Have you ever found an email that claimed to be from your bank or telco but seemed a bit off? Ever received a phone call, apparently from the ATO, that was a weird, pre-recorded voice telling you that your tax file number is suspended? Our money’s on, yes. 

Hopefully, you recognised these communications for what they are — scams, in particular, phishing scams.  

Unfortunately, however, Australians fall prey to phishing scammers every day, and cases are growing. In 2020 alone, Australians lost a record amount of over $851 million to scammers.  

To help better protect you from online scammers, we’ll go through some traits that phishing scams have in common, so you know which warning signs to look out for.  

What are phishing scams? 

Phishing scams are a popular way for scammers to try to gain access to your financial and personal details. Specifically, scammers will try to gain access to things like bank account numbers, passwords and credit card numbers.  

Scammers will typically pretend to be from a legitimate business or organisation like a bank or the ATO. You may be contacted via email, phone call or text message or even over social media.  

While phishing scams are varied, they all share common elements. By understanding what these elements are, and knowing what to look out for, you can better protect yourself online.  

Phishing scams: things to look out for 

1 – The message is sent from a public email domain 

Always confirm that the email you receive comes from a private email domain. If you get contacted by someone claiming to be your bank, but their email address ends with something like @gmail.com or ‘@live.com’, it is major red flag.  

Only very small private businesses would ever use a public email domain. Unless the email address finishes with a nice and clean ‘@legitbank.com.au’ or something similar, don’t trust it. 

2 – The message contains typos 

Poor spelling and grammar are another major warning sign. 

If a scammer texts or emails you pretending to be a trusted organisation, pay attention to any typos or grammatical errors. Also, check that you are addressed by your proper name, in the same style that the legitimate institution usually uses when corresponding with you.  

Pay attention to words that seem slightly out of context but still make sense. Major institutions pay big money to ensure their communications are correct and professional. So, if you read an email that reads like it’s been dragged through Google Translate backwards, be very wary.  

3 – You’re asked to update or confirm details 

A key element at the centre of phishing scams is the scammer trying to access your details. They may disguise this as asking you to ‘update’ or ‘confirm’ your login details.  

Common examples of this include the scammer claiming that their organisation is verifying all customer information, due to a technical glitch. Alternatively, the scammer may claim that there has been ‘suspicious activity on your account’ and the bank needs to investigate.  

Finally, be cautious of any site that asks you to provide details you don’t normally give. 

4 – Website address looks slightly different 

Phishing scams are intended to look legitimate. Scammers may set up a fake website that looks almost identical to its counterpart; however, the address will be slightly different. 

Pay attention to multiple letters in the address or slightly different spelling.  For example, ‘legitbank.com.au’ may be spelled ‘legittbank.com.au’ in a scam.  

Check whether the website is secure. You can generally tell secure websites apart from non-secure sites as they use ‘https:’ instead of ‘http:’. In addition, check for a closed padlock or key icon in the corner of your browser window.  

Any legitimate business that stores confidential information will be encrypted so your details are kept safe. 

5 – Suspicious links or attachments 

Phishing scams can be done over email, phone or social media. Regardless of their delivery method, they all aim to gain access to your personal information.  

One common method for this is through tricking people into downloading attachments or clicking on dodgy links containing malware. Unfortunately, some people may not realise the attachment contains malware until it’s far too late.  

Therefore, never open any attachment or click on any link unless you are convinced that it comes from a legitimate source. In general, if it smells a bit off, it usually is — especially on the internet.  

6 – You’re asked to respond quickly 

The final thing to look out for is the scammer asking for an immediate payment or response.  

If you receive a suspicious call from someone claiming to be from your bank, ask for their name and number and confirm with the bank yourself. If they claim there is no time and you must pay immediately, you are almost certainly dealing with a scammer.  

Banks are committed to your information being secure and will usually never deny a request to verify their security. 


What do I do if I receive a phishing email? 

If you suspect you have received a phishing email, text or social media message, delete the correspondence immediately. Do not click on any links or attachment in the email and block the contact.  

It may also be worth getting in contact with your bank to confirm no suspicious activity has been recorded on your account.  

Reporting a phishing scam 

The best way Australians can help fight back against scammers is to report any scams they come across. There are several places to report incidents of phishing, and you may want to report it to more than one, depending on your situation.  

Banking and credit card scams  Your bank or financial institution 
Fraud and theft  Your local police service – call 131 444 to make a non-urgent report. 
Tax related scams  Australian Taxation Office 
All scams  Scamwatch 


When reporting scams, it is best to act as swiftly as possible. If a scammer gains access to your credit card or bank account information, call your bank as soon as you can to have your account frozen. Depending on your bank and how quickly you report the crime, you may be able to have the unauthorised transactions reversed.  

How can I protect myself against phishing scams? 

The best way to prevent yourself being a victim of a phishing scam is to protect your personally identifiable information. Your personally identifiable information includes things like your email address, phone number and postal address.  

Here are a few simple things you can do:  

  • Use strong passwords and don’t use the same one for all your accounts. 
  • Make sure your computer and mobile devices have the latest updates. 
  • Only shop on secure websites. 
  • Avoid using public Wi-Fi. 
  • Avoid turning on your mobile’s hotspot in public. 
  • Shred letters from your bank or employer that contain personal information. 

For a more detailed description on protecting yourself and your organisation from scammers, check out our article on the Essential Eight. 

Where can I find more information? 

For up-to-date information on scams in Australia, head to scamwatch.gov.au or subscribe to their scam alert emails.   

For more general information on scammers, download the Australian Competition & Consumer Commission’s (ACCC) ‘The Little Black Book of Scams’.  

The Little Black Book of Scams is available in several different languages and is internationally recognised as a helpful tool for individuals and small businesses to protect themselves against online scams.   

Can Monocera help protect me? 

Of course!  

While we’re not bodyguards or private detectives, we do know a thing or two about protecting your information online. So, if you have any further questions on email phishing scams, or phishing scams in general, reach out by calling us on 07 3369 1415 or by emailing [email protected]