We’ve curated some helpful tips and useful information from the Australian Cyber Security Centre (ACSC) to help keep you safe online.
Cybercriminals are getting increasingly smarter, with an increasingly alarming number of people falling victim to scams both at work and home.
A record $851 million was lost in 2020 to scams, representing a 75 per cent increase last year.
Source: 2021 BDO/AusCERT Cyber Security Survey
Phishing and targeted malicious emails remain the number one threat, however there are some simple steps we can all take to help protect ourselves.
Read on to learn about phishing (scam emails), how to recognise them and some top tips to stay safe online.
What is Phishing?
Phishing (pronounced ‘fishing’) is the fraudulent practice of sending emails claiming to be from reputable companies with the aim to collect confidential information.
This might be online banking logins, credit card details, business login credentials, passwords, or NDIS participant details.
The below videos from the Australian Cyber Security Centre offer a great explanation as to how phishing scams work and how to spot one.
Phishing emails are usually sent from reputable brands such as:
- State and territory police or law enforcement (fake fine scams)
- Utilities such as power and gas (fake bills and overdue fines)
- Postal services (parcel pick-up scams)
- Banks (fake requests to update your information)
- Tele-communication services (fake bills, fines or requests to confirm your details)
- Government departments and service providers such as the Australian Taxation Office, Centrelink, Medicare, myGov and the NDIA.
How do I protect myself from phishing?
The best way to protect yourself from phishing attempts is to stay on top of current threats, be cautious online and take steps to block malicious or unwanted messages from reaching you in the first place.
Things to look out for:
- If an email or page is asking you for information that you were not expecting to be asked about, stop, and check that everything looks genuine.
- Do not click on links in emails or messages, or open attachments from people or organisations you don’t know.
- Be especially cautious if messages push or implicitly threaten you to take a suggested action.
- Also be very cautious if the message is very enticing or appealing. If it seems too good to be true chances are it is too good to be true.
- Before you click a link (in an email, social media, website etc…), hover your mouse cursor over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window).
If you do not recognise or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video, or web page without directly clicking on the suspicious link.
- If you’re not sure about an email contact the relevant business or organisation (using contact details sourced from the official company website).
- Use a spam filter to block deceptive messages from even reaching you.
- Remember that your financial institution and other large organisations (such as Amazon, Apple, Facebook, Google, PayPal and others) would never send you a link and ask you to enter your personal or financial details.
- Stay informed on the latest threats – sign up for the ACSC Alert Service. You can also find information about the latest scams on the Australian Government’s Scamwatch website.
If you think you’ve entered your credit card or account details to a phishing site:
- Contact your financial institution immediately
- Contact IDCare on 1800 595 160 or via www.idcare.org for support if you believe your personal information has been put at risk.
- Report scams to the ACCC via the Scamwatch report a scam page. Your report helps to warn people about current scams, monitor trends and disrupt scams where possible.
Please include details of the scam contact you received, for example, the email or screenshot.
- Lodge a report with the Australian Cyber Security Centre’s ReportCyber.
Find more information on where to get help if you think you have fallen victim to a scam on the Scamwatch website.