Cybercriminals use email to carry out a range of threats.

A number of different threats use email for their success, including malware, phishing and different types of scams. These threats work as follows:

  1. You receive a message that contains an appeal or threat, and the message tries to convince you to do something.
  2. You assess the characteristics of the message, decide the appeal is legitimate and take the requested action.
  3. The action, which might be clicking a malicious link, opening a malicious file or sending sensitive information like credit card details, results in a negative consequence for you as the receiver of the message and some kind of illegitimate gain for the sender of the message.

Social engineering makes it harder to spot malicious emails

Cybercriminals use a technique called ‘social engineering' as a way of enticing and manipulating people. They use tricks to lower your natural defences against deception, for example by pretending to be someone you trust, or by making a highly attractive offer.

Cybercriminals are putting more time, effort and money towards researching targets to learn names, titles, responsibilities, and any personal information they can find. Afterwards, they usually call or send an email with a made up but believable story designed to convince the person to give them certain information.

Social media accounts provide rich information such as events, conferences and travel destinations, which can be used to make an approach seem real and accurate. So consider what personal information you share online and learn how to recognise and report scams.

Note: Social networking sites typically allow you to choose who has access to see your personal details. Consider hiding your email account or changing the settings so that only people that you trust are able to see your details.

Electronic junk mail is commonly known as spam. These are electronic messages you may not have asked for, sent to your email account, mobile phone number, or instant messaging account.

The content of spam messages varies. Some messages promote legitimate products or services, while others will attempt to trick you into following a link to a scam website where you will be asked to enter your bank account or credit card details.

The best way to protect yourself from malicious email is to stop it from reaching you. That way, there’s no chance it can influence you into doing something you might regret.

  • Don’t share your email address online unless you need to, and consider setting up a separate email address just to use for online forms or shopping. You could also consider using email alias services. These create additional email addresses for you that forward to your main account.
  • As much as possible, have separate email accounts for personal and business use. 
  • Use a spam filter to catch these messages before they get to your inbox. Most modern email systems have reasonably effective spam filters to prevent spam appearing in your inbox. If you’re not sure, ask your internet service provider.
  • Delete spam messages without opening them.

Other steps you can take to limit spam

  • Before using your email address online, read the website privacy policy – it will tell you how they will use the personal information you provide.

When you sign up for an online account or service, be aware of default options to receive additional emails about other products and services.

Cybercriminals can be clever and some messages might still make it through to your inbox. Here's how to protect yourself from these malicious messages.

To protect yourself from these malicious messages:

  • Don’t open messages if you don’t know the sender, or if you’re not expecting them.
  • Be suspicious of messages that aren’t addressed directly to you, or don’t use your correct name.
  • Don’t reply to or forward chain letters you receive by email. 
  • Think carefully before clicking on links or opening attachments.
  • If you aren’t sure whether an email is legitimate, contact the person or business separately to check if they have sent the message. Use contact details you find through a legitimate source and not those contained in the suspicious message.  
  • Before you click a link, hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognise or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video, or webpage without directly clicking on the suspicious link.

Ensure you have up-to-date antivirus software installed on any device used to access email.

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it