Phishing is a way that cybercriminals steal confidential information, such as online banking logins, credit card details, business login credentials or passwords/passphrases, by sending fraudulent messages (sometimes called ‘lures’).
These deceptive messages often pretend to be from a large organisation you trust to make the scam more believable. They can be sent via email, SMS, instant messaging or social media platforms. They often contain a link to a fake website where you are encouraged to enter confidential details.
Phishing emails have been used by cybercriminals to steal financial details from Australians for a number of years (phishing emails were first observed in Australia in 2003) but have become increasingly sophisticated since then. Brands that are commonly copied include:
It used to be easy to recognise and ignore a phishing email because it was badly written or contained spelling errors, but current phishing messages appear more genuine. It can be very difficult to distinguish these malicious messages from genuine communications. Because of phishing, it is now standard policy for many companies that they will not call, email or SMS you to: