How to keep safe from phishing scam messages

Cybercriminals use many ways to try to steal your personal information online. Scam messages (or phishing) are one of the most common.

These scam messages often pretend to be from a large organisation you trust and can be sent via email, SMS, phone calls, instant messaging, or social media platforms. They often lure you to provide your personal details such as your username and password or credit card details.

The following are the common types of scam messages.

Phishing – Email messages

Phishing attacks represent the greatest threat to ACU’s security. Phishing is an attempt to get personal information from people through email, social media, or instant messaging. The most prevalent form of phishing is via email messages with links to fraudulent websites. It may look like a legitimate message from a trusted source, but the website URL goes to the fraudulent website to grab your information.

Here’s how it works:

1. Attacker sends an email to the victim.
2. Victim clicks on the email and goes to the fraudulent website.
3. Attacker collects victim’s credentials (username and password).
4. Attacker uses victim’s credentials to access a legitimate website.

Smishing – SMS text message

A smishing attack is a phishing attack that uses SMS texts instead of email. These are often cleverly designed to look like common texts received from vendors or service providers.

Here’s how it works:

1. Attacker sends an SMS text message infected with a malicious link.
2. Victim opens the SMS text message, click on the link, and provide personal information.
3. Attacker uses the victim’s information to commit fraud or make a profit.

Vishing – Voice communication

Vishing is a variant of phishing attacks that is executed via voice messages or fraudulent phone calls that induce you to reveal personal information.

Here’s what to look for:

• Is the caller trying to scare you, like saying your account has been hacked or there’s problems with your taxes?
• Is the caller claiming to be an authority figure, like tax authority or bank employee?
• Are they asking for personal data, like one-time passcodes or your mother’s maiden name?

How do I stay safe?

1. Think before you click on a link.
2. Never provide your details via a link in a message.
3. Never provide your details via a suspicious phone call.
4. Never press buttons or respond to prompts if you get an automated message.
5. Contact the person or business to check if they sent the message.
6. If you have entered your personal details into a scam (phishing) site? Act quickly and get help: Recover and get help | Cyber.gov.au.
7. If you have entered your work details into a scam, alert the ACU Enterprise Information Security team urgently via a Service Central ticket.

What to do if you receive a suspicious email

If in doubt, report any suspicious email via the ‘report message’ button in Outlook or submit a Service Central request to the Cyber team. 

Further information

Reporting emails within your own inbox

Reporting emails within a shared mailbox

You can also join the Cyber Security group on Workplace to stay informed of the latest news and tips.