Based on your report it looks like you may have been affected by an email phishing scam. Take a look at the information below for advice on what steps you should take to stay safe.
Phishing is when someone tries to get personal information (like bank account numbers and passwords), from a large audience, so they can use it to impersonate or defraud people. These emails can look very real, and some will even use the branding and logos of a legitimate organisation to make the email seem genuine.
What to do if you’ve received a phishing email
- You should mark the phishing email as junk mail. When an email is marked as junk mail, your email filter will learn to redirect emails from that scammers email address away from your inbox.
- If you’ve clicked through any links or attachments that were included with a suspicious email, our advice is to check for malware (malware is malicious software such as viruses) on the device you were using at the time. You can use a free online scanner to look for threats on your computers.
As an independent not-for-profit, Netsafe can’t recommend a particular product but we have listed some options here from well-known, reputable companies.
For PC: ESET online scanner or Kaspersky Virus Removal Tool. After this scan has been completed, you can run Malwarebytes Anti-Malware free edition.
For Mac: Bitdefender Antivirus for MAC or ESET Cyber Security for Mac or AVG Antivirus for Mac are also good alternatives.
- If you provided any sensitive personal information or security related information such as your mother’s maiden name, and/or former residential address or bank account details, you should contact your bank immediately. It’s important that you explain the situation to them in full and give the bank the opportunity to decide on the security process to follow.
- Use this Identity Theft Checklist as a helpful guide on what could happen with the information you provided. If you believe you were exposed to identity theft, we recommend you contact iDCare as they provide free help and support for New Zealanders.
How to confirm that you’ve received a phishing email
Check the sender
Most email services allow you to expand and verify the email sender information. Most phishing emails will look similar to those that have been sent from a genuine organisation but they will have subtle clues that you can check.
Almost every genuine business or online service will have their own email domain. Their emails will come from -@genuinebusiness.com or something similar. If the email has come from a -@gmail.com or -@hotmail.com or similarly free/public email service it is almost certain to have come from someone impersonating them.
Check the links
You can hover your mouse over the links included with the email, these are the links the email is trying to convince you to click. By hovering the mouse/cursor over the link (while NOT clicking the link) you’ll see a preview of the website address it’s trying to send you to. If the address doesn’t look like it’s leading you to the official website for the organisation it claims to have come from (for example ‘www.genuinebusiness.com’), it’s most likely come from a scammer.
Check the reason for the email
It’s relatively rare for a genuine order confirmation or customer acknowledgement to be sent to the wrong person. It’s much more likely that a fake transaction/invoice statement or fake security notice has been sent by a scammer to trick you into clicking on a bogus phishing or scam link.
If it’s not a message or verification you requested, don’t reply and don’t click on any links that have been included. If the message mentions a company name, and if you have an account with them, go to their website in a new internet browser window and type out their website address. You can login to your account and check if there are any pending notices that need your attention.
You can keep up to date with the latest online safety advice and scam advisories by signing up to Netsafe’s email newsletter. Subscribe to receive our monthly newsletters at netsafe.org.nz/newsletter
Keywords: phishing, apple, ird, inland revenue, email, itunes, netflix, paypal, password, bank, payment, phish, refund, tax, taxes