​Teach a man to phish: How to avoid being speared by a scam

You’re not the type of person that falls for scams. You’re savvy to Nigerian princes with funds for urgent transfer and jackpot wins for Spanish lotteries you never bought tickets for. You’d just never fall for it.

Except maybe you would. With online fraudsters using ever more sophisticated phishing attacks, it’s increasingly difficult to know what’s genuine and what’s not.

Anyone can be duped. In May Austrian aerospace parts manufacturer FACC fired its CEO after scammers tricked the company’s financial controllers into wiring more than €50 million to their account.

Barbie maker Mattel’s financial executive was fooled by an email purporting to be from the CEO, requesting she wire $3 million dollars to a bank in China. She obliged.

Phishing scams are attempts by scammers to trick you so you transfer funds or give them personal information such as bank account numbers, passwords or credit card details.

We’re all susceptible to a well-crafted one. For all a company’s cyber defences, staff are often the weakest link, a phenomenon Telstra’s CISO Mike Burgess dubs ‘the human firewall’.

In a bid to raise awareness ANZ Bank even sends its own employees fake phishing emails.

“I know at least one – many, many more actually – will click on the link,” said Steve Glynn, the bank’s global head of information security.

So far this year, Scamwatch – run by the Australian Competition and Consumer Commission (which has been mimicked in a scam email itself) – has received 12,131 reports of phishing scams, resulting in combined losses of more than $480,000 (already a huge increase on the previous year). Phishing is by far the most commonly reported type of scam.

So what should you look out for? Scamwatch identifies the following warning signs:

• You receive an email, text or phone call claiming to be from a bank, telecommunications provider or other business you regularly deal with, asking you to update or verify your details.
• The email or text message does not address you by your proper name, and may contain typing errors and grammatical mistakes.
• The website address does not look like the address you usually use and is requesting details the legitimate site does not normally ask for.
• You notice new icons on your computer screen, or your computer is not as fast as it normally is.

So what should you do? In short – just press delete.

• Do not click on any links or open attachments from emails claiming to be from your bank or another trusted organisation and asking you to update or verify your details.
• Do an internet search using the names or exact wording of the email or message to check for any references to a scam – many scams can be identified this way.
• Look for the secure symbol. Secure websites use of 'https:' rather than 'http:' at the start of the internet address, or have a closed padlock or unbroken key icon at the bottom right corner of your browser window.

Even if you’re well aware of the advice, you can still fall prey to fraud.

“When you're flat out busy and you’ve got 500 things going at home or at work, and the emails themselves are so compelling you want to get onto it because you're so busy," said MailGuard CEO Craig McDonald about a recent Telstra scam. “They're pretty good even when you stop and pause.”

If you think you have provided your account details to a scammer, contact your bank immediately.

If you spot a scam, be sure to report it to Scamwatch via the report a scam page.