Thank you to my lovely colleague, Ella Donald, for generously taking time to write this article supporting the demystifying cyber project and helping people to stay safer from cybercrime.
How do I spot a phishing scam?
As society becomes more digitised, our lives are increasingly conducted online. We must give our banking details, identifying information, and more to many sources, and may be prompted to provide them again. Our email inboxes are, more than ever, a receptacle of sensitive information. So, if many organisations – from our bank, to gym, to phone company, postal service, and government – have our details, how can we tell that an email from them is legitimate?Phishing scams are attempts by an attacker to extract personal information from a victim. This information can include banking and credit card details, passwords, and other personal details; and can be done through emails, phone calls, and text messages. Phishing scams can also install malicious software (eg. Ransomware) on a computer. These scams are becoming increasingly common and complex in this digital age, with attackers impersonating trusted brands and organisations from Australia Post, to the Australian Taxation Office, to Netflix. How can we keep our information safe in these circumstances? Below, learn how to spot a phishing scam, and how you can stay safe online.
Navigate to the website yourself to check
Phishing scams usually have a sense of urgency – for example, an email telling you that your account or computer has been compromised, or a call informing you of a charge on your credit card. Attackers have recently posed as Amazon and Microsoft to carry out scams like these, designed to elicit a knee-jerk reaction from the victim. When receiving a message such as this, it's important to not panic and respond to the call, message, or email – and never open a link or attachment on an email that has this tone. This could trigger ransomware or another malicious software to be installed on your computer.Instead, open your web browser and navigate to the website of the organisation or brand that the email claims to be from. Then log into your account, and check your details, transactions, or other information that the message is claiming to be compromised. If you can’t access their website, ring their official number (not that listed on the email, or the number that called you) and ask to speak to a representative, who will be able to verify the legitimacy of the message. This will ensure that you’re accessing a legitimate website and are avoiding any possible viruses.
Check the email address it is coming from
Official emails – whether from PayPal, Google, the government, Netflix, or a bank – will come from an address that includes the official domain name (eg. ‘(name)@google.com’, ‘(name)@paypal.com’). When receiving an email that asks for banking or other personal information, click on the sender to check the address it is coming from. If the address doesn’t match the official domain name (you can always navigate to the organisation’s website yourself to check what it is), and is perhaps a mess of letters and numbers, this is an indication that the message is a phishing scam. Again, you can always log into your account on their official website or give them a call to check. Better safe than sorry.Look out for misspellings and other imperfections
One hallmark of phishing emails is their subtle imperfections, that may not be immediately noticeable to the panicked eye but are obvious upon closer inspection. These can be everything from slightly pixelated images, to a misspelled domain name, to poor grammar in the email text. Alternatively, it may be that the layout and style of the message doesn’t fit previous communications you’ve received. These are a sign of a phishing scam, caused by the use of translation programs (that can provide a word without the proper context) and templates. If something looks not quite right, delete the email, and get in touch with the company through another method.Ella Donald works with The University of Queensland’s Data Strategy and Governance team, and has a background in journalism and communications.