How to tell if an email is fraud

Banking on the go

Phishing scams – or email fraud is as old as email itself. These scams attempt to get you to volunteer your personal information to criminals or to install malware on your computer or mobile device. 

Scammers attempt to fool you by sending email messages that point to fake websites. The email you receive may look real, with company logos, links and branding, but when you enter your information into the website that sensitive data is handed right over to scammers. The attachment that you open could also contain Malware that gives the fraudsters direct access to your system. 

While firewalls and email filters will catch most of the bad stuff, the best defence is educating yourself on how to tell if an email is fraud.

How to tell if an email is fraud

There are a number of areas you can check to help determine if an email you’ve received is legitimate or not. Start by looking out for spelling mistakes and poor grammar. Another red flag is a threatening email that fakes a sense of urgency or makes threats to trick you into action. 

Do you know who the email is from, and can you verify the sender?

It’s important to remember that login credentials can be stolen and used by attackers to send malicious emails from known, trusted accounts.

ALWAYS check the ‘from’ email address, and be aware that this can be faked. Scammers will also copy brand logos and email formatting to make an email appear legitimate. 

Does the email contain a link, attachment or ask for sensitive information?

Scammers may try to trick you into clicking links or opening attachments. Before you click any links or open attachments you must check if they are legitimate.  You can do this by hovering over the link if you’re on your computer, or ‘tap and hold’ on mobile devices to review the link before accessing it.

Remember that links can be disguised to appear as legitimate and often contain the imitated business name as part of the link. Before you click a link, download a file, respond with sensitive data or complete a wire transfer, you must be 100% confident the sender is who they say they are and that the request is legitimate. 

What should you do if you think an email is fraudulent?

  • Don’t click on any links or attachments
  • If the email is from an organisation you know, check with them directly before acting on the e-mail 
  • Call a known phone number (not from the email) and ask about the message
  • Check for a trusted website by searching for it online or typing the URL into your browser.
  • Report the email in an appropriate manner to the organisation which is the subject of the phishing scam, if applicable
  • Block the sender and delete the email

REMEMBER: While Heritage may send information, or confirm receipt of items, by email, we will NEVER send an email that requests you to share personal security details such as your PIN, CCV number, internet banking passwords or credit card details. Heritage emails may contain links, however these will never lead you to a website that requires you to input personal details. In order to meet our obligations of the Spam Act 2003, all emails will include an unsubscribe link for the member to manage their preferences for contact.

If you’ve received an email from Heritage that you think may be fraudulent, you can help fight the problem by using the forward as attachment button on your message menu and sending to We use the spam that's forwarded to us to improve our filters and look for malicious campaigns that may be getting through our protection so that we can issue warnings to our customers and staff.

What if I’ve clicked on a fraudulent link or opened the attachment?

If you believe your computer may have been compromised because of an action you have taken in response to an e-mail it is recommended that you: 

  • Disconnect your computer from the Internet.
  • Contact a reputable, local computer support company and have them fully remove any malicious software that has entered your computer environment. Do not accept the assistance of someone contacting you where you haven’t initially asked for help. 
  • Contact Heritage as well as your other financial institutions as soon as possible.
  • Request the reset of any code/passwords from your provider(s), including phone and internet banking services.
  • Keep an eye on your financial transactions. Continue to monitor your account statements, mail and bills for any irregular activity. Immediately alert your provider(s) of any fraudulent activity.

To learn more about protecting yourself from fraudulent activity, visit our Security and Scam help section or see our latest Heritage security alerts.

You can also register for the Australian Cyber Security Scam Alert Service for individuals, families and businesses. Learn more from the Australian Cyber Security Centre

Related tips 

Scam alerts & fraud protection
Fight scammers with our help. Learn how we protect you from fraud and become savvy at identifying scams with our help guides and security tips.
How to avoid investment scams
Investment scams cost Australians hundreds of millions of dollars each year and research from the Customer Owned Banking Association reveals that both novice and experienced investors may fall vulnerable. So, how do you avoid investment scams in Australia?
Improve online payment security with PayID
Did you know that you can use PayID to reduce your chances of falling victim to a scam? Here's why.

Related products

Was this helpful?