Phishing, fakes and protecting yourself from fraud

Phishing is the sending of fraudulent messages to try to steal confidential information.

It’s the number one tactic criminals use to steal personal details or breach organisations. 

Phishing –and its lesser-known relations vishing, smishing and quishing – are also among the most common types of scams reported in Australia.

Phishing messages are often sent by email. Other types of phishing may include:

• SMS
• Social media
• Instant messaging platforms
• Phone calls.

Phishing messages aim to trick people into sharing personal information, such as:

• Login details, such as usernames or passwords
• Banking information
• Credit card details
• Personal identifiers, such as your name and date of birth.

Sometimes they do this by making you think these messages are from trusted organisations, such as the Australian government, technology companies, utilities and other brands known to people.

They may invite you to click on malicious attachments or links to fake websites. Or they may ask you to share personal details.

Phishing may also include:

• fake online stores selling non-existent products,
• fake videos of celebrities or other people created using AI;
• false reports of emergencies asking you to click a link to learn how to protect yourself, and
• emails purporting to explain how to access government benefits and payments. 

Once they have your details, they may be able to access your accounts, steal your money, impersonate you, or use your information to breach the security measures of your place of work. 

While phishing usually involves fraudulent emails and fake websites, criminals use many ways to try to trick you, including:

• Vishing: making fraudulent voice calls or leaving voicemails to trick you into revealing personal details before you’ve had time to think about it.
• Smishing: using fake text messages to deceive you into sharing personal details or clicking on links to malicious websites.
• Quishing: malicious QR codes that trick you into visiting a fake website and sharing your personal information or downloading harmful software onto your device. 

Identifying these messages can be very difficult, as they often look authentic at first glance. Some red flags include:

• Urgent requests to click on malicious links and attachments – always hover over links to reveal the true source.
• Requests to share personal details or login details.
• Offers of, or requests for, money.
• Sender addresses that differ from other sender addresses from that organisation.
• The use of ‘gmail.com’ or other personal email domains.
• Website addresses that are unfamiliar or slightly different from an organisation’s main website.
• Social media accounts with slightly different account names from authentic accounts you may usually follow.

Just as you wouldn’t cross a street without looking both ways, it’s important to be vigilant. Other things to remember include:

• Think before you click on a link – how does the correspondence make you feel? Cyber criminals use social engineering tactics to elicit fear, make you panic and act quickly, and prey on your natural curiosity and desire to be informed or helpful.
• Don’t provide personal details over text messages or email links, or when someone contacts you.
• Contact the organisation directly using details from their official website.
• Report phishing attempts.