How confident are you in your ability to sniff out a scam? It turns out that even the biggest brands in the country aren’t immune to the threat of hijacking. A recent spate of phishing attacks has been launched at everyday Aussies in the last couple of weeks, circulating thousands of emails that impersonate big-name brands like Telstra, Spotify, GoVia and government agencies like the Australian Federal Police (AFP) and the Australian Tax Office (ATO). This new wave of sophisticated scam emails attempts to extract valuable data or information from you by duping you into clicking on a link within the email or downloading an attachment. At first glance, they appear to be legitimate – so it pays to be aware.
What is a Phishing Scam?A phishing scam is an attempt by attackers to get you to part with precious and valuable information – usually login or bank details – so that they can extort money from you or steal directly out of your bank account. These scams usually come in the form of a fake email from what appears to be a legitimate sender, urging victims to click on a link, download an attachment or submit their details.
What Happened in these Recent Attacks?Fake notices purporting to be from Telstra, the ATO and GoVia were sent out pretending to be from the organisations and asking people to click on a link to view their bill, notice or statement. By clicking the link or downloading the attachment, people were at risk of compromising the security of their computer. Spotify was also targeted, with people receiving an email to update their billing information through a link to a fake sign-in page – a page that was almost identical to the real Spotify website. Victims also reported dodgy traffic intrusion notices from the AFP and penalty notices from the ATO, with the emails asking you to download an attachment to view the notice. It’s thought that these particular businesses and organisations were targeted because of their brand equity and large customer base, giving the perpetrators of the attacks a higher chance of scamming more victims.
Phishing ExplainedPhishing scams attempt to trick you into giving out personal information such as bank account numbers, passwords and credit card numbers. Scammers will usually get in touch with you via email, phone or text, and will claim to be a legitimate business (like your bank or the tax office). The person on the phone or sending the email might just ask for something very simple, like the confirmation of your details or for you to fill out a form or send an email back. Or, they might attempt to scare you by saying that there has been suspicious activity on your account, like an unauthorised payment. They might ask you to confirm your card details so that they can ‘investigate’ the supposed activity. Or, they might already have your bank details or card number, and will get you to confirm your details by quoting the three-digit number on the back. Phishing comes in many forms, with most of the communication stimulating urgency and fear to pressure you into acting quickly and without thinking. It’s vital that you are always wary and take steps to protect yourself because in many cases, the attackers will look and sound very genuine. Remember that if you are ever suspicious, there’s nothing to be lost from contacting the organisation that supposedly sent the email and asking if it’s legitimate. Or if you get a call from someone purporting to be from your bank, you can quite easily test the genuineness of the call by letting them know that you’ll hang up and call them back – and then call your bank and ask them if the call was genuine. In most cases, it won’t be.
- An email or a phone call asking you to verify or update information via a link or over the phone
- An email address that doesn’t look legitimate or that comes from an unknown address
- Not using your full or proper name
- Typing errors/spelling mistakes in the email
- Unbranded emails or letters