How to spot a suspicious email or message before it’s too late

Home Media & News

Scams are more sophisticated than ever, and phishing remains one of the most common scams used by cybercriminals. It’s easy to think “I’d never fall for that,” but the truth is, these scams are getting harder to spot. Whether it’s an urgent and demanding email, a convincing text, or even a phone call, phishing scams can catch anyone off guard.

In 2024 alone, Australians lost over $20.5 million to phishing scams, according to the Australian Competition and Consumer Commission (ACCC) Scamwatch. And that figure only includes reported cases—many more go unreported every year.

So, how do you protect yourself? It starts with knowing what to look out for.

 

What is a phishing scam?

Phishing is when scammers impersonate trusted organisations - like your bank, government agencies, telcos, or delivery services - to trick you into giving away personal information such as your login credentials, banking details, or even access to your devices.

Phishing can happen through:

  • Emails
  • Text messages (SMS or “smishing”)
  • Phone calls (“vishing”)
  • Social media messages or fake ads

The goal? To steal your information, access your accounts, or convince you to transfer money.

Common signs of a phishing scam

While scammers are clever, there are usually a few tell-tale signs that can help you identify a suspicious message. Here’s what to look out for:

  • A sense of urgency or fear

Phishing messages often try to create panic. They might say your account will be suspended, your parcel can’t be delivered, or you’re about to be fined. This urgency is designed to make you act quickly without thinking.

Example: “Your account has been locked. Click here to verify your identity within 24 hours to avoid suspension.”

  • Strange sender details

At first glance, the sender may seem legitimate. But take a closer look, many phishing emails come from unusual or misspelled email addresses, like auswide@auswde-secure.com rather than hello@auswidebank.com.au.

In texts, scammers may even use sender IDs that mimic real organisations and appear in the same message thread as legitimate messages. The difference is, legitimate companies won’t usually ask for sensitive information via SMS.

  • Suspicious links or attachments

Hover your mouse over links in an email (without clicking!) and you’ll often see a strange-looking URL that has nothing to do with the real organisation. Attachments are also risky, especially if they’re unexpected or come from unknown sources. Avoid clicking on links or attachments if you don’t know what they are and if your suspicious are already raised.

  • Spelling and grammar mistakes

Many phishing scams originate overseas and can contain clunky language or grammar errors. While not all scams are poorly written, a professional company will rarely send out emails riddled with typos.

 

Real-life phishing examples

Here are a few examples of phishing scams that have recently targeted Australians:

  • MyGov and ATO impersonations: Scammers sending texts claiming you’re owed a tax refund or need to update your details.
  • Australia Post scams: Emails or texts saying your parcel couldn’t be delivered and prompting you to pay a redelivery fee or to update your details.
  • Bank and telco impersonations: Fake emails saying there’s suspicious activity on your account and urging you to “log in” via a provided link.
  • Linkt or Transurban scams: Emails or texts warning of unpaid tolls and prompting you to click a link to pay the amount.

Scammers are constantly refining their tactics, so even tech-savvy people can fall victim. Staying alert is key.

What to do if you receive a suspicious message

If you’re not sure whether a message is genuine, take a moment and follow these steps:

  1. Don’t click any links or download attachments.
  2. Don’t reply to the message, even to tell them off. This just confirms your contact details are active.
  3. Look up the organisation’s official contact details independently (don’t use any links or numbers in the message).
  4. Report the scam to Scamwatch at www.scamwatch.gov.au.
  5. Delete the message.


If you think you’ve already clicked on a suspicious link or entered personal information, contact your bank immediately, run antivirus software, and change your passwords.

How to protect yourself from phishing scams

  • Enable two-factor authentication (2FA):
    2FA is a security measure that requires two distinct forms of verification to access a system or account such as a fingerprint or facial recognition. This adds an extra layer of security to your accounts, even if your password is stolen. 

  • Use strong, unique passwords for each account:
    Create a password that is strong and complex – at least 12 characters and combines uppercase, lowercase, numbers and symbols. To help remember you passwords and to keep them safe, consider using a password manager.

  • Keep your devices up to date with the latest security updates and antivirus software:
    Has a software update ever popped up on your phone or computer and you've cancelled it because the timing was inconvenient? While most updates are now scheduled to apply in the middle of the night, it's important to check you're using the latest versions of the operating system and applications on all your devices. While software updates commonly keep your devices running smoothly, they can also prevent security issues and improve security features, making you less of an easy target.

  • Be cautious with public Wi-Fi:
    No public Wi-Fi network is completely secure.  Public hotspots are the perfect feeding ground for hackers, so if you do connect to a free network never access your banking site and if possible, use a trusted (Virtual Private Network) VPN app.

  • Educate yourself and others:
    Talk to friends, family, and colleagues about scams - especially those who might be more vulnerable, like older relatives.

 

Phishing scams aren’t just an inconvenience, they can cause real financial and emotional stress. But by learning to recognise the red flags and staying cautious, you can protect yourself and your loved ones.

If something feels off, trust your gut. Take the time to verify before you click, and remember - no legitimate company will ask for your personal information out of the blue.

For more information or to report a scam, visit www.scamwatch.gov.au.

 

 

This information provides general advice only. We do not provide advice based on any consideration of your personal objectives, needs or circumstances.

Website Terms of Use  |  Privacy Statement
Broker Website

Contact us

Follow Us

© 2025 Auswide Bank Ltd (Auswide Bank) ABN 40 087 652 060, AFSL and Australian Credit Licence 239686 is a wholly owned subsidiary of MyState Bank Limited ABN 89 067 729 195, part of MyState Limited ABN 26 133 623 962. Products are issued by Auswide Bank unless specifically stated otherwise. To decide if a product is appropriate for you please carefully read the relevant product terms & conditions, disclosure statement or Target Market Determination. Any advice contained on this website is general advice only.

We acknowledge the Traditional Owners of the lands on which we operate and pay our respects to Elders past and present, and to emerging community leaders. We also acknowledge the important role Aboriginal and Torres Strait Islander peoples continue to play within the communities in which Auswide Bank operates and where our team members reside.

Live Chat Now