Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company asking you to provide sensitive information or click on a link. Some phishing messages are an obvious fraud, others can be a bit more convincing. So how do you tell the difference between a real message and a phishing message?
There is not one single technique but here are some hints.
1. The message contains a mismatched URL
One of the first things you should check is whether the URL (e.g. link to website or email address) actually matches the name displayed.
If you hover your mouse over the link or email address and it is different to the address that you can see, the message is probably fraudulent or malicious.
For example, if you hover over a display sender name like “Stay Smart Online” it should appear as StaySmartOnline@ag.gov.au, not something like StaySmartOnline123445656@123.com.
2. URLs contain a misleading domain name e.g. microsoft.com.maliciousdomain.com
Criminals who launch phishing campaigns often depend on people not checking a link before they click it, or not understanding how a domain name is structured.
For example a Microsoft webpage would always have microsoft.com at the end:
||This could be OK
||This is NOT OK (note the missing letters)
3. The message contains poor spelling and grammar
If a company sends out a message, it's usually reviewed for spelling, grammar and legality. So if a message is filled with poor grammar or spelling mistakes, it probably did not come from them.
4. The message asks for personal information
No matter how official an email might look, it's always a bad sign if the message asks for personal information. For example, your bank doesn't need you to send them your account number - they already know it. Also, a company should never send an email asking for your password or credit card number.
5. The offer seems too good to be true
If the offer seems too good to be true - it probably is. If you receive a message from someone unknown to you making big promises e.g. you have won tattslotto - when you did not buy a ticket - the message is probably a scam.
6. You did not initiate the action
For example, if you get an email saying you won a car but you never entered the competition, it is probably a scam.
7. You are asked to send money to cover expenses
A sign of a phishing email is that you are asked for money - even if it is not in the first email.
8. The message makes unrealistic threats
If a message makes unrealistic threats it is probably a scam. An example of a threat message is an email saying that if you do not submit a form with identification, your account will be cancelled and assets seized.
9. The message appears to be from an official source
Official sources do not use email as their first form of contact. It will most probably be a scam.
10. Something just does not look right
If it looks off, it probably is. This also applies to email messages. If you receive a message that seems suspicious, it's usually in your best interests to avoid acting on the message. Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender.