Scammers and fraudsters are still putting huge numbers of Australians at risk. The Australian Bureau of Statistics (ABS) found that 65% of Australians were targeted by scammers during the 2021-2022 financial year, up from 55% the previous year. While people are getting increasingly savvy (fewer people now respond to scams, while more report them), this still represents a serious risk.
Read on to learn more about types of phishing scams and how to recognise and report these fraudulent communications.
Common Phishing Scams
Any email scam in which the sender pretends to be someone they are not is a phishing scam. These scams use social engineering to ensure victims – in other words, they aim to win the victim’s trust before exploiting this. Common types of phishing attacks include:
Blanket Email Phishing
This is probably the most common form of email phishing because it is so cheap and easy to execute. Scammers send out thousands of emails with fraudulent links or attachments in the hope that one or two recipients open them.
Spear-phishing is more targeted. Fraudsters gain access to email lists for service providers or trusted web domains and then impersonate these organisations in an attempt to trick the recipient.
Whaling is a phishing attack in which scammers try to target specific individuals, such as company executives and members of the upper management team. A single successful whaling attack can put an entire company in jeopardy.
BEC stands for Business Email Compromise. If fraudsters can temporarily gain access to a business email account through hacking or malware implementation, they can send emails that appear trustworthy but actually put the recipient at risk. These attacks can be difficult to defend against.
Recognising Phishing Scams
How do you spot a phishing scam? Boost your fraud awareness and look out for the following in all communications your business receives.
Check the Sender’s Domain
You receive an email from one of your business’ service providers. You know their domain is ABCServiceProvider.com.au, but the email comes from @ABCServProv.com.au or @ABCServceProvdier.com.au, from @gmail.com, or even from @dfsfsfsfsd.com. A legitimate email will always come from the sender’s real business email account, and this will be easy to spot.
Check the Body of the Email
Businesses spend a lot of money on email design and content. They very rarely send out emails with typos and almost never with significant writing errors, weird formatting, or strange/outdated images and logos. If you spot these issues, it may be a scam.
Check Any Attachments Without Opening Them
This one is more difficult, as you won’t know what’s in the attachment until you open it. If your email account or your web security system flags an attachment as suspicious, never open it. Even if the attachment is not flagged, only open it if you are sure the email is genuine.
Check Links and Contact Information
If the email contains links that do not go to the expected location, this is a warning sign. Don’t follow any links that direct to somewhere other than the supposed sender’s legitimate domain. If an email asks you to make contact or includes any contact information, check this against the client services contact information on the company’s official website. If it doesn’t match, the sender may be trying to commit fraud.
Reporting Phishing Scams
How can you report a phishing scam? Here are a few actions you can take.
- Contact your email provider.
- Contact your bank or card provider if you think your information is compromised.
- Contact the supposed sender of the email using trusted contact information – never contact the fraudsters themselves.
- Contact the Australian Competition and Consumer Commission’s Scamwatch service.
- Contact ReportCyber to log the incident.
Protect Your Business from Fraud
Here at FraudWatch, we have been helping businesses defend against phishing scams since 2003, working with organisations in the finance, government, healthcare, retail, technology, media, sports and entertainment, transport, and telecommunications fields. Together, we can stop phishing, social media and email scams in their tracks. Call our agents today.