Internet Safety Series – Email Phishing

by Rebecca Moonen

As the Internet grows into a pretty convenient way to shop, bank and communicate, protecting your personal information from scammers has become paramount. While these fraudsters are pretty clever, it’s easy to outsmart them once you know the tricks. At iiNet, we often see a flood of fake emails hit our mail servers and our techs act quickly to delete them. However if you’re someone that hits “send and receive” pretty much constantly (and hey- we don’t judge) the email might reach your inbox before we’re able to purge it.

Email phishing occurs when a fraudster sends you an email, purporting to look like it’s come from a legitimate business. Common emails include phoney correspondence from your bank, EBay and even from iiNet! By creating a sophisticated email complete with official looking logos (and often including your full name), these documents are designed to trick you into disclosing your account details. Remember, that iiNet will NEVER EVER request your password in an email and we’ll never ask you to log into Toolbox to “update” your details either.

Telltale signs to look for include:
– A reason why you need to provide details (e.g. your account will close down unless you respond)
– A sense of urgency (e.g. this needs to be done today)
– A call to action (e.g. money has been taken from your account and you need to log in to confirm the charge is incorrect.)
– A genuine looking web address (URL) that is similar (but never the same) as the real website. (If our site is the link might look like
– Dodgy looking text- the email might contain spelling errors and grammatical mistakes (we’re cleverer than that!)

The good news is that phishing spam is covered by the Spam Act and is considered a criminal offence. Reporting the email to the Australian Communications and Media Authority (ACMA) helps curb the spam, and they generally refer reports of phishing directly to the Australian High Tech Crime Centre (AHTCC). Among other things, the AHTCC will usually try to deregister the website to which the email recipients are being directed in the email.

If you get one of these emails stop and have a think about it. Does it really seem plausible that your institution would have sent you this email? Have a look on their website- is there a press release or similar announcement regarding the alleged “system upgrade” that the correspondence refers to? Remember to always type the address in yourself (and not click on the hyperlink included in the email) to ensure you’re going to the correct page (and not the dodgy one.) Report the email to ACMA so people who aren’t as savvy as you might be saved the inconvenience of being duped. Finally, delete the email.

Stay safe people!

No comments - go ahead, have your say!

Comments are closed.