Print

Recognise and report phishing

Phishing flyer information
Image from Department of Home Affairs

Phishing… it sounds like an idyllic hobby that many people enjoy in their down time or the multi-billion-dollar industry that feeds and employs even more people.

Whilst it is pronounced the same, Phishing in the cyber security context is very different and can have serious consequences for you, your family, workplace, education and government agencies, and our wider digital community.

What is phishing?

Phishing is a trick cyber criminals use to get your personal information. They send you fraudulent emails or text messages usually acting as someone from an organisation you know and trust. They aim to steal your login, password, and credit card details to install malware or gain access to systems and networks that can lead to the loss of information, data, money, or identity theft.

As Phishing scams evolve, so do the terms. You may also have heard of:

  • Spear-phishing - targeted emails or text messages
  • ‘Smishing’ or SMS phishing - text messages
  • ‘Vishing’ or voice phishing - phone calls

How to spot a phish

We are all improving – most of us are attuned to spot phishing scams. However, cyber criminals are also improving – their phishing attacks are being generated at speed and scale, in a more convincing way.

Artificial Intelligence is being used by cyber criminals to perfect their messages, so it’s not as easy as looking for poor grammar and spelling errors, although, these are still signs to look out for.

Common signs of a phish message:

  • Urgent or emotional language that claim dire consequences if you don’t respond immediately
  • Requests to send you or your company’s personal or financial information
  • Suspicious links, URLs or attachments
  • Incorrect email addresses or links, like amazam.com

Why it’s important to report a phish?

We can all be part of the solution. Reporting a phish can help maintain security of our networks and systems and prevent someone else falling victim of the phish.

Anyone can be caught by a phishing scam; the important part is the next steps you take!

  • At work: Follow your agency or company procedures to report a phish. For example, use the “Report Message”, followed by “Phishing” buttons from your email account
  • Don’t click on links, open any attachments or reply to requests in a suspicious email or message
  • Contact your financial institution – they may be able to stop a transaction or freeze your account.
  • Confirm contact details with an official source. For example, if you receive a message or email from your bank with a contact number double check the number on their official website or on a letter they have sent to you.
  • Update your knowledge about what security questions you will be asked – check the details with the official source. For example, check with your financial institution or government agency what questions they will ask you to confirm your identity.

For small business and Queensland government employees

Many businesses and government agencies offer their employees user training and simulations to help ensure you can identify and respond to phishing cyber-attacks.

Learn more about what information and training is available:

What about my personal accounts?

Phishing does not only happen in a work or business environment. You, your friends and family are often targeted through your personal accounts and emails.

Reporting a cyber-crime, incident or vulnerability

The Australian Cyber Security Centre’s webpage has links and details of how to report a cyber crime, incident or vulnerability

We can all make cyber security everyone’s business by enhancing our awareness and staying up-to-date with the latest tips on how to secure our digital interactions.

Useful links:

Videos:

National Cyber Security Coordinator Social links

Michelle McGuinness will be posting videos throughout Cyber Security Awareness month

LinkedIn icon@aucyberseccord Instagram icon @aucyberseccord

Last updated:
21 October 2024
Share this page: