How to tell if an email is fraud

Banking on the go

Phishing scams – or email fraud is as old as email itself. These scams attempt to get you to volunteer your personal information to criminals or to install malware on your computer or mobile device. 

Scammers attempt to fool you by sending email messages that point to fake websites. The email you receive may look real, with company logos, links and branding, but when you enter your information into the website that sensitive data is handed right over to scammers. The attachment that you open could also contain Malware that gives the fraudsters direct access to your system. 

While firewalls and email filters will catch most of the bad stuff, the best defence is educating yourself on how to tell if an email is fraud.

How to tell if an email is fraud

There are a number of areas you can check to help determine if an email you’ve received is legitimate or not. Start by looking out for spelling mistakes and poor grammar. Another red flag is a threatening email that fakes a sense of urgency or makes threats to trick you into action. 

Do you know who the email is from, and can you verify the sender?

It’s important to remember that login credentials can be stolen and used by attackers to send malicious emails from known, trusted accounts.

ALWAYS check the ‘from’ email address, and be aware that this can be faked. Scammers will also copy brand logos and email formatting to make an email appear legitimate. 

Does the email contain a link, attachment or ask for sensitive information?

Scammers may try to trick you into clicking links or opening attachments. Before you click any links or open attachments you must check if they are legitimate.  You can do this by hovering over the link if you’re on your computer, or ‘tap and hold’ on mobile devices to review the link before accessing it.

Remember that links can be disguised to appear as legitimate and often contain the imitated business name as part of the link. Before you click a link, download a file, respond with sensitive data or complete a wire transfer, you must be 100% confident the sender is who they say they are and that the request is legitimate. 

What should you do if you think an email is fraudulent?

  • Don’t click on any links or attachments
  • If the email is from an organisation you know, check with them directly before acting on the e-mail 
  • Call a known phone number (not from the email) and ask about the message
  • Check for a trusted website by searching for it online or typing the URL into your browser.
  • Report the email in an appropriate manner to the organisation which is the subject of the phishing scam, if applicable
  • Block the sender and delete the email

REMEMBER: While Heritage may send information, or confirm receipt of items, by email, we will NEVER send an email that requests you to share personal security details such as your PIN, CCV number, internet banking passwords or credit card details. Heritage emails may contain links, however these will never lead you to a website that requires you to input personal details. In order to meet our obligations of the Spam Act 2003, all emails will include an unsubscribe link for the member to manage their preferences for contact.

If you’ve received an email from Heritage that you think may be fraudulent, you can help fight the problem by using the forward as attachment button on your message menu and sending to We use the spam that's forwarded to us to improve our filters and look for malicious campaigns that may be getting through our protection so that we can issue warnings to our customers and staff.

What if I’ve clicked on a fraudulent link or opened the attachment?

If you believe your computer may have been compromised because of an action you have taken in response to an e-mail it is recommended that you: 

  • Disconnect your computer from the Internet.
  • Contact a reputable, local computer support company and have them fully remove any malicious software that has entered your computer environment. Do not accept the assistance of someone contacting you where you haven’t initially asked for help. 
  • Contact Heritage as well as your other financial institutions as soon as possible.
  • Request the reset of any code/passwords from your provider(s), including phone and internet banking services.
  • Keep an eye on your financial transactions. Continue to monitor your account statements, mail and bills for any irregular activity. Immediately alert your provider(s) of any fraudulent activity.

To learn more about protecting yourself from fraudulent activity, visit our Security and Scam help section or see our latest Heritage security alerts.

You can also register for the Australian Cyber Security Scam Alert Service for individuals, families and businesses. Learn more from the Australian Cyber Security Centre

Related tips 

Recognising fraud
Fraud is a crime and it's important to be able to identify fraud in case you are ever targeted.
Latest scam alerts & fraud protection
Stay scam aware with our latest scam and security alerts. Browse our frequently asked questions and learn how we protect you from fraud at Heritage Bank.
10 tips to help stay secure online
Keeping your personal information secure online is important. Here are 10 quick tips to remember.
Was this helpful?