How to identify spam and phishing messages and stay safe online
Updated: 9 May 2024
As our use of technology increases, so does our vulnerability to online scams. The events of recent times have seen a significant spike in online scams, with scammers taking advantage of consumer fears by using fake emails or text messages to try and obtain personal data.
Phishing scams costs Australian's nearly $26 million according to Scamwatch 2023.1 The good news is, if you know how to spot them, you can avoid falling victim. For the latest scams to be aware of, visit the Government Scamwatch website.
In 2023 alone, Scamwatch received nearly 150,000 reports involving stolen personal information, totalling $50.1 million in losses.1
Know your spam from a scam
Spam and phishing scams are on the rise, but we can all play a part in staying safe online. Every day, you're likely to receive Spam - electronic junk mail. These are emails or SMS messages offering goods or services. They may be annoying, but they're not always a scam.
Emails or text messages advertising fake products, cheap products, offers of prizes or get rich quick schemes or impersonating legitimate organisations are scam messages. They are usually sent to a large number of people at once, and their objective is to get you to disclose information that can be used to take your money or steal your identity.
A common scam in Australia involves demanding payments for non-existent bills, such as tax ‘owed’ to the ATO or utility previders. In 2023, Australians lost nearly $28 million just by making payments to scammers who had sent them false billing information.1
What is phishing?
Phishing (pronounced ‘fishing’) is a scam designed to trick you into giving out your personal information, such as address, bank account and credit card numbers and passwords.
Usually these messages pretend to be from a legitimate business, such as a bank or other service provider. They will urge you to click on a link or download an attachment.
The links will take you to fake websites that look very similar to the ones they’re copying, but are designed to get your personal information by encouraging you to complete application forms or surveys.
Attachments in these emails contain viruses or other forms of malicious programs that can infect your computer.
While phishing is usually sent via email, phishing can also occur via SMS (SMishing) or over the phone as part of a more sophisticated scam. SMS scams are on the rise with nearly 110,000 reported to Scamwatch and other government agencies in 2023.1 No matter how you received the message, think twice before clicking any links.
How to spot phishing email attacks
There a number of signs that indicate that a message may be a scam. Using the example below, some things to watch out for include:
Unexpected contact/sender address
If you receive an email or SMS you were not expecting or it’s from an unknown sender, you should be suspicious. Check the email address it has come from. If it does not match the sender details – it’s likely a phish.Impersonal greeting
As phishing messages are sent to a lot of people at once, they usually lack a personalised greeting. If there is no greeting or the greeting is impersonal, you may be looking at a scam.Incorrect spelling and grammar
While not always a tell-tale sign, look out for spelling and grammar mistakes in unsolicited emails and messages.Unfamiliar attachments
If the email contains an expected attachment, you shouldn’t open them as they may contain malicious software that might infect your computer.Too good to be true
A simple rule to follow: if it sounds too good to be true, it probably is. Offers of overseas inheritances and lottery wins are common forms of phishing scams.Aggressive manner
Some phishers use aggressive scare tactics, urging you to act immediately. Always be sure the messages is are legitimate before taking any action.Wrong URL
If there is a link in the email or SMS, don’t click on it. Hover over the email link with your mouse and check that the actual link is the one you would expect. If it looks wrong, it’s probably a fake website.Request sensitive information
Some phishing emails are used to ‘mine’ data, and may trick you into providing personal and financial information. Be cautious and if unsure, contact the organisation directly via a phone number from their website.
Tips to protect yourself
There are some simple steps you can take to protect yourself and avoid falling victim to phishing scams.
Create strong passwords and change them regularly
Yes, it’s hard to remember different passwords for every account and device but this is one of the most important ways to stay safe online. Make sure your passwords are difficult to guess and change them regularly.Never give out your details
If you receive a message or call from a bank or other organisation asking for personal details, do not give it to them. Instead, ask them for their name and phone number and then check it's a legitimate request with the actual organisation before returning the call.Check for security
Secure websites use 'https' at the start of their URL or display a padlock at the bottom right corner of your browser. Do not enter any personal details on a website without either of these security symbols present.
Keep up-to-date with the latest scams with these resources:
Australian Competition and Consumer Commission's Scamwatch
Australian Government's Stay Smart Online
You can also test your Phishing knowhow with this quiz from Google.
Sources:
1. Scamwatch; Scam statistics 2023
What to do if you receive a scam message?
If you think you've been a target or victim of a scam, report it to the Australian Cybercrime Online Reporting Network (ACORN).
For phishing attacks related to Pepper, or attacks that you think may have compromised your Pepper account, please report it to us as soon as possible by calling Pepper Money Customer Service on 137 377.
Money management tips and tricks
From budgeting advice to tips to help your savings go that bit further, our resources have it all.
Information provided is factual information only and is not intended to imply any recommendation about any financial product(s) or constitute tax advice. If you require financial or tax advice you should consult a licensed financial or tax adviser.
All applications are subject to credit assessment, eligibility criteria and lending limits. Terms, conditions, fees and charges apply.
The results of the borrowing power calculator are based on information you have provided and is to be used as a guide only. The output of the calculator is subject to the assumptions provided in the calculator (see 'about this calculator') and are subject to change. It does not constitute a quote, pre-qualification, approval for credit or an offer for credit and you should not enter commitments based on it. The interest rates do not reflect true interest rates and the formula used for the purpose of calculating estimated borrowing power is based on the assumption that interest rates remain constant for the chosen loan term. Your borrowing power amount will be different if a full application is submitted and we complete responsible lending assessment. The results in the calculator do not take into account loan setup or establishment fees nor government, statutory or lenders fees, which may be applicable from time to time. Calculator by Widgetworks.
Pepper Money Personal Loans is a brand of Pepper Money Limited. Credit is provided by Now Finance Group Pty Ltd, Australian Credit Licence Number 425142 as agent for NF Finco 2 Pty Limited ACN 164 213 030. Personal information for Pepper Money Personal Loans is collected, used and disclosed in accordance with Pepper’s Privacy Policy & the credit provider’s Privacy Policy.
Pepper Money Limited ABN 55 094 317 665; AFSL 286655; Australian Credit Licence 286655 (“Pepper”). All rights reserved. Pepper is the servicer of home loans provided by Pepper Finance Corporation Limited ABN 51 094 317 647. Pepper Asset Finance Pty Limited ACN 165 183 317 Australian Credit Licence 458899 is the credit provider for asset finance loans.
Pepper and the Pepper Money logo are registered trademarks of Pepper Group Assets (Australia) Pty Limited and are used under licence.
