Email scams and email security

Estimated reading time
 6 min

Key points

• An email scam can take many forms, but it usually occurs when a scammer contacts you through email with a malicious link or request.
  
  
• Being locked out of your email account and having a full ‘sent’ folder with messages you didn’t send are just two of the signs of an email scam.
  
  
• Some measures you can take to help protect your inbox include changing your passwords regularly, turning on the spam filter, and verifying the information or request in an email before doing anything.

Email is central to everyday life, connecting us to family, work, and essential services like online banking. Because email is linked to important personal and financial accounts, it’s often targeted by scammers.

Email scams and phishing attacks are among the most common ways scammers attempt to access sensitive data in Australia. Understanding email security, how email scams work, and knowing how to spot and report suspicious messages can help individuals and businesses reduce the risk of fraud and data breaches.

What is email security?

Email security refers to the tools and best practices used to protect email accounts and communications from unauthorised access, scams, and cyberattacks. This includes spam filtering, antivirus protection, strong password management, multi factor authentication (MFA), and email encryption.

Why is email security so important?

Your email is the front door to your digital life, connecting to bank accounts, workplace systems, social media, and personal information.

If your account is compromised, cybercriminals can access sensitive data, reset passwords, and take control of important online accounts. For businesses, a single malicious email can lead to data breaches, financial losses, operational disruptions, and the spread of malware.

Strong email security helps stop these threats before they cause damage.

What is an email scam?

An email scam is a message designed to trick you into taking an action that puts your information or money at risk. Phishing is a common method used in email scams, where messages are crafted to prompt clicks, downloads, or the sharing of sensitive information. These emails often impersonate trusted organisations, such as banks, employers, delivery services, or government agencies.

Scammers may target your email to steal personal information, access linked services like online banking, or use your account to send scams to others.

For businesses, this can result in business email compromise (BEC), where attackers pose as staff or suppliers to request payments or sensitive information.

Email scams affect both businesses and individuals, with personal email accounts often targeted for fraud, identity theft, or account takeover.

Signs your email may have been compromised

• You can’t log in and your password no longer works
• Emails appear in your sent folder that you didn’t send
• You receive unexpected password reset notifications
• Emails are deleted or moved without your knowledge

Tips to help you protect your inbox

• Secure your email account: Use strong, unique passwords or passphrases for all your accounts, enable multi factor authentication (MFA), keep recovery details up to date, and consider using a password manager.
• Watch out for scams: Be cautious of unexpected emails, especially those that create urgency. Don’t click unfamiliar links or open attachments you weren’t expecting, even if the message appears to be from a trusted source.
• Stop and check: Always verify requests before acting by contacting the person or organisation using a trusted phone number or official contact details, not the details in the email you’ve received.
• Keep your software and devices up to date: Turn on automatic updates for your devices, apps, browsers, and email software.
• Use spam filters and report scams: Enable built in spam filters, report phishing emails, and delete suspicious messages to help protect yourself and others.

What do I do if my email is compromised?

• Change your email password immediately (use a strong, unique password or passphrase)
• Turn on multi‑factor authentication (MFA)
• Sign out of all devices and remove any unfamiliar or approved devices
• Check and update account settings, including recovery details
• Change passwords on accounts linked to your email (e.g. banking, social media, work systems)
• Scan your device for malware and install updates
• Warn contacts if scam emails were sent from your account

Where to report fraud and scams

• If you suspect fraud on your account or have shared financial information or transferred money as a result of a scam, please contact your bank. If you bank with ANZ, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
• You can also report scams to the Australian Cyber Security Centre’s ReportCyber and the Australian Government’s Scamwatch.
• For additional support with identity or cyber security concerns, you can reach out to IDCare, a not-for-profit organisation offering expert support and frontline insights into scams, identity theft and cybercrime.