Phishing is a way that cybercriminals steal confidential information such as online banking logins, credit card details, business login credentials or passwords/passphrases, by sending fraudulent messages (sometimes called ‘lures’).
Stolen passwords, codes, names, machine addresses and personal data give access to identities which allow the theft of information or install malware.
Spam or Phishing emails elicit private information from unknowing victims differently. One ploy alerts the victim to a faked attempt to enter his computer; another asks for information to complete a required document and a third may pose as an invoice for unpaid purchased goods.
These deceptive messages often pretend to be from a large organisation you trust, to make the scam more believable. They can be sent via email, SMS, instant messaging or social media platforms. They often contain a link to a fake website where you are encouraged to enter confidential details.
Business brands that are commonly copied include: state and territory police or law enforcement (fake fine scams), utilities such as power and gas (fake bills and overdue fines), postal services (parcel pick-up scams), banks (fake requests to update your information), telecommunication services (fake bills, fines or requests to confirm your details), and government departments and service providers such as the Australian Taxation Office, Centrelink, Medicare and myGov.
The Australian Cyber Security Centre provides the following advice on the best way to protect yourself from phishing attempts:
To stay abreast of current threats, be cautious online and take steps to block malicious or unwanted messages from reaching you in the first place.
Take the following steps to protect yourself from phishing attempts:
- Don’t click on links in emails or messages, or open attachments, from people or organisations you don’t know.
- Be especially cautious if messages are very enticing or appealing (they seem too good to be true) or threaten you to make you take a suggested action.
- Before you click a link (in an email or on social media, instant messages, other webpages, or other means), hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognise or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video or webpage without directly clicking on the suspicious link.
- If you’re not sure, talk through the suspicious message with a friend or family member, or check its legitimacy by contacting the relevant business or organisation (using contact details sourced from the official company website).
- Use a spam filter to block deceptive messages from even reaching you.
- Understand that your financial institution and other large organisations (such as Amazon, Apple, Facebook, Google, PayPal and others) would never send you a link and ask you to enter your personal or financial details.
- Use safe behaviour online. Learn how to use email safely and browse the web safely.
- Stay informed on the latest threats – sign up for the ACSC’s Alert Service. You can also find information about the latest scams on the Australian Government’s Scamwatch website.
For more information on scam and phishing threats visit https://www.cyber.gov.au/acsc/view-all-content/threats/phishing
If you require assistance with your cyber security setup please give us a call on 1300 796 246 or fill out the form below.