Protecting yourself from phishing scams


Close lesson
You have completed 0%

Protecting yourself from phishing scams

Hacker holding a mask in front of him

What's coming up?

In this activity, you’ll learn how to avoid phishing scams by keeping a few things in mind. While there are technical ways to tell if an email or text message is a scam, it’s more important to be wary of unsolicited offers and certain kinds of requests.

Start activity
Confused female thinking

Phishing scams rely on inattention and curiosity

When you receive an unexpected email or text message, it’s natural to be curious about the content. If an email says you need to change your bank password, it’s understandable that you might click a link right away, because your password security is important.

But if an email seems strange or a message feels a bit off, it’s better to assume it’s a scam.

A suspiciuous email containing a link

Never click links in unexpected messages

An effective way to avoid phishing scams is to never click links in a text message or email you have received unexpectedly.

If an email seems to be from a friend you usually trust, don’t reply to the email, but contact them directly and check.

Institutions never ask for your password

Because of the prevalence of phishing scams, institutions such as your bank and government services will never ask for your password in an email or text message. Any communication you receive that asks for your password is almost certainly a scam.

A scam message requesting your password
a locked padlock

eSafety tip

When your bank or similar institution does need you to change your password, you will receive an email asking you to visit the bank’s official website. To be extra safe, don’t click any link in this email, but instead type the official web address in your web browser’s search bar yourself.

A scam email contining an image

Look out for emails that are a single image

When a company sends you an official email, it may include a mix of images (such as company logos) and text.

If an email is just one big image with text printed on the image, it’s likely that the email is a scam. The image probably hides a link, so it’s important to avoid clicking on the image.

Spotting fake websites

Scammers can design a web page to look nearly identical to an official web page, but this website will often have an address (or URL) that’s different to the official web page.

A scammer might use a slightly misspelled version of the web address or add some extra things before or after. For example, an official address such as might be changed to

Always check the address when you visit an official website.

Comparing legitimate and scam URLs
a locked padlock

eSafety tip

Scammers are becoming more sophisticated and sometimes its very difficult to tell when a web address is fake. As well as checking the address, you should also look out for other warning signs, such as:

  • Poor grammar
  • Requests to call a mobile phone number
  • Requests to provide your log in details in an unusual way
Tapping a link on a mobile device with a red cross through the image

Never tap a link in a text message

While it is possible for a link in a text message to be harmless or legitimate, it’s best to be on the safe side and never tap any link you receive via an SMS.

Links in text messages are one of the most common kinds of phishing scams, so it’s safer to always go to the official web page yourself instead.

hacker in an envelope holding a mask

Well done!

This is the end of the Protecting yourself from phishing scams activity. You’ve learned that’s it’s safer to be suspicious of unexpected emails and text messages. You also learned how to identify fake emails and websites.

In the next activity, you can find out how to Report phishing scams and update your details.