Commonwealth logo, ACCC Logo and Scamwatch banner




 
SCAMwatch homeBanking and online account scamsRequests for your account information ('phishing' scams)

Requests for your account information ('phishing' scams)

What is phishing?

‘Phishing’ refers to emails that trick people into giving out their personal and banking information; they can also be sent by SMS. These messages seem to come from legitimate businesses, normally banks or other financial institutions or telecommunications providers. The scammers are generally trying to get information like your bank account numbers, passwords and credit card numbers, which they will then use to steal your money.

Phishing emails often look genuine and use what look to be genuine internet addresses—in fact, they often copy an institution's logo and message format, which is very easy to do. It is also common for phishing messages to contain links to websites that are convincing fakes of real companies' home pages.

The website that the scammer’s email links to will have an address (URL) that is similar to but not the same as a real bank's or financial institution’s site. For example, if the genuine site is at 'www.realbank.com.au', the scammer may use an address like 'www.realbank.com.au.log107.biz' or 'www.phoneybank.com/realbank.com.au/login'.

Warning signs

  • You receive an email or SMS claiming to be from a financial institution or telecommunication provider. This message may seem to be from your bank, service provider or a business you don’t have an account with. The email contains a link that leads you to a website where you are prompted to enter your bank account details.
  • The email does not address you by your proper name.
  • The email might contain typing errors and grammatical mistakes.
  • The email might claim that your details are needed for a security and maintenance upgrade, to ‘verify’ your account or to protect you from a fraud threat. The email might even state that you are due to receive a refund for a bill or other fee that it claims you have been charged.

Protect yourself from phishing scams

  • NEVER send money or give credit card or online account details to anyone you do not know and trust.
  • Do not give out your personal, credit card or online account details over the phone unless you made the call and know that the phone number came from a trusted source.
  • Do not open suspicious or unsolicited emails (spam)—ignore them. You can report spam to Australian Communications and Media Authority. If you do not wish to report the message, delete it.
  • Do not click on any links in a spam email or open any files attached to them.
  • Never call a telephone number that you see in a spam email or SMS.
  • If you want to access an internet account website, use a bookmarked link or type the address in yourself—NEVER follow a link in an email.
  • Check the website address carefully. Scammers often set up fake websites with very similar addresses.
  • Never enter your personal, credit card or online account information on a website if you are not certain it is genuine.
  • Never send your personal, credit card or online account details through an email.

As well as following these specific tips, find out how to protect yourself from all sorts of other scams.

Do your homework

If you receive an email claiming to be from a bank, other financial institution or telecommunications provider that asks you to enter your details—delete it! A legitimate bank or financial institution will NEVER send an email like this.

If the email appears to be from your bank or financial institution and you think it might be genuine, telephone your bank or financial institution to let them know about the email and ask their advice. DO NOT call any telephone number listed in the email; instead, use a phone number that appears on your bank statement or card or in the telephone directory. Many banks and financial institutions now have specialised internet security staff who can help you.

Decide

You should NEVER give your personal or bank account details to people you don’t know and trust. Don’t be fooled by an email that looks legitimate or appears to link to a genuine website. If you think the email may be genuine, ALWAYS contact your bank to confirm an email’s legitimacy before replying. Your best defence is to delete the email straight away.

Report them

If you have received an email asking for your bank account details, you can report it through SCAMwatch. You can also report it to the business that the scam is impersonating, but be sure to use an email address or phone number that is not in the suspicious email.

If you have given your account details after receiving one of these emails, you should report it to your bank or credit union immediately so they can freeze your account. Let SCAMwatch know about your experience as well, through the report a scam page.

You could also tell your family and friends about any suspicious emails you have received to help protect them.

See a phishing scam example

If you are able to recognise the warning signs, you can take an active role in reducing the likelihood of being a victim.

We have published a range of example scams so you can see how the scammers trick you. Visit see-a-scam to help you learn how to recognise the warning signs.

If you read the information on phishing scams and study our phishing scam examples, you will stand a much better chance of staying ahead of the scammers. Prevention is the most effective tool against scams.

What to do if you've been scammed; Scams & the law; Report a scam.

Similar scams:


Scammers pretend to be from your bank or financial institution and tell you that there is a problem with your account. They ask for your account details to protect your money, but then use these details to steal your money.

There are many types of scams that aim to steal your credit card details, either by taking the card itself or by tricking you into giving them the card’s details.

Card skimming is the illegal copying of information from the magnetic strip of a credit or ATM card. This can create a fake or ‘cloned’ card with your details on it.

You are promised huge rewards if you help someone transfer money out of their country by paying fees or giving them your bank account details.

Employment opportunities that promise huge incomes with little work – usually by asking you to transfer money for someone else or recruit new victims.

If you agree to transfer money for someone you don’t know, you let scammers use your bank account to ‘launder’ their dirty money. This puts you and your money in the firing line.

Spyware is a type of software that spies on what you do on your computer. Key-loggers record what keys you press on your keyboard. Scammers can use them to steal your online banking passwords or other personal information.

Printer friendly
Quick links
Related topics
 

© Commonwealth of Australia 2014