According to the Government’s Scamwatch website, Australians lost $340 million to scammers in 2017.
While phone scams remain the most prevalent, as you can see by the most recent monthly figures here, between 25 and 40 per cent of scams reported are email ones.
Collectively, these sorts of scams are known as “phishing”.
What is phishing
Phishing scams are attempts by scammers to trick you into giving out personal information such as your bank account number, passwords, and/or credit card numbers.
This form of cybercrime sees targets contacted by email, telephone call, or text message by someone posing as being from a legitimate institution.
Their single goal is to lure you into handing them your sensitive data, so they can get access to your money.
In the case of email scams, because you think you’re clicking on a legitimate link to a legitimate website (or an attachment that you think is authentic), you might not even know that you’ve given the thieves access to everything they can find on your computer or smartphone.
How can you spot a phishing email?
Things have changed since the first phishing emails were observed in Australia in 2003.
As the Scamwatch website explains:
“It used to be easy to recognise and ignore a phishing email because it was badly written or contained spelling errors, but current phishing messages appear more genuine. It can be very difficult to distinguish these malicious messages from genuine communications.”
That doesn’t mean that you can’t still recognise an attempted scam if you look closely.
The most common warnings signs are:
· Poor grammar;
· Spelling mistakes;
· Poor quality images and generally unprofessional looking emails.
There is still usually one giveaway …
Here’s an example of a very professional-looking email with many links back to the actual retailer’s website:
The giveaways – as they always are – were that the “From” email address and the website link have nothing to do with the company.
You can usually see that these look wrong by hovering your mouse over them.
If you first open an email like this on your smartphone, we suggest that you check on a computer where you can hover over without clicking, to expose these tell-tale signs.
Legitimate emails are different
Because of the prevalence of phishing emails, many organisations no longer send you emails containing any links, for example, a company like PayPal simply suggests that you log in to your account without including a link directing you there. They know that if you have an account, you know how to access it.
Few real businesses – especially banks or companies you have an online account with – will email you to tell you “we have noticed unusual activity on your account”, a favourite ploy of the scammers.
They’re playing on your very real worry that someone could be scamming you to actually scam you!
Another favourite way for a scammer to prompt you to click on a link they have sent you is to offer something, for example, “complete this survey and have a chance to win …”.
If you receive an email that looks “phishy” …
· Check the “From” email address.
· Make sure you hover over the links before you click on them. If they don’t point to the retailer’s domain, DO NOT click on them.
· Make sure the domain they go to doesn’t have a subtle spelling mistake in it. Phishing attacks targeting the banks, for example, registered the domain commbanks.com.au. Anyone not being careful enough wouldn’t notice the extra s – the official CommBank site is: commbank.com.au.
· Call us
· You should report any scams to the ACCC via the Scamwatch website.
While we’re happy to report that GloBird has not been targeted in this way, we accept that this is the new reality, and we hate the idea of anybody falling victim to scammers.
Be careful, take your time to check, and stay safe online.