Australia: Guarding yourself against cyber phishing – a cybersecurity guide

i. Email phishing – the most prevalent form of phishing involves fraudulent emails that mimic legitimate communications from trustworthy sources. These emails often contain urgent messages, enticing you as the user to click on malicious links or download attachments. Once clicked, these links may lead to fake websites designed to steal your login credentials.

ii. Spear phishing – a more targeted approach, spear phishing involves tailoring attacks to specific individuals or organisations. Attackers gather information about their targets, creating highly personalised messages that appear to be genuine. This makes it challenging for you to discern the fraudulent nature of the communication.

iii. Smishing – short for SMS phishing, smishing involves using text messages to deceive an individual. Cybercriminals send text messages containing links or prompts that lead you as the recipient of the text to disclose sensitive information or download malicious content.

iv. Vishing – voice phishing, or vishing, relies on phone calls to trick an individual into revealing sensitive data. Attackers may impersonate trusted entities, such as your bank or government officials, creating a false sense of urgency to manipulate you as the victim into providing confidential information over the telephone. The advance of AI or artificial intelligence has led to the use of cloned voices of family members in vishing attacks, to fool people into providing personal information or financial credentials.

i. Urgency – phishing emails often create a sense of urgency, prompting you as the individual to act quickly without thorough scrutiny.

ii. Fear – messages may instill fear by claiming that an account of yours is compromised or legal action will be taken unless you undertake immediate action.

iii. Rewards – some phishing attempts promise rewards or prizes to entice you into providing sensitive personal information.

i. Be skeptical of emails – exercise caution when receiving unsolicited emails, especially those urging immediate action or containing suspicious links. Verify the sender's email address and scrutinise the content for signs of phishing.

ii. Use Multi-Factor Authentication (MFA) – enable MFA whenever possible to add an extra layer of security. MFA requires users to provide additional verification, such as a code sent to their mobile device, along with a password.

iii. Verify website URLs – before clicking on links, hover over them to reveal the actual URL. Be cautious of misspellings, unusual domain names, or additional characters that may indicate a fraudulent website.

iv. Keep software updated – regularly update your operating system, antivirus software, and other applications to patch vulnerabilities. Cybercriminals often exploit outdated software to launch attacks.

v. Educate yourself – stay informed about the latest phishing tactics and techniques. Be aware of the red flags and educate yourself on how to identify phishing attempts.

i. Generic greetings – legitimate organisations often personalise their communications. Be suspicious of emails that use generic greetings like "Dear Customer" or "Dear User."

ii. Urgent requests – phishing emails frequently create a sense of urgency, pressuring recipients to act quickly. Be cautious of messages claiming immediate action is required.

iii. Unusual sender addresses – you should check the sender's email address for authenticity. Phishers may use email addresses that resemble legitimate ones with slight variations.

iv. Unusual URLs – you should hover over links to preview the actual URL. Be wary of links that lead to suspicious or misspelled domain names.

v. Unsolicited attachments – you should avoid opening attachments from unknown or unexpected sources. Cybercriminals often use attachments to deliver malware or other malicious content.