Gone phishing: how scammers are increasingly using email to steal your data

According to ACCC’s Scamwatch, Australians lost more than $1.5 million to phishing scams alone in 2019. The number of Coronavirus scams are skyrocketing, with the Mimecast Brand EXPLOIT Protect team identifying close to 60,000 new coronavirus websites in a two-week period, most of which were malicious. 

However, there is still an enormous variety of malware phishing scams going around in Australia. One current example is disguised as an email from your bank. The email asks you to ‘update’ or ‘reset’ your password by clicking on a link. Clicking on the link takes the user to a convincing replica of the bank’s website, and presents the user with a form to enter their password.

The scammers then make off with your account number and password information.

Though these emails look convincing, especially on your smartphone, there are a few telltale signs that can tip you off to their authenticity.

How to spot an email scam

1. The email is not addressed to you by name, uses poor English (spelling mistakes or awkward grammar are common) or omits personal details that a legitimate sender would include (e.g. a tracking ID).
    
2. It’s from businesses you’re not expecting to hear from. Maybe from a bank you don’t have an account with, a parcel delivery service you didn’t order from, or a company you have no dealings with.
    
3. It asks you to download a file, especially one with an .exe, .docx or .xlsx file extension.
    
4. It takes you to a landing page or website with a weird URL. Maybe the company name is misspelled or has numbers in odd places. Maybe it doesn’t have the company’s name at all.

If you’re not sure if the email is genuine, it’s better to play it safe and call them up to confirm if they did in fact, send you an email. Taking a moment to double-check before sharing your information can protect you from a breach and save you, your co-workers and your company from a lot of headaches.