How to identify a phishing scam

Some phishing scam emails look pretty suspicious, but some can look legitimate. The scammers want you to give up personal information or money, or click on dodgy links.

Amy Bradney-George's headshot
Richard Whitten's headshot

By

Amy Bradney-George

&

Richard Whitten

Updated

Fact checked

Key takeaways

  • Phishing is a type of scam that aims to trick people into sharing personal details by sending them fake messages that often look like legitimate emails, phone calls or text messages.
  • Scammers can hack the servers of a company to send fake emails, or use technology to make a message appear legitimate.
  • Double check the sender of an email or text and call the sender and be wary of urgent demands or anyone telling you to purchase gift cards.

How to spot a phishing scam

Generally, scammers will pose as a friend, a bank or another trusted organisation in order to trick or scare you into responding or providing details. But there are often signs that these messages are fraudulent, including:

  • Unofficial email addresses. Emails from official institutions are usually sent from that institution's server. For example, a message from the government should come from a ".gov.au" address. So, always check the address the message has been sent from to see if it matches legitimate correspondence that you've had before.
  • Suspicious links or attachments. Be careful clicking on links to a third-party website from an email or other message if you're not completely sure the message is from the real source. Go straight to the official website or all the organisation involved. Don't download or open attachments unless you're absolutely certain of what they are.
  • Urgent demands for payment or information. Scammers will often create a sense of urgency to trick you into doing things you wouldn't normally do. If the email contains threats, demands immediate action or asks for your personal information, don't trust it.
  • Poor spelling and grammar. Less sophisticated scams are more likely to have typos and grammatical errors than legitimate correspondence from a bank or other official organisation. But keep in mind that some sophisticated scams won't have obvious errors.

Check the credentials of anyone who asks for money or personal information before giving them anything. Most scammers will try and avoid showing their faces on live video calls or meeting in person.

George Andreopoulos, Argus Investigations

George Andreopoulos, Argus Investigations

How the 2020 Latitude Finance phishing scam worked

Customers of Latitude Financial Services Mastercard were targeted in a phishing scam in January 2020.

In this scam, an official-looking email was sent to Latitude Mastercard customers, asking them to update their security details immediately. It included a link to an official-looking website, where they were prompted to enter their card details.

Some elements of the email looked very legitimate. But there were still some red flags if you looked carefully.

Why the email look legitimate

  • The email address ended in "@latitudefinancial.com.au". This was done using a hacked mail server.
  • Official branding, headers and footers that were consistent with real emails were used.
  • Clicking the link directed users to a convincing replica of Latitude's own page, complete with logos and proper branding.
  • Spelling, grammar and phrasing were correct and the email was well-formatted.
  • Came through to peoples inboxes (instead of being filtered to their junk mail or spam folders).

Signs the email was a scam

  • The use of urgent language such as "action required" was designed to rush recipients into making a decision.
  • The lack of personal address in the email and the fact that it did not address the recipient by name.
  • There were still some spacing errors in the email itself.
  • The email was related to security. Security and protection "upgrades" or "updates" are some of the most common ways to pressure people into providing information.

As you can see, there's no guaranteed method of spotting a sophisticated scam. And while email spam filters often pick up potential phishing scams, it's important to stay aware.

Remember: Even if a source seems legitimate, it's better to contact the organisation directly regarding any requests for your personal information.

How serious are phishing scams in Australia?

According to data from the Australian Bureau of Statistics, information or phishing request scams had the second highest victimisation rate in 2023-24. 0.7% of Australians aged 15 and over experienced some kind of phishing scam.

Only buying and selling scams had a higher victimisation rate at 1.4% of Australians. 1 in 10 Australians experienced card fraud in the same time period.

Phishing is one form that these scams can take. If you want to see a list of current scams that include phishing, you can also check the government's active database on the Scamwatch website.

What should I do if I've been scammed?

If you think a scammer has gained access to your bank or credit card details, contact the bank immediately. They can freeze your account and potentially reverse unauthorised transactions.

Depending on the situation, you can also report issues and/or get support from the following organisations:

Tips to avoid being scammed

  1. Never respond immediately or agree to anything if an email or phone call, or message seems suspicious.
  2. Contact the organisation that the person claims to be from using official contact details and ask if they have any knowledge of the communication and go from there.
  3. Never use a link or contact number given to you in a suspicious communication, as this could be part of the scam.

You can also learn more about protecting yourself from fraud and scams with this Finder guide.

Amy Bradney-George's headshot
Journalist

Amy is an experienced journalist with over 16 years of experience, contributing to major publications like Money Magazine, The Sydney Morning Herald, and ABC News Australia. Specialising in personal finance, she frequently appeared in media outlets and on radio. Amy holds a Bachelor of Arts in Journalism and Drama from Griffith University and earned RG146 certifications in Tier 1 Generic Knowledge and Tier 2 General Advice Deposit Products, ensuring her expertise is grounded in current financial regulations. Amy was Finder's Senior Writer for Credit Cards from 2016 to 2024. See full bio

Amy's expertise
Amy has written 531 Finder guides across topics including:
  • Credit cards
  • Frequent flyer
  • Credit score
  • BNPL
  • Money management
  • Sustainability
Richard Whitten's headshot
Co-written by

Money Editor

Richard Whitten is Finder’s Money Editor, with over seven years of experience in home loans, property and personal finance. His insights appear in top media outlets like Yahoo Finance, Money Magazine, and the Herald Sun, and he frequently offers expert commentary on television and radio, helping Australians navigate mortgages and property ownership. Richard holds multiple industry certifications, including a Certificate IV in Mortgage Broking (RG 206) and Tier 1 and Tier 2 certifications (RG 146), as well as a Graduate Certificate in Communications from Deakin University. See full bio

Richard's expertise
Richard has written 636 Finder guides across topics including:
  • Home loans
  • Property
  • Personal finance
  • Money-saving tips
More resources on Finder

Ask a question

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms Of Service and Finder Group Privacy & Cookies Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

More guides on Finder

Go to site
Get matched with the right card for you