Avoiding scams and malware

Always carefully assess every offer and message you receive (particularly from people you don’t know or who contact you unexpectedly), be aware of the characteristics of scams and malware and check if the offers or messages you receive contain any of these characteristics, or appear suspicious. If it seems too good to be true – it probably is. Even a hint of suspicion, always double check the validity and talk to an expert. CERT NZ or CERT Australia can provide free advice.

Avoid objectionable or pirating websites as they may be illegal, a scam, contain malware or attempt to blackmail you.

Scam awareness

Banks and most organisations will never ask for passwords or pin numbers in person or by email. Be very wary if asked and if in doubt, contact the organisation separately using the contact details you would normally use to contact them.

A scammer will usually make unexpected contact with you, predominantly via email or phone call. They may:

  • contact you with an attractive offer

  • contact you to say you have errors and urgently need a software upgrade

  • contact you pretending to be someone they aren’t, e.g. your bank

  • contact you saying they are from Microsoft or Apple offering remote assistance to fix a problem they have been alerted about

  • ask for money, personal, account or access details (e.g. passwords or pin numbers)

  • send you a fake invoice or remittance – DO NOT OPEN

  • phone number looks like an overseas number

  • usually with a strong accent.

Indications that a message (email, text, messenger app) may be a scam or contain malware:

  • may have the characteristics of a scam

  • asking for money, personal or account details

  • attempting to blackmail you

  • contain a bill for services you didn’t ask for

  • contain suspicious links or attachments. If a link is provided in an email, hover above the link to see if it is the same as what is typed. If not it is likely to be malicious

  • may contain offensive content

  • be providing or offering something you didn’t ask for

  • may appear very similar to messages you currently receive

  • may come from a person you are not expecting to receive a message from

  • emails may come from someone you know – hackers have gotten access to their account and are sending out emails to their contact list. Be wary about requests for money or other uncharacteristic emails from people you know 

  • email address is not from the organisation being represented in the email. Scam emails may be different but very similar to genuine email addresses

  • email address doesn’t match the name on the address or on the email signature

  • spelling errors in the email

  • emails suggesting you will lose data or emails requiring you to “click here” or sign in to recover your account or missing emails

  • may contain a file that asks you to enable macros – do not enable macros.