Is that Email a Fake or Not?

Good security software will get rid of the bulk of your spam mail so usually you don’t have to worry about them but occasionally some slip past the keeper and end up in your inbox.  Mostly they’re just annoying, but occasionally, slotted in between the email offering you a cheap Rolex watch and another selling cut-rate prescription drugs, will be a more sinister one masquerading as an important message from a legitimate organisation.  These fake emails are designed to make us do things like go to a website we never intended to go to, download a virus or even attempt to steal our banking details.

Typically the email appears to be coming from business like Westpac, Commonwealth Bank or Australia Post and they will say things like Account Activation Required, Parcel Delivery Failure, Your Account has been Compromised or Your Package is Available for Pickup.  This wouldn’t be a problem if they all looked amateurish and fake – many of them do – but some look very genuine and are incredibly convincing.

So what can you do tell if you are looking at a fake email or the real deal?


Are you expecting?

First things first, it sounds obvious, but should you be expecting a message from the organisation the email appears to be coming from?
Do you actually have an account with the bank in question?  Are you expecting a parcel and if so, would the courier actually have your email details to be able to contact you?

I’ve had many clients who have been stung by an email that spreads a virus. The message in the email says that UPS (a major American courier business that doesn’t even operate in Australia) tried leaving a parcel for them at their home, but no-one answered the door. Some of my clients said they weren’t even expecting a parcel but they clicked on the attachment (a virus) anyway to see if they could find out who the mystery parcel was from.


Poor grammar

I’ve worked for these organisations and I can tell you that they don’t let any public correspondence go out without their marketing department checking it thoroughly. They want to make sure it is consistent with their corporate image, that it sends the right message to their clients and that it uses all the right corporate branding – and after

all that checking, they are definitely not going to let it leave their hands if it contains grammatical errors and spelling mistakes! So, if the message you’ve received looks like it was written by someone whose first language was not English, then it’s fake!

Where are you taking me?

A fake email purportedly from Westpac Banking Corporation
Hover your cursor over the hotlink and it should tell you what web page you will be taken to if you click on the link.

Many of these emails have hotlinks in them – the lines of text that are underlined and when you click on them, they take you to a web page.  The hotlink might jsut say “Click Here” but gives you no idea where it is going to take you to.  If you click on the link and it is a fake, it might take you to a website that causes you to inadvertently download a virus.  Luckily, you can work out before you click on the link where it intends to take you.

If you look at the picture to the right, you can see the red arrow points to a hotlink. When you put your mouse cursor over the hotlink (don’t click it, just leave it sitting there), a small box pops up to tell you what web address (or URL) you will be taken to if you click on the link. In this case, you can see that instead of a Westpac website, I would have been taken to Quite obviously this is nothing to do with the Westpac Banking Corproation – it is in fact a (probably) hijacked web page of Swiss-British pop-singer Kirsty Bertarelli (a lovely singer, by the way – to check her site out safely, click here: Kirsty Bertarelli).  I don’t know what was going to happen once I got there because my security software wouldn’t let me go to that particular web page, although I could go to any other page on her site.



Lastly, are there any attachments?  Be wary of any attachments, but, in particular, files that end in .exe or .zip should ring alarm bells!

Remember, if in doubt, throw it out – it’s much less hassle than having to get your computer disinfected due to a moment’s curiosity.


We Love Feedback

Did you find this article interesting or informative? Is there something you feel we missed out? Did we get it wrong or do you need more information? Would you like to congratulate us on an article well-written (yes, please!). If so, we’d really appreciate your feedback, so please feel free to leave your comments in the “Speak Your Mind” section below. Or, if it’s easier for you, you can leave comments at our our Facebook page.