{"id":31654,"date":"2023-07-06T06:35:26","date_gmt":"2023-07-06T06:35:26","guid":{"rendered":"https:\/\/www.cos.net.au\/c\/?p=31654"},"modified":"2024-08-27T07:18:45","modified_gmt":"2024-08-27T07:18:45","slug":"recognising-phishing-scams-in-australia","status":"publish","type":"post","link":"https:\/\/www.cos.net.au\/c\/cospedia\/recognising-phishing-scams-in-australia","title":{"rendered":"A Complete Guide to Recognising Phishing Scams in Australia"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Australia, like many other countries, has seen a worrying increase in phishing scams. <\/span><\/span>According to Scamwatch, Australians lost over AU$476 million to scams in 2023. Investment scams led to the most significant financial losses, totaling just over AU$291 million, despite only 8,159 reports being filed. In contrast, phishing scams were much more prevalent, with over 108,000 incidents reported to Scamwatch last year.<\/span><\/p>\n

With one cybercrime report being filed every seven minutes, <\/span>it’s<\/span> evident<\/span> that the situation is simply getting out of hand. <\/span>The average cost per <\/span>cybercrime<\/span> report has increased to more than $39,000 for small <\/span>organisations<\/span>, $88,000 for medium businesses, and over $62,000 for large businesses –  that’s a14% rise on <\/span>average.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Phishing attacks in Australia can take many different forms from emails, phone calls, text messages to even social media messages, and they can target individuals, businesses, and organisations. Cybercriminals are continually adapting their tactics, s<\/span>o <\/span>it’s<\/span> crucial to recognise these scams by s<\/span>taying informed, taking precautions, and employing security best practices. Here are some of the most common forms of phishing attempts reported in Australia:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Email Phishing<\/span><\/span><\/strong><\/h1>

According to the most recent Proofpoint research, email phishing <\/span>scams<\/span> are <\/span>a serious problem<\/span> in Australia. These <\/span>scams<\/span> mostly target individuals, banking and financial institutions, government <\/span>agencies<\/span>, healthcare groups, and telecommunications businesses. In 2022, over 71,299 phishing <\/span>scams<\/span> were reported in Australia<\/span>, with <\/span>over <\/span>96% of phishing attempts arriving by email, another 3% via malicious websites, and only 1% via phone. Scammers send fraudulent emails impersonating <\/span>reputable <\/span>businesses or individuals <\/span>in order to<\/span> appear<\/span> legitimate <\/span>to gain<\/span> recipients’ trust. During tax season in Australia, phishing attempts typically <\/span>imitate <\/span>the Australian Taxation Office (ATO), with the intention of <\/span>acquiring<\/span> personal and financial information or <\/span>initiating<\/span> fraudulent <\/span>tax refund claims.<\/span> Phishing emails <\/span>frequently<\/span> use social engineering techniques to trick recipients into taking immediate action. <\/span>These approaches often involve creating a sense of urgency, panic, or interest in recipients in order to convince them to click on <\/span>malicious links <\/span>or provide critical information.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Spear Phishing<\/span><\/span><\/strong><\/h1>

In spear phishing, s<\/span>cammers collect personal information about specific individuals or groups to make their phishing attempts appear more credible. They include <\/span>customised<\/span> details such as the recipient’s name, job title, or corporate information to boost their chances of looking legitimate. Every year, over 88% of businesses face spear phishing attempts, according to Norton <\/span>statisti<\/span>cs<\/span>. <\/span>According to Symantec’s 2019 Threat <\/span>Report, spear<\/span> phishing accounts for 65% of cyber-attacks<\/span> and <\/span>targets 22% of CEOs. <\/span>For <\/span>generat<\/span>ing<\/span> a sense of urgency, scammers act as CEOs, COOs, or CFOs and send <\/span>fraudulent <\/span>emails to employees asking for sensitive information or granting scammers access to certain platforms and accounts such as an ERP system, a Microsoft account, or a banking portal.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Business Email Compromise (BEC)<\/span><\/span><\/strong><\/h1>

According to the Australian Competition and Consumer Commission (ACCC), businesses in Australia reported losses<\/span> of<\/span> more than <\/span>$<\/span>132 million in 2020 due to BEC <\/span>scams<\/span>. <\/span>BEC attacks are designed to trick employees into transferring payments or <\/span>providing<\/span> sensitive information.<\/span> The impact of BEC extends beyond financial losses, resulting in businesses reputational harm, lost data, and disrupted business operations.<\/span> In 2022, Accounts Payable (AP) departments <\/span>remain<\/span> the most vulnerable to BEC <\/span>scams<\/span>. In 2023, <\/span>with the introduction of AI tools, <\/span>cybercriminals have the benefit of using AI tools <\/span>for <\/span>creat<\/span>ing<\/span> a\u00a0<\/span>clear and <\/span>sophisticated email <\/span>scam<\/span>, so <\/span>it\u2019s<\/span> vital t<\/span>o educate your<\/span> AP team <\/span>on <\/span>how to spot <\/span>email <\/span>scams<\/span> and how to respond to them.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Smishing Scam<\/span><\/span><\/h1>

