Phishing is a common tactic employed by hackers, as it requires the least amount of effort and generally preys on the less cyber-aware. In 2019, the FBI produced a report which estimated that more than $1.75 USD billion was lost to business email scams. Unfortunately, email phishing scams are also common in Australia.
In most phishing scams, hackers impersonate a real company to obtain your login credentials. You may receive an e-mail asking you to verify your account details or sign in with a username/password. Providing these details to a phishing site delivers your information directly to the attackers.
In some cases, more sophisticated phishing attacks includes information that makes the attacker seem like a legitimate source. They may use Company Names and/or phone numbers in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
What You Can Do
To avoid phishing schemes, please observe the following email best practices:
- Do not click on links or attachments from senders that you do not recognise.
- Be especially wary of .zip or other compressed or executable file types.
- Do not provide sensitive personal information (like usernames and passwords) to links sent to you over email.
- Watch for email senders that use suspicious or misleading domain names.
- Inspect URLs carefully to make sure they’re legitimate and not imposter sites.
- Do not try to open any shared document that you’re not expecting to receive.
- If you can’t tell if an email is legitimate or not, please contact the sender directly and confirm whether they intended to send you an email.