How to stay on guard against phishing

There are plenty of scammers out to get you, and many are employing phishing techniques. Do you know what to look for?

Another day, another scam. It’s more or less a mantra around the internet, with one popping up every day amidst security threats all the time.

If you have an email address, you’re going to see them, because scammers are targeting anyone and everyone. The tactic is about saturating every email address a scammer can find, because they’re bound to find someone who will click, and someone who will fall for it. It’s not just email, either, because there are other places scammers can phish for your details.

You might not be a customer of a specific bank, and you might not have a package waiting for you or an invoice, or anything like that, but eventually, a scam will connect with you, and you’ll ask yourself “is this legit?”

That’s one of the problems with scams, because they’re getting better and better at fooling people, so how do you stay on guard. How do you beat phishing attempts for good?

What is phishing

First things first, we need to talk phishing as a whole, because it can get a little confusing. Scams in general are confusing, and also frustrating, but phishing is what seems to make up a majority of what we all get sent.

So what is phishing?

It sounds like “fishing”, but it’s not the quite the same, because while fishing is often to get food or sport, “phishing” is more about getting your details by engaging in some digital experimentation.

Use of terms with “ph” at the beginning for the digital world kicked in around the 90s when experimentation with telecommunication hacking was called “phreaking”, with the people doing it called “phreakers”. Often seen as some of the more complicated hacking, phreakers have reportedly existed since the 60s, and would construct equipment to take advantage of telecommunications networks, such as phones.

Fast forward to now, and “phishing” is the term used for people who employ exploits in email, SMS, and web designed to fish for your details.

Phishing in email

Emails are the first place scammers will likely try to nab you, convincing you of their legitimacy with details that look real, yet are missing quite a bit.

When a scammer sends an email, it’s likely in the guise of something else. It could be a web service like Facebook, but it could also be something local, too. An Australian bank or the national postal service. A telecommunication

Scammers are trying to convince you of their authenticity to have you click a link and fill out details, trusting their presence so that you let your guard down and hand over your banking details or something else.

When you get an email from a service, be sure to read its details thoroughly. Check the subject, the sender, and the wording. An official email is less likely to get things wrong, but scammers tend to make mistakes. Many, many mistakes.

If the scammers doesn’t speak English natively, you can usually expect spelling errors, not to mention grammatical ones that seem not quite right.

However there are things the email scams have to get wrong due to the sheer nature of falsifying emails.

The first of these is the sender.

Scammers can’t use a real email address from the company they’re faking, so they’ll often use two, all in the effort to trick you. The first one is the one they want you to pay attention to, but that’s just the name you normally have, while the second is the real one. An email has to come from somewhere, and they can’t fake that one, so the first one is where the deception takes place.

Check both, and if something doesn’t seem legit, delete the email as soon as possible.

The other place an email scam will attempt to fool you is in the links. The links hold the key to the whole deception, and while an email might look real, if you hover over the links, you might see something that seems real, yet isn’t.

Hovering over a link doesn’t click on it, so hover over a link and see what your browser says. If you’re checking on a mobile, you won’t get to hover, so read through that email address carefully and either wait until you’re at a computer to check, or delete it and move on.

Phishing SMS

JB HiFi SMS scam

If not emails, then text messages. That is to say, if scammers don’t try to hit you on emails, they’ll try on an SMS, luring you with a dodgy SMS. Scam text messages are getting more and more convincing, and play the phishing game more directly.

Rather than try to convince you with a flashy looking email that tries a few links, phishing SMS will do it with one link and a short run of text. Just enough to get you to click.

Part of the SMS phishing attempt is how scammers can pretend to be someone else, and how they purport to be a company. If they use a bulk SMS sending service, scammers can pretend to be a company name, and that can be used to trick you.

If they’re pretending to be from JB HiFi, they might use JB Store, a trick used at least once this year. If they’re trying to seem like they’re from Telstra, they may use something similar, such as Telstra Mobile, not Telstra itself.

As convincing as some of these names can be, there is one place an SMS scammer can’t fake, and that’s the link.

Much like the email phishing attempts, an SMS will include a link that includes the real domain, a website link that includes the www-dot-whatever used by the scammer. This will more than likely be very different than the real thing, so it’s worth paying attention and being suspicious.

This link might say “westpac” in the URL, but it’s not “westpac.com.au”, the place where Westpac bank is. Simply using the same name doesn’t mean it’s the same site.

Phishing websites

If you do end up clicking on a link from an email or an SMS, you’ll be taken to the place where the bait is, the phishing website.

These are websites designed to look so authentic that you follow through. They can look good enough and convincing enough that you believe them to be real, and that’s precisely what scammers are hoping for.

However there are key indicators that usually give away a phishing website. While grammar and spelling can play a big part, so too will the website link in your browser bar.

Much like that link in the SMS, it’s a part of a website a scammer can’t fake. They may be able to get close, but close shouldn’t convince you. Read the website link very carefully, and if you have any questions, consider Googling the company, calling its phone number, and asking them if the website you’re at is real.

Qantas scam
Using Qantas imagery in the website doesn’t mean it’s a Qantas site. Check the website name up above and make sure you’re not at a fake site. This one is clearly fake.

Read up and ask questions

Remember that you don’t have to take everything at face value and you can ask questions. Not everything sent to you will be legit, and scammers make a fortune out of people every year. The Australian Competition and Consumer Commission (ACCC) is already forecasting a loss of over half a billion lost by the end of the year to scams, and while that’s not phishing entirely, phishing does play a part.

As such, the ACCC helps matters by running a website called Scamwatch, which onto only provides assistance on scams, but also information about what is happening around the web.

There’s also How Scams Work, a website we’ve built that allows you to experiment with scams and phishing techniques in a safe environment with no risk of damage to yourself. Phishing attempts are typically a way to steal information, but the phishing attempts we’ve built in at How Scams Work are designed to educate on the things that scammers attempt to do, allowing you to experiment and be educated politely to help you understand what can happen in the real world.

The real world can be a place to learn hard lessons, particularly when scammers are doing so much to take money. Remember that you don’t need to take these phishing emails, phishing texts, or phishing websites at face value. You don’t need to take anything at face value, and can question anything.

When you see something that you feel you should ask questions of, read it carefully and thoroughly. Scammers are getting good at this, and the last thing you want to be is another one of the statistics.