Hoax SMS and emails can look very convincing. To protect yourself from scams and fraud, remember to look out for SMS and emails that:
- are unsolicited
- do not address you by your name, or address you by your email address
- ask for your personal or financial information, such as your date of birth, address, credit card details and PIN number – we will never ask you to provide this information via SMS or email
- are poorly worded and contain spelling and grammar mistakes – fake emails often, but not always, contain misspellings, poor grammar, missing words, and gaps in logic; these types of mistakes help scammers avoid scam filters
- promise you money
- contain an attachment for you to lodge a form – opening one could cause you to download spyware or a virus
- contain fake links for you to lodge a form – in emails, check where the link is going by moving your mouse over the link in the email and look at the URL (website address) in the bottom bar of the browser; if it looks suspicious, don't click it.
Check whether emails are from a valid City of Gold Coast email address – scams may include an official-looking email address to give you a false sense of security.
Make sure you are logging into one of our official websites
Our corporate website address is cityofgoldcoast.com.au or goldcoast.qld.gov.au.
View our other City websites. Make sure you are using one of our official websites.
As an extra precaution, we recommend you type internet addresses directly into your internet browser, rather than clicking on links embedded in emails. You can also check the URL of the page you are visiting to ensure the site is genuine. Be cautious when clicking on hyperlinks embedded in SMS and emails.
We will occasionally use SMS and emails for promotional and information purposes. Our messages will never include personal or financial information and will not ask you to reply by SMS or email to provide personal or financial information.
If you receive an SMS or email asking for your personal information, report it to us.
Example of an email scam
To help you spot a scam, we’ve provided the following actual example of a fraudulent email sent recently (successfully blocked):
From: City of Gold Coast [mailto:firstname.lastname@example.org]
Sent: Monday, 30 June 2014 11:25 AM
Subject: GOLDCOAST MAIL!
Dear Valued Customer,
Our System Database have detected a virus and unusual traffic and your account will be blocked in response to complaint signal received by our security protocol. According to provision ICCN#98580 of Terms and Conditions, your account may at any time terminate its Services for account.
You can confirm your Email account ID now to avoid service suspension on your email account. Once your account is confirmed, we will restore your account to its normal state.
Click HERE To Confirm Your ID
Kindly note that you have to confirm your email ID as soon as possible to avoid losing your account data.
Thank You for Being A Loyal GOLDCOAST! Mail User
We hope you enjoy the newest version of GOLDCOAST! Mail.
GOLDCOAST Mail Team
Copyright © 2014 Mail! Inc
If you hover over (without clicking on) the “Click HERE” link in the email above, you will notice that the link isn’t a valid City of Gold Coast web address (note: the link has been changed and the original hacker link blocked).
The “Click HERE” link above was crafted to take unsuspecting users to the following web page, which looks legitimate. It re-uses recent intranet pictures and City of Gold Coast’s logo to gain your confidence, and provides helpful fields for you to fill in to give your username and password to the hackers so that they can gain access to our information:
As with any scam, prevention is your best defence. You should have security controls on your device to reduce the likelihood and impact of malware infections, but no control is 100 per cent effective.
Everybody is responsible for their use of ICT resources. Make sure your computer and anti-virus software is up to date, and back up your important files.
The following tips can help you minimise the possibility of fraud:
- Enable automatic updates for your computer's operating system and applications, including your web browsers, to ensure they remain up to date.
- Install and enable a firewall on your computer before connecting to the Internet.
- Download and regularly use a malware removal program.
- Use discretion and common sense when using the Internet. Don't click on online advertisements/emails or go to sites you think may be untrustworthy.
- Use a SPAM-filtering product to help block fake or virus-related emails. If you receive a spam email, delete it. Do not open email attachments from unknown sources.
- When using social networking sites such as Facebook, Twitter and LinkedIn, never publish personal information such as your date of birth, tax file number (TFN), bank account details, or personal contact details, such as your home address. Remember to customise your security and privacy settings to ensure your profile is only accessible to those you trust.
- Never provide confidential personal information when applying for work online – you should only provide this information to your employer once you commence work.
- Don't share your passwords with others and never reply to emails with your password or other sensitive information.
- Change your passwords on a regular basis – try using one that consists of a combination of numbers, letters (both upper case and lower case), punctuation, and special characters.
If you suspect that you’ve been the target of malware falsely identifying City of Gold Coast, please contact us.
Visit the Australian Government StaySmartOnline website for further information.