How to spot and help prevent phishing

What is phishing?

Phishing is a type of cyber-attack where scammers attempt to trick individuals into giving away their personal or financial information.

In a typical phishing attack, scammers might create fake emails, text messages, or websites that appear legitimate. They might use logos, branding, or other elements to make the communication look like it's coming from a trusted source, such as a bank, a financial institution, or social media platform.

Normally, the goal of the attacker is to convince the recipient to click on a link, download an attachment, or give over their personal or financial or sensitive information.

Types of phishing attacks

Wondering how to prevent phishing? First, it’s important to understand what it might look like.

Phishing scams can attack a general audience (spam phishing) or target a specific group or individual (spear phishing). Within these two categories, there are different types of phishing attacks that scammers might use.

Here are some to be aware of:

• Email phishing: Fraudulent emails appear to be from a legitimate source, asking the recipient to click on a link or provide personal information.
• Smishing (SMS-phishing): Scammers use text messages to trick individuals into clicking on a link or providing personal information.
• Vishing (Voice-phishing): Like smishing, scammers use phone calls to convince individuals to providing personal information or clicking on a link.
• Website spoofing: This is when fake websites look like legitimate ones to trick individuals into providing personal information.
• Clone phishing: Scammers create a fake but identical copy of a legitimate email, then send it from a similar-looking email address, asking the recipient to click on a link or download an attachment.
• Social media phishing: This happens when scammers create fake social media accounts, then send phishing messages to their contacts.

Want to know how to identify phishing attacks and avoid falling for their bait? Read on to learn more.

How to spot phishing

Some phishing scams claim to be from someone you know, while others pretend to be from a reputable business or charity. They often threaten to send a debt collector to your house if you don't transfer money to them or supply your personal information. Alternatively, they may claim you have a tax refund waiting, requiring you to click on a link — which then might release a virus or malware that can infect your computer.

The good news is there are ways to help spot and prevent a phishing attack, including:

• The use of strong passwords and two-factor authentication
• Anti-phishing software
• Keeping existing software and systems up-to-date

You also need to stay vigilant. This involves looking for particular traits in the messages you receive, such as:

• Taking note of spelling mistakes or poor grammar
• Checking the sender's address to ensure it's legitimate
• Avoiding websites where the URL doesn't have a padlock or 'https' at the start

Another red flag is if a message contains a sense of urgency. Typically, phishing scams might give you just a few short hours to respond to their message, instilling fear and making you feel that you must act quickly.

Ways to protect yourself and help prevent phishing

Have you asked yourself, “How can I avoid spear phishing?” In short, it's important to make security a priority.

Below are some additional steps that can help answer the question of how to avoid phishing attacks:

Avoid clicking on links and check senders

Never click on a link in a message, even if it looks like it's from someone you know.

Software updates

Updating your software is one of the best ways to protect your data, as updates typically include new and enhanced features that can address real-time security issues. Make sure to update the software on your mobile phone and your laptop and desktop computers. It’s also a good idea to change your password regularly.

Multifactor authentication

Many organisations like banks and healthcare services offer multifactor (or two-step) authentication to access their app or platform. If you're offered this option, take it up. While it adds an additional step, it could help you avoid being targeted by phishing scammers.

A common form of two-factor authentication is when a company sends a one-time passcode to a mobile phone which needs to be entered before signing in.

What to do if you suspect a phishing attack

If you think you are a victim of a phishing scam, it's important to act fast to help minimise the damage.

• If you've provided personal information about an account you use, change that password right away.
• If the details you've provided are financial, let your bank and credit card provider know immediately.
• If you've sent money to a scammer, consider contacting the police immediately.

• Report the attack to the Australian Competition and Consumer Commission Scamwatch page.

As with many organisations, some phishing scams might involve fake PayPal messages. If you’re not sure whether an email is fraudulent, avoid clicking on any links. Instead, open the PayPal app or log in to PayPal online to see if the same message is in your account.

Looking for more answers on how to avoid phishing scams and securely shop online? Learn more about the importance of online security and reporting fraud.