Phishing is a way that cybercriminals steal confidential information such as online banking logins, credit card details, business login credentials or passwords/passphrases, by sending fraudulent messages (sometimes called ‘lures’).
Stolen passwords, codes, names, machine addresses and personal data give access to identities which allow the theft of information or install malware.
Spam or Phishing emails elicit private information from unknowing victims differently. One ploy alerts the victim to a faked attempt to enter his computer; another asks for information to complete a required document and a third may pose as an invoice for unpaid purchased goods.
These deceptive messages often pretend to be from a large organisation you trust, to make the scam more believable. They can be sent via email, SMS, instant messaging or social media platforms. They often contain a link to a fake website where you are encouraged to enter confidential details.
Business brands that are commonly copied include: state and territory police or law enforcement (fake fine scams), utilities such as power and gas (fake bills and overdue fines), postal services (parcel pick-up scams), banks (fake requests to update your information), telecommunication services (fake bills, fines or requests to confirm your details), and government departments and service providers such as the Australian Taxation Office, Centrelink, Medicare and myGov.
The Australian Cyber Security Centre provides advice on the best way to protect yourself from phishing attempts.