Go to Sonder
All Collections
Public safety advice
Misinformation and scamming
Spotting phishing scams

Spotting phishing scams

Yes, it sounds like 'fishing' but unfortunately has nothing to do with catching fish.
Alexander Pan avatar
Written by Alexander Pan
Updated this week

Pronounced "fishing" (hence the header image), phishing scams involve sending people deceptive yet authentic-looking messages (across a variety of channels). These messages contain malicious links or URLs that lead to fake websites that trick people into sending cybercriminals confidential information and data.

As this is a common and serious safety risk, we're going to take a deep dive into the different types of phishing scams out there.

Just remember that if you need support or someone to talk to, our Sonder support team is available 24/7 to chat whenever you need it.

Phishing email scams

Phishing email scams involve cybercriminals sending fake emails that look like they're from big organisations such as the state and territory police, utility services, postal services, banks, telecommunication services, and government departments.

These emails generally look very convincing and authentic, but there are a few things you can spot or need to be aware of when trying to gauge whether it is fake or real:

  • Are you expecting an email from this organisation?

  • The email urges you to click on a link (e.g. your security is compromised and you must take immediate action).

  • Is the email address the same as others from this brand?

    • Generally, the email is comprised of gibberish and clearly not from the organisation it claims to be a part of.

  • Does the subject of the email relate to the request?

  • The message isn’t addressed to you personally (e.g. Dear Valued Customer).

  • Look out for spelling errors and intentional changes.

An important thing to be aware of is that companies will not call, email, or SMS you to:

  • Ask for personal info like your username, PIN, password or secret/security questions and answers.

  • Ask you to enter information on a web page that isn't part of their main public website.

  • Ask to confirm personal information such as credit card details or account information.

  • Request payment on the spot.

To stay safe from phishing emails, make sure you:

  • Stay vigilant and calm.

  • Avoid opening any links or attachments contained in the phishing email. Delete it directly from your inbox.

  • Use a spam filter to block out unwanted emails.

If you've shared personal or financial details in response to the phishing email, you need to:

  • Change the passwords for any online accounts that might be at risk. Make sure to enable two-factor authentication for an extra layer of security.

  • Contact your bank immediately to let them know what happened and ask what they can do to help.

  • If you've shared personally sensitive information, such as your driver's licence, passport details, or contact details, visit IDCare for assistance on how to address potential identity theft.

  • File a report with the Australian Cyber Security Centre here.

Phishing SMS scams

Phishing SMS scams (or 'smishing') are a type of social engineering that relies on exploiting human trust. There are three driving factors why scammers use phishing SMS scams:

  • Trust - An SMS comes across as more personal when posing as an individual or organisation.

  • Context - Scammers use a situation relevant to targets, allowing them to build an “effective disguise”

  • Emotion - Scammers override the target’s critical thinking by heightening emotions.

There are two ways phishing emails operate:

  • Malware - The SMS contains a URL that will download and install malware onto your device.

  • Malicious website - Similar to phishing emails, the SMS will contain a link that leads to a fake website designed to trick people into entering their personal info.

To stay safe from smishing attempts, make sure you:

  • Don't respond - even prompts like “STOP” to unsubscribe can be a trick.

  • Don't touch any links or contact info in the SMS.

  • Use multi-factor authentication and never provide any passwords to anything.

  • Double-check the phone number - report odd-looking numbers to Scamwatch and/or the police.

Social media phishing scams

With the prevalence of social media in our everyday lives, those platforms are an easy way for scammers to target people.

Depending on the platform, scammers can send malicious files and/or URLs to fake websites through tweets, direct messages, posts or videos.

Other methods include scammers creating convincing fake Twitter, Facebook, and Instagram profiles or pages designed to lure in unsuspecting users into giving up their personal information.

To stay safe from social media phishing scams, make sure you:

  • Do not click on links in posts, tweets or messages.

  • Ask yourself, "Would someone really be reaching out to me about this certain topic?"

  • Recognise if it seems too good to be true - It usually is too good to be true!

  • If something unexpected or weird comes from a friend or someone you know, their account could’ve been hacked.

  • Check the number of followers and people following the account. Genuine organisations – including their customer support handles – are likely to have a much larger following.

Phone call phishing scams

Phone call phishing scams involve scammers using software to change their phone number or impersonate another number (a practice called 'spoofing') in order to pretend to be someone else.

These calls generally involve pressuring you into providing personal and/or financial information through threats of expensive fines, bills, arrest, court appearances, disconnecting your internet service, or deportation if you're an international student. Some scammers may also pressure you into buying fake gift cards, cryptocurrency, or pre-paid credit cards to pay off some made-up debt.

There are a number of red flags to spot during a phishing phone call scam, including:

  • Calls from people claiming to be an employee from a well-known organisation.

  • Call quality may be poor and the caller may be difficult to understand.

  • Callers who are urging you to take immediate action to address a problem.

  • Calls offering to place a number on the Do Not Call Register for a fee. This is a free service.

  • Callers claiming that your computer has a virus or is attacking others.

To stay safe from phone call phishing scams, make sure you:

  • Never share any financial or confidential information over the phone.

  • Never pay any fees for prizes or rewards over the phone.

  • Be wary of caller ID as these can be faked.

  • Hang up on anyone claiming to be from your bank or government agency and is asking for personal information. Call your bank or the government agency back if you're not sure.

    • Banks and government agencies will NEVER ask for personal information over the phone.

  • If you're in Australia, place your phone number on the Do Not Call Register.

If you have any questions or need extra support, we're here to help you anytime in any language. Simply start a chat with us via the home screen of the Sonder app.

Information sourced from: The Australian Cyber Security Centre #1, The Australian Cyber Security Centre #2, Get Safe Online, Griffith University, Kaspersky, Scamwatch, The University of Michigan, The University of Queensland, and The University of Sydney

Image credit: Forrest Gump

All content is created and published for informational purposes only. It is not intended to be a substitute for professional advice.

Did this answer your question?