Odds are you have already seen a scam email at least once. Or at least know what it should look like – the gibberish email address, the incorrectly formatted body, off-looking logos and images… the list to identify a scam email is almost endless. However, scam artists are honing their craft and becoming sleeker in their presentation. It is especially becoming clear now in 2016.

In the past few months, big names such as Telstra, AGL Energy, and even the Australian Federal Police have been impersonated in emails sent to tens of thousands of Australians. All of these emails looked and sounded professional, official, and held almost no sign to doubt the source. However, despite how different these businesses are, the content of the emails all held a similar theme – malware. Those unfortunate enough to click a link or download an attachment instantly found their computer infected with it.

But what is it?

The malware attached to these emails have varied greatly, from the more common types of malware that have been reported in these incidents are spyware and ransomware. Spyware burries itself into your computer and silently gathers and sends information – like a spy – to the sender. This is how things such as credit card details, passwords, and keystrokes can be gathered without your knowledge. Ransomware is almost the polar opposite – it locks you out of your computer and refuses to give you access again unless you pay money.

Ransomware, especially with the AGL Energy incident, is becoming alarmingly common in these targeted attacks, with its use seeing a dramatic increase this year. With the computer being held hostage for nearly $900 once activated, it is a painfully expensive reminder to be careful of what you click. It can strike anyone as well – in the US, the University of Calgary had to pay nearly $16,000 when their computers were infected with ransomware.

Odds are that the next big email hoax is around the corner, and we need to be prepared for it.

What can I do to avoid these?

1. Ensure that you have a strong virus security program installed on your computer, and that it is protecting both your computer and your web browser.
2. Always double check the email address that your emails have come from.
3. Hover over any links in the email and you can see where they are going to. If the URL looks strange then this is a good indicator of something suspicious.
4. Be wary of attached downloadable files. If any are attached to the email, check the file name. If these contain things you don’t recognise or trust, do not open them.
5. Trust your instincts. If something seems strange, read over the email header, body, and sender address carefully and compare it to any past emails you may have received from the company.
6. When in doubt, directly contact the business in question. The staff will be able to clarify if the email is legitimate or not.
7. If you have identified it as a scam email, send the details to the company being impersonated.
8. Never click on anything you don’t trust.
9. Keep vigilant!  

Lisa