (not just the name)?
- [ ] Do the links go to the correct domain when previewed?
- [ ] Is there an unexpected attachment (ZIP/HTML/Office macro file)?
- [ ] Is it asking for passwords, MFA codes, gift cards, or bank detail changes?
- [ ] If unsure: verify via a trusted channel (type the website yourself or call a known number)
- [ ] If you clicked/entered details: change password (safely), enable MFA, sign out of sessions, check forwarding rules, and run a malware scan
If you build the habit of checking sender, links, attachments, and urgency, you’ll catch most fake emails before they do any damage.
