How to recognise and avoid Phishing Scams

Phishing Scam

What is Phishing?

Phishing is a tactic used by Cyber-Criminals to lure you into providing your personal information such as  account details, passwords or credit card number through deceptive emails and websites.

Scammers have been using this tactic for a while now with phishing attacks first noticed in Australia as far back as 2003. Since then the sophistication and success rates have increased dramatically. As computer networks have beefed up there security over the years, scammers have turned their attention to a general weak spot, humans. 90% of successful network breaches are caused by user error.

A large number of online security breaches start with a fake email. If scammers aren’t baiting you into handing over information willingly they are luring you to click a link to install malicious software on your device (malware and ransomware).

Commonly copied brands and services include banks (requesting you to update details), postal services (fake parcel pick up scams), online services such as Netflix, eBay (asking you to update payment details). Even government services and law enforcement (speeding infringements and council fines).

Pronounced like fishing, these attacks can contact you via email, telephone or text message and may seem very legitimate. A phishing email may look exactly the same as an email from a trust worthy company. There are some key things you can look out for.

What to look out for..

Here are a few clues to be aware of

  • As they may not know your name the recipient to the email will be vague eg- dear valued client/customer
  • The email isn’t  addressed to you directly
  • The email address from sender does not match the company it claims to be or contains spelling errors
  • The message has urgency , asking for you to update or complete immediately
  • You aren’t expecting this email or message – you may not even be an existing customer
  • Emails scaring you into believing your computer has been compromised already
  • Any email asking for username, pin secret questions or bank details (most companies will not ask for this via email)
  • Spelling error and inconsistencies

What can you do to prevent yourself from falling victim to an attack?

Slow Down

Take a few extra seconds to read who the email is from and check for any spelling errors or inconsistencies

Be Alert

If you don’t know who the sender is, or it’s a company you haven’t dealt with before be suspicious. If it is from someone you do know and it looks unusual reach out to them and confirm the legitimacy.

Before you click a link, hover your mouse over the link itself, revealing the actual address it will take you too. If you don’t trust the address try typing the keywords into a web browser instead of clicking the link

Use Multifactor authentication.

Multifactor or 2FA can help safeguard you if your accounts and passwords have been compromised, you can learn more here.

Use email spam filters.

Email filters like Proofpoint help eliminate most phishing attacks before they hit your inbox. Make sure your filters are set to a high level.

Have a good backup policy

While a backup won’t prevent you from an attack it is a safeguard. Furthermore, if you fall victim to ransomware and malware attacks it allows you to revert your data back to a time before it was corrupted.

What can you do if you think you have revealed confidential information or installed malware?

As we mentioned earlier phishing attacks have become more and more sophisticated. If you do fall victim you are not alone and it can happen to pretty much anyone.

f you think you have passed on any banking details such as credit card information, contact your bank immediately.

Report the scam to your IT department or managed service provider immediately. If it is your personal computer try running a good antivirus and if that is unsuccessful restoring from a backup before the event took place.

Change any passwords to the account you think may have been compromised, hopefully you aren’t using the same password for multiple accounts, if so you’ll need to change those too. You can learn about good password hygiene here.

Report the scam to the ACCC and to the company that was misrepresented. While they may not guarantee to get any financial losses back, you can assist prevent future victims.