Have you ever received a message from your bank asking you to share private information, move money from one account to another, or perform some other eyebrow-raising task?
Chances are the sender isn’t actually who they’re claiming to be, but how can you be sure?
These days, phishing messages seem to be an unavoidable part of living in the digital age. While many of us can recognise the telltale signs of a scam, cybercriminals (and the tools available to them) are getting more sophisticated by the day.
Below are some ways to help tell a phishing scam from a legitimate message, along with some steps to consider taking if you’re unlucky enough to fall victim to one.
What are phishing messages?
These are messages that resemble communications from a trusted source (such as your bank, insurance company or super fund) but are actually ploys by cybercriminals to obtain your personal information.
They often contain suspicious-looking links or attachments that can install malware onto your computer once clicked. This might allow scammers to make changes to your device remotely and without your knowledge.
Other giveaways can include typos, poor grammar, and urgent calls to action (such as calling a number, claiming a prize, or entering your login details). Generally, if your first impression when reading the message is that something’s off, there’s a good chance you’re right.
What to do if you receive a phishing message
- Don’t click on any links or open any attachments: Doing so can leave your device vulnerable to attack. Some red flags to watch out for include URLs that are deceptively similar to official websites, shortened URLs, and excessive use of hyphens and numbers. Even if a link doesn’t look suspicious, hover over it to see if it matches the text displayed.
- Go directly to the source: Without interacting with the message, navigate to the official website of your bank or service provider yourself. Many companies these days will have a dedicated page explaining what they will and won’t ask for in communications to customers.
- Call your bank or provider: For peace of mind, you can call your provider using the number listed on their website and ask them to confirm if the message you received (and any information contained within) is legitimate or not.
- Report the message: Finally, consider taking a screenshot of the text or email so you can report the scam to the ACCC’s ScamWatch.
What you can do if you click on a phishing link
Even the most cautious of us can unwittingly click on a malicious URL. If you find yourself in this position, whether due to a slip of the finger or a lapse of judgement, don’t panic. Below are a few steps that might be able to minimise the damage.
- Turn off your internet connection: This can potentially reduce the likelihood of malware spreading to other devices on your network. If your computer is tethered to an internet router, unplug the cable. If you’re connected via Wi-Fi, turn it off using the network settings on your device or by switching off your router.
- Back up any files using cloud storage, an external hard drive, or a USB: This is to prevent your files from becoming infected with malware, but it can also give you peace of mind that they won’t be lost if you have to perform a factory reset.
- Run an antivirus scan: If you already have antivirus software installed, run a scan and do not use your computer until it is finished. This should be able to identify any suspicious files that were installed on your computer and either remove or quarantine them. Alternatively, you can take your device to a professional to have it looked at.
- Change your passwords and PINs: It’s good practice to change the passwords on your accounts every few months, but doing so after your computer has been compromised is strongly advised. Try to create stronger passwords that you haven’t used before.
You will also need to alert your bank or service provider so they can put the appropriate controls in place. Depending on the nature of the scam and how recently it took place, they might be able to block any suspicious activity.
What else do you need to know?
Scammers can go to great lengths to impersonate people or institutions that you trust. These days, phishing messages can appear in the same message thread as actual communications from your bank. And a single phishing message might conceal an entire team of scammers, with people ready to pick up the phone to ‘confirm’ a claim once a victim calls the number in a message.
If you receive a text or email that raises alarm bells in your head, stay calm and try to avoid making any hasty decisions. Remember that a real organisation wouldn’t put you in a position where you’re under pressure to act — and if you’re still uncertain, go directly to the source to confirm.
This information is prepared by Bridges Financial Services Pty Limited ABN 60 003 474 977 AFSL 240837 (Bridges). Bridges is an ASX Market Participant and part of the IOOF group of companies. This report is prepared by the IOOF Research team for: Bridges Financial Services Pty Limited ABN 60 003 474 977 AFSL 240837, Consultum Financial Advisers Pty Ltd ABN 65 006 373 995 AFSL 230323, Elders Financial Planning ABN 48 007 997 186 AFSL 224645, Financial Services Partners ABN 15 089 512 587 AFSL 237 590, Millennium3 Financial Services Pty Ltd ABN 61 094 529 987 AFSL 244252, RI Advice Group Pty Ltd ABN 23 001 774 125 AFSL 238429, Shadforth Financial Group Ltd ABN 27 127 508 472 AFSL 318613 (‘Advice Licensees’). The Advice Licensees are part of the IOOF group comprising IOOF Holdings ABN 49 100 103 722 and its related bodies corporate (IOOF group). The Advice Licensees and/or their associated entities, directors and/or employees may have a material interest in, and may earn brokerage from, any securities or other financial products referred to in this document or may provide services to the company referred to in this report. The document is not available for distribution outside Australia and may not be passed on to any third person without the prior written consent of the Advice Licensees. The Advice Licensees and associated persons (including persons from whom information in this report is sourced) may do business or seek to do business with companies covered in its research reports. As a result, investors should be aware that the firms or other such persons may have a conflict of interest that could affect the objectivity of this report. Investors should consider this report as a single factor in making an investment decision. The document is current as at the date of issue but may be superseded by future publications. You can confirm the currency of this document by checking the intranet site (links below). The information contained in this report is for the sole use of advisers and clients of AFSL entities authorised by the Advice Licensees. This report may be used on the express condition that you have obtained a copy of the Advice Licensees Financial Services Guide (FSG) from their respective website. Disclaimer: The information in this report is general advice only and does not take into account the financial circumstances, needs and objectives of any particular investor. Before acting on the advice contained in this document, you should assess your own circumstances or seek advice from a financial adviser. Where applicable, you should obtain and consider a copy of the Product Disclosure Statement, prospectus or other disclosure material relevant to the financial product before making a decision to acquire a financial product. It is important to note that investments may go up and down and past performance is not an indicator of future performance. The contents of this report should not be disclosed, in whole or in part, to any other party without the prior consent of the IOOF Research Team and Advice Licensees. To the extent permitted by the law, the IOOF Research team and Advice Licensees and their associated entities are not liable for any loss or damage arising from, or in relation to, the contents of this report. For information regarding any potential conflicts of interest and analyst holdings; IOOF Research Team’s coverage criteria, methodology and spread of ratings; and summary information about the qualifications and experience of the IOOF Research Team please visit https://www.ioof.com.au/adviser/investment_funds/ioof_advice_research_process.