Rules for Online Functioning:
1. Never click on an email link. Never. Not ever. Never. If you have it set in concrete that you should NEVER NEVER NEVER click onto an email link, even if the email looks legitimate, you'll have learned a very important method of protecting yourself.
2. Always open a new browser window and type in the exact URL of the site of your online banking or ATO's site or whatever it is. Always. Always Always Always. Check the phone directly for the URL if you don't know it. Don't fall for the trick of typing in an address that looks legitimate but is not. Go to the source, not an email.
3. Don't ever act quickly when you're being promised something by a bank or the government, etc. Don't. If you're being hurried into a decision, you need to be aware that this is a classic scammer tactic designed to make you react without thinking. Do not feel hassled into a quick decision. You can phone the government department or bank directly during working hours for confirmation of any offer, and if you're being offered something that requires your decision outside of working hours, think of it as a red alert button going off in your mind. It may very well signal a fraud in progress. And when it comes to such offers, you should really...
4. ... see your legal or financial adviser before making a commitment, entering your details, signalling any interest, etc. Print out the email or website information, write down the exact URL and email addresses in the email (hover over the link with your mouse, but DON'T CLICK - this will show the URL or link information in the bottom left of your screen), and take all the information with you.
5. Assume that every email is a scam or spam, so that the email has to prove itself to you in terms of being legitimate.
Write down all the points which the email has to pass, and tick each point as the email passes the test. Then STILL don't click onto any links in the email, because even if the email is legitimate, many emails LOOK legitimate but aren't, and rule one is "Never click on an email link. Never. Not ever. Never."
And by that, I mean NEVER.