Plenty of Phish: how to recognise and deal with phishing scams

Updated: Mar 17, 2021

What is Phishing scam email?

According to the Australian Cyber Security Centre, "phishing is a way that cybercriminals steal confidential information, such as online banking logins, credit card details, business login credentials or passwords/passphrases, by sending fraudulent messages (sometimes called ‘lures’)."

Source: ACSC |

What do Phishing scam emails look like?

Phishing emails "can be sent via email, SMS, instant messaging or social media platforms. They often contain a link to a fake website where you are encouraged to enter confidential details. The reason Phishing emails are so effective is because they often pretend to be from large organisations you trust. "

Phishing emails used to be easier to spot owing to their crude use of intellectual property they were imitating, as well as other giveaways like bad grammar and obviously suspicious links. Today, they have become increasingly sophisticated and often appear far less suspicious.

an example of a phishing scam email we've received
an example of a phishing scam email we received

Which brand/company/agency names are used in Phishing scams?

The ACSC lists the following:

· "state and territory police or law enforcement (fake fine scams)

· utilities such as power and gas (fake bills and overdue fines)

· postal services (parcel pick-up scams)

· banks (fake requests to update your information)

· telecommunication services (fake bills, fines or requests to confirm your details)

· government departments and service providers such as the Australian Taxation Office, Centrelink, Medicare and myGov."

What do legitimate companies/agencies do about Phishing scams?

"Because of phishing, it is now standard policy for many companies that they will not call, email or SMS you to:

· ask for your user name, PIN, password or secret/security questions and answers

· ask you to enter information on a web page that isn't part of their main public website

· ask to confirm personal information such as credit card details or account information

· request payment on the spot (e.g. for an undeliverable mail item or overdue fee)."

Source: ACSC |

How to protect yourself from Phishing scam attempts?

The ACSC recommends you take the following steps:

· "Don’t click on links in emails or messages, or open attachments, from people or organisations you don’t know.

· Be especially cautious if messages that "seem too good to be true" OR threaten you to make you take a suggested action.

· Before you click a link (in an email or on social media, instant messages, other web pages, or other means), hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognise or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video or web page without directly clicking on the suspicious link.

· If you're not sure, talk through the suspicious message to a Beyond Abilities Manager.

· Use a spam filter to block deceptive messages from even reaching you.

· Understand that your financial institution and other large organisations (such as Amazon, Apple, Facebook, Google, PayPal and others) would never send you a link and ask you to enter your personal or financial details."

What to do if you think you have revealed confidential information?

If believe you have revealed any of your financial information to someone who shouldn't have access to it, immediately inform your bank or financial institution. If any sensitive company information has been revealed, report it to your manager.

The ACSC states that you can also "contact IDCare on 1800 595 160 or via for support if you believe your personal information has been put at risk."