The current COVID-19 pandemic has given way to a significant spike in scams, where scammers are taking advantage of consumer fears and using fake emails or text messages to try and obtain personal data. For the latest coronavirus-themed scams, please visit the Government Scamwatch website here.
The average phishing scam costs individuals around $2400, according to Scamwatch 2018 data.1 The good news is, if you know how to spot them, you can avoid falling victim..
In 2018, Australians lost over $930,000 to phishing scams alone, a 15% increase on 2017.1
Spam and phishing scams are on the rise, but we can all play a part in staying safe online.
Know your spam from a scam
Every day, you’re likely to receive Spam – eletronic junk mail. These are emails or SMS messages offering goods or services. They may be annoying, but they’re not always a scam.
Emails or text messages advertising fake products, cheap products, offers of prizes or get rich quick schemes or impersonating legitimate organisations are scam messages. They are usually sent to a large number of people at once, and their objective is to get you to disclose information that can be used to take your money or steal your identity.
A common scam involves demanding gift card payments for non-existent bills, such as tax ‘owed’ to the ATO. In 2018, Australians lost $3.1million just by making payments to scammers with iTunes cards.2
Currently, coronavirus-related scams are on the rise. These include selling products claiming to be a vaccine or cure to obtain your personal data, or phishing emails and calls impersonating official businesses like the World Health Organisation. Learn more here.
What is phishing?
Phishing (pronounced ‘fishing’) is a scam designed to trick you into giving out your personal information, such as address, bank account and credit card numbers and passwords.
Usually these messages pretend to be from a legitimate business, such as a bank or other service provider. They will urge you to click on a link or download an attachment.
The links will take you to fake websites that look very similar to the ones they’re copying, but are designed to get your personal information by encouraging you to complete application forms or surveys.
Attachments in these emails contain viruses or other forms of malicious programs that can infect your computer.
While phishing is usually sent via email, phishing can also occur via SMS (SMishing) or over the phone as part of a more sophisticated scam. SMS scams are on the rise with almost 6,000 reported to Scamwatch in 2018.1 No Matter how you received the message, think twice before clicking any links.
How to spot phishing email attacks
There a number of signs that indicate that a message may be a scam. Using the example below, some things to watch out for include:
- Unexpected contact/sender address
If you receive an email or SMS you were not expecting or it’s from an unknown sender, you should be suspicious. Check the email address it has come from. If it does not match the sender details – it’s likely a phish.
- Impersonal greeting
As phishing messages are sent to a lot of people at once, they usually lack a personalised greeting. If there is no greeting or the greeting is impersonal, you may be looking at a scam.
- Incorrect spelling and grammar
While not always a tell-tale sign, look out for spelling and grammar mistakes in unsolicited emails and messages.
- Unfamiliar attachments
If the email contains an expected attachment, you shouldn’t open them as they may contain malicious software that might infect your computer.
- Too good to be true
A simple rule to follow: if it sounds too good to be true, it probably is. Offers of overseas inheritances and lottery wins are common forms of phishing scams.
- Aggressive manner
Some phishers use aggressive scare tactics, urging you to act immediately. Always be sure the messages is legitimate before taking any action.
- Wrong URL
If there is a link in the email or SMS, don’t click on it. Hover over the email link with your mouse and check that the actual link is the one you would expect. If it looks wrong, it’s probably a fake website.
- Request sensitive information
Some phishing emails are used to ‘mine’ data, and may trick you into providing personal and financial information. Be cautious and if unsure, contact the organisation directly via a phone number from their website.
Tips to protect yourself
There are some simple steps you can take to protect yourself and avoid falling victim to phishing scams.
- Create strong passwords and change them regularly
Yes, it’s hard to remember different passwords for every account and device but this is one of the most important ways to stay safe online. Make sure your passwords are difficult to guess and change them regularly.
- Never give out your details
If you receive a message or call from a bank or other organisation asking for personal details, do not give it to them. Instead, ask them for their name and phone number and then check it’s a legitimate request with the actual organisation before returning the call.
- Check for security
Secure websites use ‘https’ at the start of their URL or display a padlock at the bottom right corner of your browser. Do not enter any personal details on a website without either of these security symbols present.
What to do if you receive a scam message?
If you think you’ve been a target or victim of a scam, report it to the Australian Cybercrime Online Reporting Network (ACORN).
For phishing attacks related to Pepper, or attacks that you think may have compromised your Pepper account, please report it to us as soon as possible by calling Pepper Customer Service on 13 73 77.
Keep up-to-date with the latest scams with these resources:
- COVID-19 (coronavirus) scams
- Australian Competition and Consumer Commission’s Scamwatch
- Australian Government’s Stay Smart Online
- You can also test your Phishing knowhow with this quiz from Google.