Stay safe: dealing with links and attachments

We’ve all seen scam emails at one time or another. These pieces of junk mail are different from your regular Viagra spam because the aim is to trick you into thinking you’ve gone to an official website you already trusted.

Internet scam artists aren’t restricted by borders, either. They can make you think you’re visiting international sites like eBay and PayPal or local banks like St. George and the Commonwealth Bank.

The web isn’t a safe place, and lurking around every corner is someone who wants nothing better than to steal a part of your life. Whether it’s your email address, credit card, or even your whole identity, web users have to be more aware than ever.

Here are some tips to avoid being caught out:

Be aware of links

One of the biggest problems with email links is that we don’t really look at the links before we click. We see an email, assume it’s authentic, and then click.

The problem here is that it’s not hard to pretend you’re from a company. With a few images and some official sounding text, anyone can pretend they’re from some big company you already deal with.

Example: If an email says it’s from PayPal about your account, be weary.

PayPal scam
This scamming PayPal link actually tried sending us to “”, a website that has nothing to do with PayPal.

An easy way to see if it’s real or not is to copy the link and paste it in something neutral like a text editor. Remember that the original site will start with something like “”, not end with it.

Another way to avoid these emails is to use an email service such as Google’s Gmail or Microsoft’s Hotmail. These solutions will often warn you and filter the messages into a spam folder leaving you free to go about your business.

Be careful of attached files

Attached files play a big part in suspicious emails. Quite often these emails will ask you to download and open either a ZIP or HTML file.

“Do not open any files attached to an email or click on any links unless you know what it is, even if it appears to come from a friend or someone you know,” says Moira Cronin, McAfee’s Cybermum.

“Some viruses can replicate themselves and spread through email. Confirm that your contact really sent the attachment or link before clicking on it.”

It might look real, but three things give it away as a fake. First is the incorrect “Australian Tax Refund Agency” subject line, followed by the spelling error of “attachement”.
The third thing spelling it out as a fake is the file: the ATO will never send you an HTML file to click on.

While many of these emails might seem like they’re coming from the places they say they represent – companies like eBay, Apple, and PayPal – none of these places are ever likely to send you files.