Phishing scams are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.
How the scam works
A scammer contacts you pretending to be from a legitimate business such a bank, telephone or internet service provider. You may be contacted by email, social media, phone call, or text message.
The scammer asks you to provide or confirm your personal details. For example, they may say that the bank or organisation is verifying customer records due to a technical error that wiped out customer data. Or, they may ask you to fill out a customer survey and offer a prize for participating.
Alternatively, the scammer may alert you to 'unauthorised or suspicious activity on your account'. You might be told that a large purchase has been made in a foreign country and asked if you authorised the payment.
If you reply that you didn't, the scammer will ask you to confirm your credit card or bank details so the 'bank' can investigate. The scammer may already have your credit card number and ask you to confirm your identity by telling them the 3 or 4 digit security code on the card.
Phishing messages are designed to look genuine, and often copy the format used by the organisation the scammer is pretending to represent, including their branding and logo.
They will take you to a fake website that looks real, but has a slightly different address.
If you provide the scammer with your details online or over the phone, they will use them to commit fraud, like using your credit cards and stealing your money.
Other types of phishing scams
- Whaling and spear phishing - the scammer targets a business in an attempt to get confidential information for fraudulent purposes. To make their request appear legitimate, they use details and information specific to the business that they have obtained elsewhere.
- Pharming - the scammer redirects you to a fake version of a legitimate website you are trying to visit. This is done by infecting your computer with malware which causes you to be redirected to the fake site, even if you type the real address or click on your bookmarked link.
Warning signs
- You receive an email, text or phone call claiming to be from a bank, telecommunications provider or other business you regularly deal with, asking you to update or verify your details.
- The email or text message doesn't use your proper name, or it may have typing errors and grammatical mistakes.
- The website address does not look like the address you usually use and asks for details the real site doesn't normally ask for.
- You notice new icons on your computer screen, or your computer isn't as fast as it normally is.
Protect yourself
- Do not click on any links or open attachments from emails claiming to be from your bank or another trusted organisation, asking you to update or verify your details – delete them.
- Do an internet search using the names or exact wording of the email or message to check for any references to a scam – many scams can be identified this way.
- Legitimate websites that ask you to enter confidential information are generally encrypted to protect your details. Look for the secure symbol. Secure websites have 'https:' (instead of 'http:') at the start of the internet address, or a closed padlock or unbroken key icon at the bottom right corner of your browser window.
- Never provide your personal, credit card or online account details if you receive a call claiming to be from your bank or any other organisation. Instead, ask for their name and contact number and make an independent check with the organisation in question before calling back.
Have you been scammed?
If you think you have provided your account details to a scammer, contact your bank or financial institution immediately.
Report scams using the report a scam page. This helps us to warn people about new and emerging scams and trends and disrupt scams where possible.
Find out more about protecting yourself from scams and where to get help.
Spread the word to your friends and family to protect them.
More information
