Channel Tech Support logo, black text

What Do Phishing Scams Look Like?

 

With the whole world interconnected by the internet there are a whole heap of benefits with access to information and services. However, the unfortunate flip side of that are the crime and scams that can come along with it.

A big one that can create difficulty and cost a lot of money is ‘Phishing’. Phishing has impacted at lot of people in Australia, and even here in Hobart I’ve had the unfortunate job of having to report on security and Windows updates for customers who have been scammed by this sort of attack as their bank requires confirmation before they will reenable access to their internet banking.

Firstly, What is Phishing?

A lot of these new internet crimes and scams have new words to describe them. Oxford Dictionary defines phishing as ‘the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.’ This description suits the practice pretty well, but what does that look like in a practical, day to day sense?

How to Identify Phishing Scams & Protect Your Personal Information

A key thing to look is the email address that the email has come from. Using the Commonwealth Bank as an example here, CommBank’s emails (if they send you any, but we’ll get to that in a moment) would come from an address ending @cba.com.au. CommBank would never send anything from an address ending in @gmail.com. or @hotmail.com. That might seem obvious, but a lot of phishing emails will come from an address like commbank@gmail.com, with a display name that the scammers have set to be something a little more convincing, say ‘CommBank Security Team’. Clicking in the address or on a dropdown near the address will reveal the actual address with it’s domain, so, when in doubt, make sure you know the domain name the email has come from before opening the email.

Another thing to consider is whether you’ve ever received an email from the organisation in question before. Most banks will never send you email but rather have some sort of messaging within their secure pages and will only send notifications to that. So this means that you will have to login to their platform in order to get their messages, i.e., login to Netbank to see any authentic messages from CommBank. So if you’ve not received an email from your bank all year so far and tomorrow morning all of a sudden Westpac want to know what you think of their services then think twice, and then another 2 times, maybe have a cup of tea while you think once or twice more about your next actions.

Scammers will often put a lot of effort into making their phishing emails look good but not so much effort into the spelling and grammar of the email. Given that a lot of these phishing mails are crafted in parts of the world where English is not the native tongue, sometimes that can be a good indicator.  If you’re unsure about an email then have a careful read of the mail and look for any little ‘tell-tale’ signs in the form of spelling errors or incorrect use of words (think their/there/they’re or to/two/too).

The end goal of the scammer will be to obtain your username and password and the way that will happen will be by getting you to a webpage the scammer has built. This will be via a weblink. This link can serve as a very good indicator as to whether an email is a phishing exercise. Banks and financial institutions will rarely if ever send emails with links for you to follow but rather instruct you to login to your ‘Netbank’ or ‘customer portal’ or the like. Scammers can create links with a display of ‘Netbank Login’ but actually link to a page of their own that may or may not even be remotely related, like www.xyz.co.zu/imascammerwantingtotakeallyourmoney. If nothing else in the process of analysing the email you’ve received has already made you think it could be a scam, then hover (position the mouse pointer over the link without clicking it) and it should indicate where the linked text is actually trying to take you.

Following these tips will go a long way to seeing you avoid having your details pinched and money taken from you or identity stolen. Having a good antivirus package and checking for scams on sites like ScamwatchCommonwealth Bank Latest Security AlertsWestpac Latest Scams, and ANZ Latest Scams for issues that could be relevant to you. Of course, sometimes we’re tired or unsure or just have a ‘brain fade’ and accidently follow the scammer’s instructions. If that’s the case, then call your bank immediately for advice. 

Give us a call at Channel Tech Support on 03 6231 0499 or email via the my contact page and we can help make sure that all the other protections are in place to try and stop the mails getting to you in the first place.