Online scams target people of all backgrounds, ages and income levels, and phishing emails are one of the most common methods used by cybercriminals to entice you to hand over your personal details. Even if you know your way around the web, it’s easy to fall victim to one of these scams. Here’s what you need to know about recognising a phishing email and how to protect yourself from a phishing attack.
What is Phishing?
Phishing (pronounced fishing) scams are designed to trick you into providing personal details to cybercriminals. The email, SMS, instant message or phone call will usually appear to come from a large organisation or one that you know and trust, and you will be asked to provide information such as:
- online banking details
- credit card information
- passwords & usernames
- business login data
Some phishing scams are highly targeted towards businesses and are known as whaling or spear phishing scams.
How to Recognise a Phishing Email
Phishing emails will usually contain a few telltale signs. These are the most common features of a phishing scam.
- The sender’s address is unusual or spelt differently from the organisation’s normal email address.
- The email does not address you by your proper name. It may also contain spelling and grammatical errors.
- The email asks you to click a link or reply with personal information. Legitimate businesses will never ask for your credit card details or passwords in an email.
- There are no valid contact details in the email. Legitimate businesses will always provide a phone number and postal address when communicating with you.
Even tech-savvy people can get caught out by phishing scams. Take this quiz from the ACSC (Australian Cyber Security Centre) to see if you can spot a phishing scam.
Phishing Email Examples
Below is an example of a fraudulent email from someone pretending to be Australia Post. Once you click the link, you will be taken to a fake Australia Post website which is designed to steal your personal and financial information.
How Do I Report a Suspicious Email?
Cybercriminals never rest, and there are dozens of phishing scams active in Australia at any one time. Scamwatch is a website run by the Australian Competition and Consumer Commission (ACCC) and provides information to consumers and small businesses about how to recognise, avoid and report scams.
Unfortunately, Scamwatch can’t help you track down a scammer or recover money lost to a scam. However, they can tell you where to get help if you’ve given out your personal details to a scammer or lost money to a scam.
How to Stop Phishing Emails
Spam filters and secure email gateways provide some level of protection against phishing emails. However, the most effective way to protect yourself is to be aware of the signs of a fraudulent email and double-check everything. We recommend the following measures.
- Never click on a link or open an attachment in an email claiming to be from a bank or other trusted organisation. Delete the email immediately.
- Never provide any personal details or financial information in an email claiming to be from a bank or other trusted organisation.
- Check the Scamwatch website and conduct an internet search for the names and exact wording of the addresses in the email.
- If in doubt, call the organisation or bank.
- Look for the secure symbol. Legitimate websites that ask for your personal and financial information will use ‘https’ instead of ‘http’ and/or have a closed padlock in the address bar of your browser.
- Report phishing scams to the ACCC.