We’re reader-supported and may be paid when you visit links to partner sites. We don’t compare all products in the market, but we’re working on it!
A criminal doesn't even need your physical card to commit fraud. All they require are your personal details or card information, and one way they can get these is through a process known as "phishing".
A phishing scam aims to trick people into giving away their personal information so it can be used for fraud. Phishing messages look like they're from legitimate sources and can come through emails, phone calls, text messages or even social media channels. This guide focuses on how to spot email phishing scams, but it can help you avoid other phishing scams as well.
Most Australian credit card fraud doesn't even involve the scammer getting a hold of the victim's physical card. Data published by the Australian Payments Network in December 2019 shows that this kind of fraud cost Australians around $450 million in the 2018/2019 financial year.
Phishing is one form that this kind of fraud can take. If you want to see a list of current scams that include phishing, you can also check the government's active database on the Scamwatch website.
While phishing scams can vary widely in approach, email scammers will generally pose as a friend, a bank or another trusted organisation in order to trick or scare you into responding or providing details.
Fortunately, the vast majority of scams share a few telltale signs that mark them as being fraudulent. Here are some common signs:
Email spam filters often pick up potential phishing scams, but it's important to stay aware. If you suspect an email of being a scam, delete the message and don't click on any links. If you suspect you've been the target of a scam, follow the advice below.
To help give you some idea of what a sophisticated email phishing scam might be like, here's one that was directed at customers holding a Latitude Financial Services Mastercard in January 2020.
Essentially, an official-looking email was sent to holders of a Latitude Mastercard, asking them to update their security details immediately. Following the link took recipients to another official-looking page, where they were prompted to enter their card details. Both the page and the email had proper branding and formatting and language consistent with what you might expect from a financial institution.
Here's a breakdown of what made this scam believable and what gave it away.
| Looked legitimate... | Probably a scam... |
|---|---|
| The email address ended in "@latitudefinancial.com.au". This was done using a hacked mail server. | The use of urgent language such as "action required" was designed to rush recipients into making a decision. |
| Official branding, headers and footers that were consistent with real emails were used. | The lack of personal address in the email and the fact that it did not address the recipient by name. |
| Clicking the link directed users to a convincing replica of Latitude's own page, complete with logos and proper branding. | The fake website it redirected to didn't start with "https://", which would indicate that it's a secure destination. |
| Spelling, grammar and phrasing were correct and the email was well-formatted. | There were still some spacing errors in the email itself. |
| Came through to peoples inboxes (instead of being filtered to their junk mail or spam folders). | The email was related to security. Security and protection "upgrades" or "updates" are some of the most common ways to pressure people into providing information. |
As you can see, there's no guaranteed method of spotting a sophisticated scam. Keeping your guard up can help, but you should always treat any request for personal information in an email with extreme caution, no matter how legitimate the source seems to be.
| Banking/credit card scams | Your bank or financial institution |
| Fraud and theft | The police – call 131 444 |
| Tax-related scams | The Australian Taxation Office website or phone 1800 008 540 |
Never respond immediately or agree to anything if an email or phone call seems suspicious. Contact the organisation that the person claims to be from, especially if it's a reputable company or group that you've heard of. Ask if they have any knowledge of the communication and go from there.
Some companies and websites only exist for fraudulent activity. Never use a link or contact number given to you in a suspicious communication, as this could be part of the scam.
You can learn more about protecting yourself from fraud and scams with this Finder guide.
With the total market cap of the crypto sector dropping by a whopping 10% within the last few hours, it seems as though the coming few days could be highly volatile for ETH.
What are the things to watch out for when buying your child's first laptop?
As Russia gets ready to outlaw its local crypto market, BTC could be faced with even greater volatility in the near future.
Heavyweight stars Fancis Ngannou and Cyril Gane headline UFC 270.
Shares in Rio Tinto have climbed more than 15% in the last month.
Here are the 10 biggest movers on the ASX for Friday 21 January 2022.
This leave-in conditioner transformed my unwashed mop into silky locks that would make Rapunzel envious.
Samsung's next flagship S22 phone will be, in its own less than subtle phrasing, "noteworthy".
A fun superhero series, an epic sci-fi and a dark teen drama are among our top picks this week.
