Finder makes money from featured partners, but editorial opinions are our own.

How to identify a phishing scam

If you get an email or message from a new or unfamiliar sender, it could be a phishing scam. Here's how to stay safe.

Phishing is a type of scam that aims to trick people into sharing personal details so it can be used for fraud. Phishing messages look like they're from legitimate sources and can come through emails, phone calls, text messages or even social media channels.

Here's a look at the the warning signs and what you can do to stay safe.

How to spot a phishing scam

Generally, scammers will pose as a friend, a bank or another trusted organisation in order to trick or scare you into responding or providing details. But there are often signs that these messages are fraudulent, including:

  • Unofficial email addresses. Emails from official institutions are usually sent from that institution's server. For example, a message from the government should come from a ".gov.au" address. So, always check the address the message has been sent from to see if it matches legitimate correspondence that you've had before.
  • Suspicious links or attachments. Never follow links to a third-party website from an email or other message. Go straight to the official website or all the organisation involved. Don't download or open attachments unless you're absolutely certain of what they are.
  • Urgent demands for payment or information. Scammers will often create a sense of urgency to trick you into doing things you wouldn't normally do. If the email contains threats, demands immediate action or asks for your personal information, don't trust it.
  • Poor spelling and grammar. Less sophisticated scams are more likely to have typos and grammatical errors than legitimate correspondence from a bank or other official organisation. But keep in mind that some sophisticated scams won't have obvious errors.

Check the credentials of anyone who asks for money or personal information before giving them anything. Most scammers will try and avoid showing their faces on live video calls or meeting in person.

George Andreopoulos, Argus Investigations

George Andreopoulos, Argus Investigations

A real example: The 2020 Latitude Finance scam

To help give you some idea of what an email phishing scam might be like, here's one that was directed at customers holding a Latitude Financial Services Mastercard in January 2020.

In this scam, an official-looking email was sent to Latitude Mastercard customers, asking them to update their security details immediately. It included a link to an official-looking website, where they were prompted to enter their card details. Both the page and the email had branding, formatting and language that you might expect from a financial institution.

Here's a breakdown of what made this scam believable and what gave it away.

Looked legitimate:Probably a scam:
The email address ended in "@latitudefinancial.com.au". This was done using a hacked mail server.The use of urgent language such as "action required" was designed to rush recipients into making a decision.
Official branding, headers and footers that were consistent with real emails were used.The lack of personal address in the email and the fact that it did not address the recipient by name.
Clicking the link directed users to a convincing replica of Latitude's own page, complete with logos and proper branding.The fake website it redirected to didn't start with "https://", which would indicate that it's a secure destination.
Spelling, grammar and phrasing were correct and the email was well-formatted.There were still some spacing errors in the email itself.
Came through to peoples inboxes (instead of being filtered to their junk mail or spam folders).The email was related to security. Security and protection "upgrades" or "updates" are some of the most common ways to pressure people into providing information.

As you can see, there's no guaranteed method of spotting a sophisticated scam. And while email spam filters often pick up potential phishing scams, it's important to stay aware.

Remember: Even if a source seems legitimate, it's better to contact the organisation directly regarding any requests for your personal information.

How serious are phishing scams in Australia?

According to data from the Australian Bureau of Statistics (ABS), 13.2 million people were exposed to scams in 2021-22. And most were over phone (48.2%), text message (46.5%) or email (37.1%).

Phishing is one form that these scams can take. If you want to see a list of current scams that include phishing, you can also check the government's active database on the Scamwatch website.

What should I do if I've been scammed?

If you think a scammer has gained access to your bank or credit card details, contact the bank immediately. They can freeze your account and potentially reverse unauthorised transactions.

Depending on the situation, you can also report issues and/or get support from the following organisations:

Tips to avoid being scammed

  1. Never respond immediately or agree to anything if an email or phone call, or message seems suspicious.
  2. Contact the organisation that the person claims to be from using official contact details and ask if they have any knowledge of the communication and go from there.
  3. Never use a link or contact number given to you in a suspicious communication, as this could be part of the scam.

You can also learn more about protecting yourself from fraud and scams with this Finder guide.

More guides on Finder

Ask a Question

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our 1. Terms Of Service and 6. Finder Group Privacy & Cookies Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Go to site