Know how to spot phishing

Phishing is one of the most common forms of cybercrime.  Think before you click to reverse the threat of cybercrime.

Black Sadbath Australian tour

What is phishing?

Phishing is a way that cybercriminals attempt to steal your information – such as online banking logins, credit card details, business login details or passwords – by sending fake messages.

These fake messages often pretend to be from a large organisation you trust and can be sent via email, SMS, instant messaging or social media platforms. They often contain a link to a fake website where you are encouraged to enter your personal details.

Because of phishing, many companies now have a policy that they will not call or email to ask you to update or verify your personal details, such as passwords, PINs, credit card information or account details. They will not call you out of the blue to request payment over the phone, for a fine or bank transfer for example.

How to identify phishing

If it sounds too good to be true, you’re not expecting the message or something just doesn’t feel right, it might be a phishing attempt. Here are some simple checks:

  • Check the sender and website information. Cybercriminals use small differences to trick you. For example, if your bank’s website is, the phishing message could:
    • Use a website with a different domain (,
    • Replace letters with numbers so that it looks similar (
    • Change the sender information (the sender address shows your bank but if you click on 'more info', you’ll see a completely different address)
  • The company doesn’t address you using your name or the personal details that are usually included are wrong or missing
  • There are spelling errors or strange formatting
  • The logos used are out of date

How to protect yourself from phishing?

  • Be wary - don’t click on links in unexpected emails or messages from people or organisations you don’t know
  • Be especially cautious if messages seem too good to be true or threaten you to make you take a suggested action
  • If a message seems suspicious, contact the person or business to check if they are likely to have sent the message. Make sure you use contact details you find through a legitimate source and not those contained in the suspicious message
  • Before you click a link, hover over that link to see the actual web address it will take you to
  • Be cautious of links shortened using URL shortening services, like or, that can hide the real destination of a link
  • Use a spam filter to block deceptive messages from even reaching you
  • Download fact sheets translated into your language:

Stay up to date

What to do if you’ve revealed your personal information

  • If you think you’ve entered your credit card or account details into a phishing site, contact your bank immediately
  • You can report phishing scams to the Australian Competition and Consumer Commission’s Scamwatch
  • If you think you’ve been the victim of identity theft, act quickly. For advice contact iDcare on 1300 432 273 or use their free Cyber First Aid Kit on their website to help you work out what to do