
Get exclusive money-saving offers and guides
Straight to your inbox
We’re reader-supported and may be paid when you visit links to partner sites. We don’t compare all products in the market, but we’re working on it!
A criminal doesn't even need your physical card to commit fraud. All they require are your personal details or card information, and one way they can get these is through a process known as "phishing".
A phishing scam aims to trick people into giving away their personal information so it can be used for fraud. Phishing messages look like they're from legitimate sources and can come through emails, phone calls, text messages or even social media channels. This guide focuses on how to spot email phishing scams, but it can help you avoid other phishing scams as well.
Most Australian credit card fraud doesn't even involve the scammer getting a hold of the victim's physical card. Data published by the Australian Payments Network in December 2019 shows that this kind of fraud cost Australians around $450 million in the 2018/2019 financial year.
Phishing is one form that this kind of fraud can take. If you want to see a list of current scams that include phishing, you can also check the government's active database on the Scamwatch website.
While phishing scams can vary widely in approach, email scammers will generally pose as a friend, a bank or another trusted organisation in order to trick or scare you into responding or providing details.
Fortunately, the vast majority of scams share a few telltale signs that mark them as being fraudulent. Here are some common signs:
Email spam filters often pick up potential phishing scams, but it's important to stay aware. If you suspect an email of being a scam, delete the message and don't click on any links. If you suspect you've been the target of a scam, follow the advice below.
To help give you some idea of what a sophisticated email phishing scam might be like, here's one that was directed at customers holding a Latitude Financial Services Mastercard in January 2020.
Essentially, an official-looking email was sent to holders of a Latitude Mastercard, asking them to update their security details immediately. Following the link took recipients to another official-looking page, where they were prompted to enter their card details. Both the page and the email had proper branding and formatting and language consistent with what you might expect from a financial institution.
Here's a breakdown of what made this scam believable and what gave it away.
Looked legitimate... | Probably a scam... |
---|---|
The email address ended in "@latitudefinancial.com.au". This was done using a hacked mail server. | The use of urgent language such as "action required" was designed to rush recipients into making a decision. |
Official branding, headers and footers that were consistent with real emails were used. | The lack of personal address in the email and the fact that it did not address the recipient by name. |
Clicking the link directed users to a convincing replica of Latitude's own page, complete with logos and proper branding. | The fake website it redirected to didn't start with "https://", which would indicate that it's a secure destination. |
Spelling, grammar and phrasing were correct and the email was well-formatted. | There were still some spacing errors in the email itself. |
Came through to peoples inboxes (instead of being filtered to their junk mail or spam folders). | The email was related to security. Security and protection "upgrades" or "updates" are some of the most common ways to pressure people into providing information. |
As you can see, there's no guaranteed method of spotting a sophisticated scam. Keeping your guard up can help, but you should always treat any request for personal information in an email with extreme caution, no matter how legitimate the source seems to be.
Banking/credit card scams | Your bank or financial institution |
Fraud and theft | The police – call 131 444 |
Tax-related scams | The Australian Taxation Office website or phone 1800 008 540 |
Never respond immediately or agree to anything if an email or phone call seems suspicious. Contact the organisation that the person claims to be from, especially if it's a reputable company or group that you've heard of. Ask if they have any knowledge of the communication and go from there.
Some companies and websites only exist for fraudulent activity. Never use a link or contact number given to you in a suspicious communication, as this could be part of the scam.
You can learn more about protecting yourself from fraud and scams with this Finder guide.
Identity theft is costing Australians billions of dollars a year according to a recent analysis by Finder, Australia’s most visited comparison site.
Details on the most common scams to avoid during the coronavirus health crisis, plus tips for keeping your information safe online.
These are the red flags when it comes to buying face masks online.
Investment scams rose by 20% between March and May this year, with fake celebrity endorsements increasingly popular.
Online scams are on the rise – here's what you need to know to stay safe this Black Friday.
If you want to make money selling on Facebook Marketplace, find out how in this detailed guide.
NBN Co has upgraded satellite NBN services, giving regional Australians access to the new Sky Muster Plus plans as NBN-related scams rise.
Learn more about security tokens and why some experts consider them the next big thing in the cryptocurrency space.
Meet hot single investments in your area with HoweyCoin, the SEC's educational crypto scam.
The email that claims to let users import ERC20 tokens directly is a scam.