With malicious online activity on the rise, it pays to have a ‘be sceptical’ mindset when reviewing all messages.
Phishing is a term used to describe a fraudulent email and messages sent by someone to steal confidential information – such as online banking logins, credit card details, business login credentials, passwords/passphrases. These messages are sometimes called ‘lures’ and are becoming increasingly more difficult to spot.
Phishing messages often pretend to be from a large organisation or person you trust and can be sent via email, SMS, instant messaging or social media platforms. They often contain a link to a fake website where you are encouraged to enter confidential details.
Once details are obtained, they can be used by criminals to steal data, gain access to bank accounts and hold organisations or individuals to digital ransom.
It pays to have a ‘Be sceptical’ mindset when reviewing all messages, and the Australian Cyber Security Centre provides these tips on how you can protect yourself and avoid getting caught.
- Don’t click on links in emails or messages, or open attachments, from people or organisations you don’t know.
- Be especially cautious if messages are very enticing or appealing (they seem too good to be true) or threaten you to make you take a suggested action.
- If a message seems suspicious, contact the person or business separately to check if they are likely to have sent the message. Use contact details you find through a legitimate source and not those contained in the suspicious message. Ask them to describe what the attachment or link is.
- Before you click a link (in an email or on social media, instant messages, other webpages, or other means), hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognise or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video, or webpage without directly clicking on the suspicious link.
- Use a spam filter to block deceptive messages from even reaching you.
- Understand that your financial institution and other large organisations (such as Amazon, PayPal, Google, Apple, Facebook and others) would never send you a link and ask you to enter your personal or financial details.