You might have learnt to detect and ignore spam, but phishing emails are another level. Not only do they look deceivingly credible, but some are personalised for you. Unfortunately, you’re most likely to encounter these kinds of scams more than any other. Thousands fall victim to phishing attacks every year. In fact, according to the Australian Competition and Consumer Commission (ACCC), Australians reported over 62,000 phishing scams in 2022. The damage? A record amount of over $3.72 million in losses. [1]

With this in mind, it’s important to identify the red flags should you come across a phishing attack.




6 tips for identifying and preventing phishing scams


Be familiar with the appearance of phishing scams

Although new techniques for phishing attacks are constantly being developed, they often have similar characteristics you can spot if you know what to look for. Numerous online websites provide up-to-date information on the latest phishing scams and their key features. The sooner you become aware of these new attack methods and disseminate this information to your users via regular security awareness training, the greater the likelihood of averting a potential attack.


Avoid clicking on that link

It’s generally inadvisable to click on a link within an email or instant message, even if the sender is someone you recognise. At the very least, you should hover your mouse over the link to check if the destination URL is legitimate. Some phishing schemes can be quite sophisticated, making the destination site appear almost identical to the genuine one, all to capture keystrokes or pilfering login or credit card details. If you can navigate to the site directly via a search engine instead of clicking the link, it’s advisable to do so.


Avoid sharing personal information on unsecured websites

If the website’s URL doesn’t begin with “https://,” or there’s no closed padlock symbol visible next to the URL, refrain from inputting sensitive data or downloading files from that site. While sites lacking security certificates may not necessarily be set up for phishing scams, it’s always better to err on the side of caution.


Change your passwords regularly

If you have online accounts, it’s advisable to make a habit of changing your passwords periodically. This restricts any attacker from having unfettered access, especially since your accounts might already be compromised without your awareness. Introducing this extra level of protection by regularly updating your passwords can help deter ongoing attacks and shut out potential intruders.


Implement firewalls

Firewalls are a robust defence against external threats, functioning as a barrier between your computer and any potential attackers. Utilising both desktop and network firewalls in tandem can enhance your overall security, minimising the likelihood of a hacker breaching your system.


Implement a data security platform to detect indications of an attack

Should you unfortunately fall prey to a successful phishing attack, rapid detection and response become crucial. A data security platform can alleviate some of the burden on your IT/Security team by automatically flagging unusual user activity and unauthorised file modifications. If an intruder gains access to your sensitive information, such platforms can assist in pinpointing the compromised account, enabling you to take measures to mitigate further harm.



Advice for dealing with phishing emails

Staying alert to identify phishing emails is crucial. If you find one in your inbox that hasn’t automatically been sorted into your spam folder, follow these steps to minimise the risk of falling victim to a phishing attack:


  • Delete the email without opening it: Many viruses are activated when you open an email attachment or click on a link within the email. Some email platforms even allow for viruses to infect your computer simply by opening a suspicious email, so it’s safer not to open such emails at all.
  • Block the sender manually: If your email client lets you block senders manually, then take advantage of this feature. Note down the email domain of the sender and add them to your blocked list. This is particularly prudent if you share an email account with family members, who might inadvertently open a suspicious email that has bypassed your spam filter.
  • Invest in additional security measures: It’s always better to be overly cautious. Consider investing in antivirus software to provide an extra layer of protection for your email account.


Common sense is your best defence against phishing attacks. In suspicious or strange emails, don’t open the attachment. Avoid clicking embedded links, and keep your software and operating system current.


Don’t leave your cybersecurity to chance

If you’ve encountered phishing attempts or have concerns about your online safety, FraudWatch is here to help. Contact us today for expert guidance and cutting-edge solutions to protect you and your organisation online.

We’ve helped hundreds of businesses across the finance, government, healthcare, retail, technology, media, sports and entertainment, transport, and telecommunications industries.