Print

How to avoid common email scams

Learn some top tips for using email safely. You'll find out about strong passwords, using official email apps, and when it's safest to open email attachments.

You can use this tip sheet as a handy reference for:

  • Identifying the most common email scams
  • How to avoid being scammed
  • Your email service's protective features
  • How to block as much spam (unwanted email) as possible.
Email scams
Email is a safe way to communicate online. It doesn't give out many details about your identity, just your name. Email also doesn't give away your physical location.

How private is email?

Even though your email mailbox is protected by your strong password, email itself is not very private:

  • When you send an email, it can't be retrieved or cancelled.
  • A person who receives an email from you can send it onward to anyone, without your knowledge.
  • Emails can be sent to hundreds or even thousands of people at once.
  • What you say may be read by others.
  • You should never send credit card details via email, especially your three-digit card verification value (CVV).

Tips for safely using an email service

You should use a reputable email service, such as Gmail, Outlook, or Yahoo, to read and send emails:

  • Always use a trusted service.
  • Do a Google search for reviews or articles about any service you are thinking of using.
  • Only use the official app, downloaded from your mobile device's app store, to read and send email on your mobile device.
  • Avoid independent email apps for mobile and computer. These can be good, but often lack the latest security features or have too many complicated advanced features for everyday use.
  • If you use an official web email service, you can always safely read an email in your web browser, as the service protects you from harmful software and viruses.
  • Downloaded attachments should be scanned by your computer's antivirus suite before you open them.
  • You should always use a strong and unique password for your email service. Don't use this same password anywhere else.

Tips for dealing with spam email

Spam is an unfortunate feature of using email day to day. To make sure spam doesn't take over your email Inbox:

  • Report unwanted or suspicious emails using your email service's Report Spam feature.
  • Accept that you will always receive some spam, and that your email service will filter out most of it.
  • Check your Spam folder occasionally to make sure emails you actually want aren't put in there by mistake.
  • Avoid reading spam. It's safe to open to read in the spam folder, and links are blocked, but it's still better to just ignore it.
  • Be aware that some spam might seem to have been sent by someone you know, or might pretend to know you.
  • If an email seems suspicious, just delete it. If it was a real email, the person who sent it will probably send it again.
  • If you move an email out of the spam folder back to the Inbox, the links in the email will become active again. Make sure you don't click on them accidentally.
  • Some spam isn't harmful, it's just catalogues or ads from companies.
  • Your service may let you unsubscribe from newsletters via a link at the top of the email.
  • Some emails include an unsubscribe link in the email, but you should only click this if you trust the email.
  • Spam is deleted after 10-30 days (depending on your service). You don't need to worry about spam again after you report it.
Reputable companies, banks, and government services will never ask you for your password or personal details over email. If you receive an email that looks like it is from a bank or the government, asking you to confirm your email, it is almost certainly a scam and you should delete it.

Using your antivirus suite with email

Your email service will scan all incoming email for viruses and harmful software, as well as links to known harmful websites. Any email that has a virus will be blocked. Sometimes an attachment might include a virus or unwanted software, so remember to scan this a second time with your computer's antivirus suite.

If your antivirus software scans a file and doesn't find any viruses, malware, or other kind of unwanted software, this almost always means the file is safe to open and use. If your computer starts to run slowly, use the thorough scan option in your antivirus software. For more information on antivirus software, see our Using antivirus software course.

The golden rule of email

The safest way to assess email is that if you are suspicious of something in the email, or it feels a bit off or strange, just delete it.

Don't click Reply on an email that you suspect is spoofed. Instead of going back to the person you think, it will go to the scammer.

Regularly use the security check up if your email service offers one. It will tell you:

  • How many different passwords are saved in your browser's password manager (if you are using this)
  • How many times you've used the same password for two or more accounts
  • If any of your passwords have been exposed in a data breach
  • Tips and help with choosing the strongest possible passwords.
beconnected.esafety.gov.au