skip to main content
Tech

How to identify, avoid and recover from a phishing attack

Smarter Writer
Smarter Team

A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

Smarter Writer
Smarter Team

A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

Getting snagged by a phishing scam is never pleasant. It usually involves a cybercriminal using emails, texts, social media or phone calls to lure someone into handing over sensitive information. And as we become more and more dependent on technology and digital alerts, this scam builds up its confidence. Thankfully, there are ways to identify, avoid and recover from a phishing attack if it happens to you.

Cyber attacks in Australia are more common and pervasive than ever before. The Telstra Security Report 2019 reported that 65% of Australian businesses have been affected by some kind of cyber-security breach. What’s more shocking is that close to 90% of them went undetected.

At the heart of Australia’s cyber-security problem is phishing (pronounced ‘fishing’): frauds devised to steal confidential information – such as passwords, credit card details and banking details – from unsuspecting recipients. In 2018, the Australian Competition and Consumer Commission (ACCC) received over 24,000 reports of phishing. And the numbers are getting worse. In 2016, around $370,000 was lost to phishing scams in Australia, while in the first nine months of 2019, that number exceeded $1 million.

Be aware of the bait

You’re probably familiar with classic 419 ‘Nigerian Prince’ scams – emails with fanciful promises to get you rich quick if you just help transfer some money. Amazingly, this hustle is still working long after it first appeared: in Australia in 2018, close to $1.4 million was stolen through this type of scam. For the most part, though, these are fairly easy to sniff out if you know to be wary of anyone pleading for help in exchange for some kind of financial reward.

Phishing, on the other hand, is far harder to detect. According to the Australian Cyber Security Centre (ACSC), the poorly written, unofficial-looking phishing scams that first appeared in Australia in 2003 are a thing of the past. Today, these scams are far more sophisticated. They come in the form of emails, text messages and even social media direct messages that masquerade as correspondence from legitimate organisations or institutions, like banks or government departments, and request personal information or prompt you to click on a pernicious link.

Phishing scams are designed to look legitimate, and predominantly go after people via phone (in 2018, 41.2% of phishing scams were phone-based), email (29%) and SMS (24.6%).

5 common phishing scams

  • Spear phishing: individualised messages from a seemingly trustworthy sender, such as a bank or employer, and usually targeted at employees in an organisation
  • Whaling: targeted spear phishing, where a senior person in an organisation is phished by a cybercriminal masquerading as someone trusted, like a colleague
  • Pop-up phishing: deceptive pop-up ads that contain malware
  • Clone phishing: messages that closely resemble previously received legitimate ones – for instance, a phisher might send a fake promotional email from a brand to a known customer of that brand
  • Voice fishing: also known as ‘vishing’, where a phisher will attempt to solicit sensitive information over the phone

Identify, avoid and recover

Fortunately, while phishing scams can be well disguised, there are red flags you can watch out for. Grammar errors, misspelt names and incorrect facts are common giveaways. You might receive an email from ‘@combank.com’; a strange ‘competition winner’ alert SMS from JB Hi-Fi, when you haven’t entered a competition; or a cold call from a foreign or private number.

An organisation or institution will generally never ask a customer to share sensitive information through unsolicited correspondence. So as a rule, never give out personal details unless you are 100 per cent sure you know who you’re dealing with – in other words, you called them or have verified their identity. Likewise, never click on a link or open an attachment from an unsolicited message unless you are confident it’s legitimate – for example, you know you’ve safely received correspondence from this brand or person in the past.

According to ACSC, the best way to prevent phishing scams in the workplace is to “educate employees at all levels”. This includes instructing people to not click on links or open attachments on their work phone or computer, or through their work email, that have come from unknown parties.

Do you know how secure your digital workspace is?

Take Telstra’s cyber-security quiz to see where you stand

Find out moreDo you know how secure your digital workspace is?

If you’re unclear about how legitimate an email, text or phone call is, play it safe and simply delete or ignore it. You can always offer to call the institution back – after a thorough vetting.

If you have become the victim of a phishing scam, it’s important to act quickly. Change any compromised passwords across all your accounts, contact relevant parties (like your bank), and report the incident to the ACCC or ACSC.

Looking to secure your digital workspace?

Check out Telstra’s range of business security apps

Find out moreLooking to secure your digital workspace?
Trends
How to spot a gap in the market: The minds leading the non-alcoholic drink movement

Paying attention to evolving customer needs is essential for any small business. Australian drinking culture has been changing over time. The Australian Institute of Health and...

Productivity
Productivity
How to upskill on a budget: Our guide to the best online courses

Training and upskilling can be a great way to keep your employees inspired. It can also help to fill any knowledge gaps for small business owners – like you – who wear many hat...

Growth
Growth
Selling… on TikTok? The surprising success of these Aussie brands

Since launching in 2016, TikTok has become a social media giant. The platform is a destination for unparalleled viral reach potential, where unknown users with one popular vide...

Growth
Growth
How Freddy’s Pizza harnessed delivery platforms while keeping their in-store customers #1

Third party delivery platforms like Uber Eats play a big part in how customers find and interact with small hospitality businesses. But they have their pitfalls. Freddy’s Pizza...