You may have heard the term ‘phishing’ when people talk about online scams. Phishing is a common way scammers try to trick people into giving away personal information.
Phishing happens when a scammer pretends to be a trusted organisation or person so they can convince you to share sensitive information. This might include your passwords, bank details, credit card numbers or other personal information.
Scammers may contact you through:
- Text messages
- Phone calls
- Social media messages
- Fake websites that look like real ones
The aim is usually the same – to trick you into providing information that can be used to access your bank accounts or steal your identity.
How phishing scams usually appear
Phishing messages are designed to look convincing. Scammers often copy the logos, colours and style of real organisations, which can make their messages appear legitimate at first glance.
However, there are often warning signs.
One common clue is that the message does not use your real name. Instead, it may start with a general greeting such as “Dear customer” or “Dear user”.
Another sign can be unusual contact details. The sender’s email address, phone number or website link may look similar to a real organisation but contain small differences.
Scammers also often create a sense of urgency or pressure. They may claim there is a problem with your account or say you must act immediately to avoid a penalty or loss of access.
These tactics are designed to make people respond quickly without checking whether the message is genuine.
How to protect yourself
There are several practical steps you can take to reduce the risk of phishing scams.
- Never share personal or financial information – such as passwords, credit card details or security codes – with someone who contacts you unexpectedly.
- Do not click on links or open attachments in messages you were not expecting or that seem suspicious.
- Check the sender’s contact details carefully, including the email address or phone number. Small differences can indicate a scam.
- If you receive a message that appears to come from an organisation, contact them using their official website or app rather than the details provided in the message.
Taking a moment to check a message before responding can help prevent scammers from gaining access to your information.
Common phishing examples
Some phishing scams involve messages that appear to come from government services.
For example, scammers may pretend to be from:
- myGov
- Services Australia
- Centrelink
- The Australian Taxation Office (ATO)
These messages may arrive by email, text message or social media and often include a link to a fake website designed to collect your personal information.
Phishing scams may also impersonate banks, delivery companies or other businesses you regularly deal with.
What to do if you think you’ve been scammed
If you receive a message that seems suspicious or pressures you to act quickly, it is important to pause and check before responding.
If you believe a scammer may have obtained your personal or financial information, there are steps you can take.
- Contact your bank immediately if your banking or credit card details may have been exposed. Your bank can help secure your accounts and stop unauthorised transactions.
- Get help from IDCARE, Australia’s national identity and cyber support service. IDCARE provides support and advice to people who may be at risk of identity theft.
- Report the scam to Scamwatch. Reporting scams helps authorities track scam activity and warn others about new scam tactics.
Being aware of how phishing scams work and taking a cautious approach to unexpected messages can greatly reduce your risk of becoming a victim.
Source: Scamwatch
