Tips to avoid phishing scams

From time to time, there are reports of ‘phishing’ attacks being attempted on software users. Here’s some help to understand how to protect yourself.

‘Phishing’ is when someone sends you an email or other communication (usually from a website or source familiar to you) which is designed to trick you into giving away your secret password(s) or otherwise taking control of your IT systems.

For example, you might receive an email which tells you your password has expired and gives you a link to a fake reset password page where you enter and divulge your current password.

The email could be made to appear official and appear as if it is coming from and organisation or vendor you know.

READ: Three online scams to avoid

Alternatively, you might receive a fake invoice as an attachment in the hope that you open it, subsequently infecting your machine with a malicious virus.

On the internet these types of attacks are unfortunately very common across many of the sites you probably use. The way to avoid falling victim is to be on high alert for them and learn some of the tell-tale signs.

Here are some tips to get you started:

• Remember that taxation departments (such as the ATO and IRD) and MYOB will not send you an unsolicited email asking for your password or login details, nor an invoice as an email attachment. If you receive an email with either of these things (unless you have specifically requested one), then it could be a fake email and you should not follow any links or open any attachments. This also might be true of other websites you use.
• The next thing to do is to look at the email address from which the message has been sent. Sometimes the email address is made to look very similar to a website you use, but it’s not quite the same. If the message didn’t come from an email address you know, then it could be fake.
• Next, look at the hyperlinks in the email text. Do they point to websites that are known to you? Again, the link names might be very close to ones you know, but just a few characters different. If they are different, don’t follow them. In some email systems, if you hover your mouse over the link it shows you the full link address.
• Lastly, make sure you have virus scanning and anti-spyware software installed on your machine and that it is always up to date.

There are many resources on the internet about phishing and how to recognise other scams, such as this one from the Australian government or this one from the NZ government.

If you receive an email from us that you think is suspicious, please feel free to contact our support centre to make sure.