Favicon
Banking Tips

How to spot and avoid phishing in texts, emails and calls

By COBA
|

Texts, emails and calls are scammers’ favourite tools. Scamwatch data reveals these are the top three ways scammers contact victims to obtain their sensitive information.

“Phishing scams are a constant threat, and the only way to truly protect yourself is to remain vigilant with any type of unsolicited contact. Don’t be fooled by seemingly trustworthy entities; legitimate companies will not ask you to provide sensitive information through unsolicited texts, emails, or calls,” COBA Chief of Financial Crimes and Cyber Resilience Leanne Vale said.

Here are the COBA Financial Crimes and Cyber Resilience team’s top tips to outsmart phishing scams.

Phishing is when scammers impersonate trusted entities like banks, telcos or even official government agencies like the ATO, targeting individuals through emails, phone calls, or text messages.

The emails and websites they use are designed to look legitimate, often mirroring the branding and logos of the companies or institutions they’re imitating.

Their goal is to obtain personal information, such as usernames, passwords, and credit card details.

Tactics they use may include the ‘technical error’; they might claim there’s been a system glitch that erased customer data, urging you to re-enter your details; the ‘customer survey’ trick might involve offering a prize to get you to complete a survey that captures your information; the ‘security update’; asking you to update your details for security reasons and the ‘unauthorized activity’ alert: They might even raise alarms about suspicious transactions on your account, then offer to investigate if you just provide your details.

Phishing scams are designed to obtain your personal information or getting you to click on malicious links. If you’re unsure, contact the company directly using their official website, phone number or mobile app to verify the request. Never use the contact given in the site, text or call you receive.

Here are some red flags to look out for:

  • Suspicious sender: The message or email may appear to be from a known company, but the number or email address is unfamiliar or doesn’t match the official contact details.
  • Urgent language: Scammers often use urgent language (‘Your account is locked!’, ‘Payment overdue’ or ‘Immediate action required!’) to pressure you into acting quickly without thinking.
  • Suspicious links: Never click on links in unsolicited text messages or emails. If you’re unsure, go directly to the company’s website, app, or phone them directly.
  • Requests for personal information: Legitimate companies don’t ask for personal information like passwords or credit card numbers via text or phone calls. 
  • Suspicious attachments: Don’t open attachments from unknown senders. They may contain malware.

Even if you’ve managed to avoid losing money to a phishing scam, reporting it is still crucial. By sharing your story, you contribute to protecting others and stopping these criminals. Report the scam to National Anti-Scam Centre – Scamwatch.

If you have lost money as part of the investment fraud, immediately report the transaction(s) to your bank or financial institution and complete a report through ReportCyber.

Customer-owned banks are dedicated to safeguarding their customers from scams and fraud. In November, 55 mutual banks and credit unions demonstrated this commitment by joining forces to launch the Scam-Safe Accord. This industry-wide initiative represents a united front against scammers and reinforces the banking sector’s determination to strengthen consumer protection. Find out more about the Scam-Safe Accord here.

Hear it first

Four times a year we’ll send you helpful banking tips and inspiring stories from our members.