How to identify a phishing scam
If you get an email or message from a new or unfamiliar sender, it could be a phishing scam. Here's how to stay safe.
Phishing is a type of scam that aims to trick people into sharing personal details so it can be used for fraud. Phishing messages look like they're from legitimate sources and can come through emails, phone calls, text messages or even social media channels.
Here's a look at the the warning signs and what you can do to stay safe.
How to spot a phishing scam
Generally, scammers will pose as a friend, a bank or another trusted organisation in order to trick or scare you into responding or providing details. But there are often signs that these messages are fraudulent, including:
- Unofficial email addresses. Emails from official institutions are usually sent from that institution's server. For example, a message from the government should come from a ".gov.au" address. So, always check the address the message has been sent from to see if it matches legitimate correspondence that you've had before.
- Suspicious links or attachments. Never follow links to a third-party website from an email or other message. Go straight to the official website or all the organisation involved. Don't download or open attachments unless you're absolutely certain of what they are.
- Urgent demands for payment or information. Scammers will often create a sense of urgency to trick you into doing things you wouldn't normally do. If the email contains threats, demands immediate action or asks for your personal information, don't trust it.
- Poor spelling and grammar. Less sophisticated scams are more likely to have typos and grammatical errors than legitimate correspondence from a bank or other official organisation. But keep in mind that some sophisticated scams won't have obvious errors.
A real example: The 2020 Latitude Finance scam
To help give you some idea of what an email phishing scam might be like, here's one that was directed at customers holding a Latitude Financial Services Mastercard in January 2020.
In this scam, an official-looking email was sent to Latitude Mastercard customers, asking them to update their security details immediately. It included a link to an official-looking website, where they were prompted to enter their card details. Both the page and the email had branding, formatting and language that you might expect from a financial institution.
Here's a breakdown of what made this scam believable and what gave it away.
|Looked legitimate:||Probably a scam:|
|The email address ended in "@latitudefinancial.com.au". This was done using a hacked mail server.||The use of urgent language such as "action required" was designed to rush recipients into making a decision.|
|Official branding, headers and footers that were consistent with real emails were used.||The lack of personal address in the email and the fact that it did not address the recipient by name.|
|Clicking the link directed users to a convincing replica of Latitude's own page, complete with logos and proper branding.||The fake website it redirected to didn't start with "https://", which would indicate that it's a secure destination.|
|Spelling, grammar and phrasing were correct and the email was well-formatted.||There were still some spacing errors in the email itself.|
|Came through to peoples inboxes (instead of being filtered to their junk mail or spam folders).||The email was related to security. Security and protection "upgrades" or "updates" are some of the most common ways to pressure people into providing information.|
As you can see, there's no guaranteed method of spotting a sophisticated scam. And while email spam filters often pick up potential phishing scams, it's important to stay aware.
Remember: Even if a source seems legitimate, it's better to contact the organisation directly regarding any requests for your personal information.
How serious are phishing scams in Australia?
According to data from the Australian Bureau of Statistics (ABS), 13.2 million people were exposed to scams in 2021-22. And most were over phone (48.2%), text message (46.5%) or email (37.1%).
Phishing is one form that these scams can take. If you want to see a list of current scams that include phishing, you can also check the government's active database on the Scamwatch website.
What should I do if I've been scammed?
If you think a scammer has gained access to your bank or credit card details, contact the bank immediately. They can freeze your account and potentially reverse unauthorised transactions.
Depending on the situation, you can also report issues and/or get support from the following organisations:
- Australian Cyber Security Centre
- The Australian Taxation Office website, or phone service on 1800 008 540.
- The IDCARE website, or phone service on 1800 595 160
- The police, locally or by phoning 131 444
Tips to avoid being scammed
- Never respond immediately or agree to anything if an email or phone call, or message seems suspicious.
- Contact the organisation that the person claims to be from using official contact details and ask if they have any knowledge of the communication and go from there.
- Never use a link or contact number given to you in a suspicious communication, as this could be part of the scam.
You can also learn more about protecting yourself from fraud and scams with this Finder guide.
- Australian Bureau of Statistics, personal fraud 2021-22
- Finder interview with George Andreopoulos (2023)
More guides on Finder
What happens if you don’t pay your credit card bill?
Can't pay your credit card on time? Refer to this guide for tips on how to repay your balance and to learn what will happen if you miss a payment.
Horizon Bank Visa Credit Card
This low-cost card offers the same interest rate for all transactions and a $0 annual fee for life.
How to choose a credit limit for your credit card
Learn how to choose the right credit limit to suit your financial needs and avoid overspending.
Why was my credit card declined?
Understand why your bank may decline your credit card transaction and what you can to do avoid this embarrassing and inconvenient issue.
How to get a credit card
If you're worried about getting approved for your first credit card or just don't know where to start, these insights will put you on the right path.
Credit card vs debit card
While a credit card is linked with a line of credit, a debit card is connected to your own money. Compare the differences between the card types in this guide.
Credit card repayment calculator
Calculate how much you're paying in interest based on your current credit card repayments and discover how much you should pay each month to meet your financial goal.
Credit card benefits and drawbacks
Credit cards come with both benefits and risks, so use our list of pros and cons to weigh up your options.
What to do when your credit card is lost or stolen
The steps to follow and contact information you'll need to notify your bank if your credit card is lost or stolen.
No Foreign Transaction Fee Credit Cards
Find out how you can keep your overseas spending costs down by comparing credit cards with no foreign transaction fees and no currency conversion fees.
Ask an Expert