Go to top of page

Fed up with phishing?

21 November 2018

Would you ‘click here’ and enter your bank account or credit card numbers, passwords or date of birth because you received an email or text that looks like it’s from a bank or government department?

If you answered ‘yes’, there’s no need to feel ashamed. Cybercriminals are tricking more and more of us into sharing our most sensitive information. It’s the most common type of scam reported in Australia, according to the latest data.

It’s easy to be tricked if you’re not aware of the techniques being used against you. These phishing scams are designed to look genuine. You may be contacted by email, social media, phone call or text message by a scammer pretending to be from a company or organisation.

‘Phishing campaigns can pretend to be from government services such as myGov or from various Australian financial institutions’ the Head of the Australian Cyber Security Centre (ACSC), Alastair MacGibbon, said.

The messages are made to look real by the scammer who copies the logo and format of a legitimate organisation. They will take you to a fake website that looks like the real deal, but has a slightly different address, and then capture your personal information.

‘Phishing might be the most common scam reported in Australia, but we can all get smarter online and better protect ourselves, and there are steps you can take to protect yourself too.’

‘The first step is to be aware. The second is to do something about it,’ Mr MacGibbon said.

Attempts are also made to compromise businesses through targeted phishing attacks. Small businesses in particular are targeted by themed phishing emails from contractors whose systems have been compromised.

Protect yourself from phishing

  • Don’t click on links or open attachments in emails or messages you weren’t expecting.
  • Don’t provide personal information to unverified sources.
  • Before opening an email, consider who is sending it to you and what they are asking you to do.
  • If you’re unsure, call the organisation you suspect the message is from, but remember to use contact details from a verified website or other trusted source.
  • Remember that reputable organisations locally and overseas – including banks, government departments, Amazon, PayPal, Google, Apple, and Facebook – don’t call or email to verify or update your personal information.

If you feel a message you have received is a fake, here are some ways to verify the message:

  • Read the message carefully, looking for referenced tracking or customer account numbers, attachment names and sender details. You can also hover your mouse over hyperlinks without clicking to see full web address.
  • Google the extracted information to see if others have reported it as malicious.
  • Call the organisation that appears to have contacted you and check the details or the request. Remember to get the contact details from your own search of the verified website.
  • Use other methods such as the organisation’s mobile phone app, web site or social media page to verify the message.

Recover from and report scams

  • Change any passwords you have revealed, and activate two-factor authentication wherever possible for extra protection.
  • Inform the organisation the scammer pretended to be from.
  • Contact your bank immediately if you’ve sent money or personal banking details to a scammer.
  • If you believe your personal information has been put at risk, IDCare is Australia and New Zealand’s national identity and cyber support service and is available on 1300 432 273.
  • Report scams to the Australian Competition and Consumer Commission’s Scamwatch to help protect your friends, family and workmates.
  • If the phishing has led to a crime, file a report with Australian Cybercrime Online Reporting Network (ACORN).

For more advice about the latest threats and how to protect yourself online, sign up to the free Stay Smart Online Alert Service.