Phishing and identity theft

Phishing

Phishing is a type of scam where criminals will try to trick you into giving away personal information like credit card details, passwords or bank account numbers. The most common method of contact for phishing scams is phone, email and text message but they can also come through the mail, mobile apps, social media or webpages. Phishing scams may claim to come from a bank, telecommunications company, delivery company or other organisation you deal with regularly. They can look real and be difficult to tell apart from genuine communication. Signs to look for:

  • The email, text message or caller does not address you by name

  • Email addresses or URLs are slightly different from what you would expect

  • There is a sense of urgency, e.g. “Click this link within 24 hours or your account will be shut down”

  • Insecure websites will begin with http:// rather than https://

If you are not sure if something is a scam you can contact the organisation directly and ask them to confirm the details. Scams may also be identified by an internet search for the names, phone numbers or exact wording used.

If you think you have given away personal information to the wrong person contact your financial institution immediately.

Identity theft

Phishing can lead to identity theft but your identity can also be stolen by hacking, malware, document theft or fake online profiles. Criminals may use your identity to:

  • Steal money from your bank account or superannuation

  • Apply for loans or lines of credit

  • Take out phone plans or other contracts

  • Purchase expensive goods

  • Access social media or email accounts to scam your friends and family

These are some of the signs that your identity may have been stolen:

  • Purchases or withdrawals that you did not make

  • You can’t log into email or social media accounts, or you are notified you logged in from a location you do not recognise

  • You are refused credit because of outstanding debts you did not accrue

  • You are contacted by debt collectors

Spear phishing

Spear phishing (also known as whaling) is a more sophisticated type of phishing scam. Criminals will use genuine information about people or organisations to target them specifically. The information they use may be publicly available or may have been stolen. They will spend a lot of time and effort into engineering messages to make them seem legitimate and manipulate people to act.

Protect yourself

Some of the ways you can help protect yourself from phishing scams and identity theft are:

  • Do not click links or open attachments unless you are certain who they came from

  • If you are seemingly contacted by an institution you have a business relationship with, look up their usual contact details online (independently of the suspicious message) and contact them through there to confirm if the message is genuine or not. Do not engage with the suspicious message, but seek confirmation directly from the institution.

  • Discuss suspicious messages with a friend or family member

  • Keep informed of common types of scams

  • Beware of offers that seem too good to be true

  • Use strong passwords and update them regularly

  • Do not use the same password for all accounts

  • Secure computers, phones and wifi networks with password protection

  • Do not use wifi hotspots to access online banking

  • Review your social media privacy and security settings

  • Use a password manager, as they won't automatically fill in your details on a duplicate site, only the original site you made the password for.

PreviousDeveloping a digital presenceNextUsing password managers

Last updated