Phishing: How to stay safe

Phishing involves scams built on deception, usually via phone or email. Phishing scammers pretend to be legitimate organisations or people to gain your vital information. Sometimes these scams can be hard to distinguish as they often look similar to real emails sent by the organisation.

What should you do if you suspect an email is fraudulent?

If you suspect an email is a phishing attempt, there are several steps you can take to protect yourself. These include:

  • Never click any links or open any attachments from the email, especially if they ask you to verify or update your details.
  • If you receive a suspicious email from an organisation:
    • Check with the organisation using the information provided on their website or your membership card.
  • If you receive a suspicious email from someone you may know:
    • Contact that person via another platform such as text message or phone call to confirm the email.
  • You can also do an internet search for exact wording within the email or names provided to find any reference to this scam online.
  • You can also report the message to your IT support team or organisations such as the ACCC’s Scamwatch.
  • From these steps, if you believe the email is a scam, then delete the email to protect yourself.

What should you do if you have successfully fallen for a phishing scam?

In the unfortunate event that you have fallen for a phishing scam, do not fear. There are still some steps you can take to protect yourself. These include:

  • As soon as you realise you may have been phished, write down as much of the information of the phishing attack as you can recall. Especially note if any vital information was shared, such as account numbers, usernames, or passwords.
  • Immediately change the passwords on the accounts affected. As well as anywhere where you may use the password that you shared. Make sure the new passwords are unique and strong for each account. Tips on how to create a strong password are below.
  • Turn on two-step verification (also known as Multifactor Authentication) for every account that allows it. It helps ensure that an additional verification step must occur for someone to gain access to your account, so they cannot just log in with a password alone.
  • If the attack targeted your work or school accounts, or you use the same phished password for school or work:
    • You should notify your IT support teams at those organisations to warn of the possibility of an attack.
  • If you shared any banking information, including information about credit or debit cards:
    • You should contact those companies and alert them about the potential for fraud to occur.
  • If you have lost money or become the victim of identity theft:
    • You should report that information to local law enforcement. Including the details, you remember about the attack to help them aid you.

Tips for creating a strong password

Strong passwords can help protect your security. Following these simple steps can help you stay safe online:

  1. Create a strong password in the form of a passphrase.
  2. Try to avoid reusing passwords, make them unique between different sites.
  3. Make them longer to make them harder to guess.
  4. Create passwords that are harder to guess, even by someone who knows you well.
  5. Avoid numerical sequences such as 1234, 4321 or repeated characters such as 7777.
  6. Do not use famous quotations from your favourite film, book or song.
  7. Avoid single words found in the dictionary.
  8. Do not use any personal information. For example, do not use your street address, postcode, significant dates such as birthdays or anniversaries or children’s and pet’s names.

For further information about passwords, see our post “Best Practice. How to choose passwords”.