How to recognise phishing scams

Phishing or spam? Both are annoying but which one is dangerous?

Spam emails are mass messages offering outrageous bargains, foreign princes, and sudden inheritances. They’re annoying but are rarely dangerous by themselves, and are usually easy to identify and ignore.

Phishing emails are dangerous, insidious, cyber threats. They usually appear to be from a trusted organisation such as a bank or online retailer and can be very sophisticated and difficult to spot. Even simply opening one of these emails can infect your device with malware.

How to identify a phishing email:

• bad spelling and grammar
• generic greetings
• unknown sender
• domain names that don’t match the organisation (eg. amazon-deliveries@hocuspocus.com) or are misspelt
• incorrect branding
• urgency
• requests to click links or download files.

Here’s an example:

This phishing email appears legitimate in many ways:

• company logo and branding
• the sender ID sounds like something we might expect (System Reminder)
• official-looking copyright claim
• technical language that might fool an unwary user (cookies).

But it still has many signs of a phishing email:

• generic username
• unknown email address not associated with the company
• vague information
• bad spelling and grammar
• urgency
• clickable link. 

Note that phishing is not limited to emails. Learn about other types of phishing

What can happen if you get phished?

The impacts of being phished vary but all are inconvenient at best and very serious at worst. This could include:

• identity theft
• unauthorised financial transactions
• your personal data being held for ransom
• invasion of privacy.

What to do if you’ve been phished

• Immediately take your devices offline to prevent further damage.
• Change your passwords.
• Notify your bank if you think your account data may have been compromised.
• Scan your device with anti-virus software (available free to all ACU staff and students).
• Continue to monitor for suspicious activity. The impact could be bigger than you know.
• Report the crime to Australian Cyber Security Centre.
• Seek help through IDCare.
• Inform ACU cyber security via Service Central if your ACU account is impacted.

Where to learn more

• Join the Cyber Security Workplace group.
• Read ACU cyber security bulletin articles.
• Take the Spot the Phish training provided by ACU.