Phishing scams

Learn what a phishing scam is, the most common forms of phishing scams, and how to identify them.

What is a phishing scam?

Phishing is when a scammer sends a fraudulent message disguised as something legitimate (such as an email from a friend or your bank). The scam tricks the recipient into giving up personal details, which allow the scammer to access the victim’s finances or personal identity.

These scams can take many forms, including:

Identifying phishing scams

1. Voice call phishing scams

  • Start with a robot call claiming to be from your bank or internet provider
  • Say there has been fraudulent activity or technical problem
  • A live scammer takes over to trick you into giving access to your computer and personal information.

2. Text message phishing scams

  • Start with a text message on your smartphone claiming to be from the government, bank, insurance company or similar
  • Ask you to tap on a web link to fix a problem with your account
  • This takes you to a website that looks legitimate but will give scammers your personal information
  • Some may ask you to call a number instead.

3. Fake web phishing scams

  • Scammers design a web page to look identical to the official page of bank, ISP, or store
  • Site asks for your personal information, which will then be stolen by the scammer.

Fake web scams often use slightly misspelled web addresses. For example, instead of www.squirrelbank.com.au they might use www.squirelbank.com.

It can be difficult to tell when a web address is fake. As well as checking the address, you should also look out for other warning signs, such as:

  • poor grammar
  • requests to call a mobile phone number
  • requests to provide your log in details in an unusual way.

4. Fake email phishing scams

  • Scammers design emails to look like they are from a legitimate company, institution, or friend
  • These include a link to a fake web page, or a number to call, where you’ll be speaking to a scammer.

5. Calendar invite phishing scams

  • Scammers send a calendar invite, which gets added automatically as an event in your calendar
  • When the day of the event arrives, you get a notification that includes a link
  • The link takes you to a fake website or installs malicious software.
Smartphone web browsers often won’t show the full web address (or URL) of a site. This lets phishing scams make a site look legitimate but have a different address. Don’t tap on any link in a text message.

How to protect yourself against phishing scams

All phishing scams rely on inattention or natural curiosity of the victim. Always remember:

  • Never click links in unexpected emails or social media messages
  • Never tap a link in a text message on your mobile device
  • Institutions (banks, government, utilities) never ask for your password in an email or text message
  • Be suspicious of emails that have no text, just a single image instead
  • Always check the address when you visit an official website.

What to do if you are scammed

It’s all too easy to get scammed, and it’s important not to be embarrassed but act quickly to protect your finances and identity:

  • Contact your financial institutions to change your passwords and cancel/reissue credit and ATM cards
  • Change your important passwords such as your main email address and the password/passcode you use to sign into your computer
  • Visit the IDCARE website at www.idcare.org and click the Get Help for Individuals button or call IDCARE on 1800 595 160
  • Report scams to the ACCC’s Scamwatch service at www.scamwatch.gov.au/report-a-scam. This web page includes a form you can fill out and also provides links and information on how to get help.