Would you give your credit card to a stranger?
What would you do if a stranger on the street asked for your date of birth, address and credit card details? Chances are you would keep on walking. Yet so often unsuspecting victims hand over their personal information to scammers without even realising.
Phishing scams are one of the most common types of scams and they don’t target just one group. The goal is to trick you into believing a story (or scam) so that you hand over your personal information or money.
Think of phishing scams like fishing. The scammer, just like a fisherman, casts a baited hook far and wide looking for a bite.
In this article:
- How do phishing scams work?
- Warning on coronavirus scams
- How to spot a scam
- How to protect yourself
- What to do if you have been scammed
How do phishing scams work?
A scammer contacts you and pretends to be from an organisation that you know like a bank, internet service provider or a government agency. The scammer’s main goal is to trick you into either sending them money or giving them your personal information like your credit card details, or banking username and passwords.
The majority of phishing scams are sent via email, however scammers also make contact via text message and phone calls. The emails and text messages normally ask you to click on a link that takes you to a fake website or form, or they ask you to open an attachment that can download a virus or malware.
Scammers use different reasons to explain why they need your details. For example, they may tell you:
- There is unauthorised or suspicious activity on your account.
- You have been locked out of your account and need to reset your username and password.
- You need to update or confirm your personal details for their records.
- You need to make a payment.
- You have won a prize, but you need to pay a fee or fill out a survey to receive the prize.
When a phishing scammer first contacts you, it’s very likely they don’t have any information about you and they probably don’t even know whether your email address or phone number even work. They just hope that at least one of the thousands of people they contact hands over the information they’re after.
How to spot a scam
Phishing scams are designed to look and sound real, but there are some common signs you can look out for to help you spot a scam, including:
- Asking for personal information. The message asks you to click on a link (or button) to enter your credit card details, passwords, account details, or other personal information.
- A sense of urgency. The message or caller tries to scare you into taking immediate action. For example, if you don’t verify your details, they will lock your account, or if you don’t send them money they will report you to the police.
- Generic or no greeting. The message uses a generic greeting like ‘Dear customer’ or ‘Hi’ or no greeting at all. Large organisations you have a relationship with will always address you by your name.
- The sender’s email address. The email appears to be sent from a legitimate organisation but when you look closer at the actual email address, it contains strange numbers or doesn’t match the name of the business it claims to be from.
- Link takes you to a fake website. The web address listed in the message doesn't look like the one you normally use. For example, your bank's official address may be mybigbank.com.au but the link takes you to mybigbank.com instead. You can check where a link will take you without clicking on it by placing your mouse cursor over the link or button in the email (remember not to click!).
- Unusual payment requests. Generally speaking, any message that asks you to send money via a preloaded debit card, bitcoin, iTunes gift card or any other type of gift card for that matter, is a scam.
From: Apple ID <firstname.lastname@example.org> Date: 31 January 2020 at 1:43:32 am AEST To: email@example.com Subject: Re: Alert: [Ticket ID 37596736] Your Apple ID has been locked on Thursday, January, 30 2020
Apple ID Locked
Your Apple ID has been Locked
for security reasons. Thursday, January, 30 2020 , To unlock it you
must verify your identity.
You cannot access your account and pay any Apple Services, Before completing verification, and you have to completing verification before 12 hours or your account will be permanently locked.
Fig. Example of a real phishing email claiming to be from Apple that asks the reader to verify their details.
How to protect yourself
There are a number of things you can do to help protect yourself against falling victim to a scam:
- Pay close attention when you read a message or speak to an unexpected caller. What are they asking you to do? Does it sound right to you?
- Don’t click on links that ask you to update or verify your personal information no matter how urgent or official they sound. Banks and other large organisations like Apple, Telstra, Netflix etc, will never send you a link to enter all your details.
- Don’t open attachments in suspicious emails claiming to be from your bank, telco provider, or a government agency, especially if the file name ends with ‘.exe’.
- Check the sender’s email address. Does it look right? There may be some instances where scammers can make an email address look more official so be sure to check the rest of the email for other clues that tell you it’s a scam.
- In general, don’t provide your bank or credit card details to anybody who calls you unexpectedly even if they say they want to ‘confirm’ the information is correct.
- Keep in mind you can’t win a prize without entering a competition and legitimate organisations will never ask you to pay a fee to receive a ‘prize’.
- Don’t be afraid to hang up on a caller who is pressuring or threatening you.
- If you’re not sure about a message, ask a friend, or contact the company it claims to be from using the contact details from their official website (don’t use the contact details provided in the message).
- Do a search online to see whether there are reports of it being a scam. Type in some key words such as the name of the organisation and the word “scam”, or the general subject of the matter.
What to do if you have been scammed
Getting caught up in a scam can happen to anyone so don’t be embarrassed or afraid to reach out for help.
Where to go for help if think you have been scammed:
- If you have given scammers your banking or credit card details contact your bank immediately (search for their number online, don’t use the number provided in the message). You may be able to reverse a payment or stop any further payments.
- If you have given scammers your personal information, change your passwords for all your banking and other important accounts.
- Contact IDCARE on 1800 595 160 or www.idcare.org. They offer free support to people who have been scammed and their Cyber First Aid Kit can help you understand what’s happened or work out how to treat a problem.
- Report scams to Scamwatch to help warn others about scams.
- For more information, take a look at Scamwatch’s advice on where to get help and protecting yourself from scams.