Smishing is a type of phishing <\/span>scam<\/span> in which the message is delivered via SMS text message <\/span>rather than<\/span> email.<\/span> Smishing SMS attempt<\/span>s<\/span> to trick you into <\/span>providing<\/span> sensitive information such as credit card details and account passwords, or into granting access to your phone and\/or computer.<\/span>\u00a0<\/span>According to ACCC <\/span>Scamwatch<\/span> data, financial losses from SMS <\/span>scams<\/span> have climbed by 188% in 2022, rising from <\/span>roughly $2.3 million<\/span> to more than $6.5 million. SMS <\/span>scams<\/span> accounted for around 32% of all reported <\/span>scams<\/span> in 2022. The SMS\u00a0<\/span>could resemble a bank or government <\/span>organisation<\/span>, such as Centrelink or the Australian Tax Office, or it could resemble a communication from Australia Post concerning a package delivery.<\/span>\u00a0You<\/span> m<\/span>ay <\/span>receive an SMS text that <\/span>your account has expired or been locked <\/span>due to<\/span> suspicious activity,<\/span> and you must <\/span>provide<\/span> personal information or click on a link to reactivate it by entering your personal information such as card numbers, NetBank client numbers, banking passwords, and <\/span>NetCodes<\/span>.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Vishing Attack<\/span><\/span><\/strong><\/h1>\n

According to a Commonwealth Bank re<\/span>search<\/span>, Australians receiv<\/span>e<\/span> 4.98 <\/span>scam<\/span> calls\/emails\/SMS\/social media communications every week (or <\/span>nearly one<\/span> per day, or 258.96 messages per year).<\/span> <\/span>Vishing, also known as “voice phishing,” includ<\/span><\/span>es c<\/span>ybercriminals calling individuals and impersonating official entities such as financial institutions, government authorities, or technical support personnel. Scammers use deceptive tactics to trick victims into <\/span>disclosing<\/span> personal information, granting access to their accounts, or <\/span>initiating<\/span> financial transactions.<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Malware-Based Phishing<\/span><\/span><\/h1>

According to the State of the Phish report, 83% of survey respondents reported at least one successful email-based phishing attempt in 2021, <\/span>representing<\/span> a 46% increase over 2020.<\/span>\u00a0<\/span>Through emails or text messages, these scams trick people into downloading malware by giving them malicious attachments or links. The malware can compromise security, obtain data, or give the attacker unauthorised access once it has been activated on the victim’s device. These phishing attempts also make use of deceptive pop-up windows or warnings that indicate the user’s system needs to be updated immediately. By clicking on these prompts, you risk having malware put on your computer or mobile device.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Preventive Measures<\/h1>

Protecting businesses from phishing scams is crucial to safeguard sensitive information, maintain trust with customers, and preventing financial losses.\u00a0<\/p>

\ud83d\udcda<\/span> Educate employees:<\/strong> Provide comprehensive training to help employees recognize suspicious emails, links, and attachments. Teach them to scrutinise sender addresses, identify grammatical errors, and avoid clicking on unfamiliar links.<\/span><\/p>

\ud83d\udd10<\/span>\u00a0<\/span>Strong passwords and authentication:<\/strong> Encourage employees to create unique, strong passwords and regularly update them. Implement two-factor authentication (2FA) or multi-factor authentication (MFA) for added security.<\/span><\/p>

\ud83d\udd0e <\/span>Email filters and spam protection:<\/strong> Implement filters and mechanisms to reduce phishing emails in employees’ inboxes and block suspicious messages.<\/span><\/p>

\ud83d\udee1\ufe0f<\/span>\u00a0<\/span>Ongoing security awareness training:<\/strong> Conduct regular training sessions to reinforce best practices, inform employees about emerging phishing techniques, and keep security protocols up to date.<\/span><\/p>

\ud83d\udea9 <\/span>Cultivate a reporting culture:<\/strong> Foster an environment where employees feel comfortable reporting suspicious emails or incidents promptly. Establish clear reporting channels and investigate reported incidents promptly.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t

0<\/span><\/a><\/div> <\/div>
<\/div><\/div>
<\/div>","protected":false},"excerpt":{"rendered":"

Australia, like many other countries, has seen a worrying increase in phishing scams. According to Scamwatch, Australians lost over AU$476 million to scams in 2023. Investment scams led to the most significant financial losses, totaling just over AU$291 million, despite only 8,159 reports being filed. In contrast, phishing scams were much more prevalent, with over 108,000 … Read more<\/a><\/p>\n","protected":false},"author":6,"featured_media":32062,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,8],"tags":[3006,2650,3003,1889,293,2060,258,260,262,1892,2638,2643,2634,2636,3007,2635,2644,2646,3004,3009,3005],"class_list":["post-31654","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cospedia","category-productivity","tag-australia-phishing-scams","tag-business-email-compromise","tag-clone-phishing","tag-cybercriminals","tag-data-breach-notification-laws","tag-data-loss","tag-data-privacy","tag-data-regulation","tag-data-security-threats","tag-databreach","tag-email-compromise","tag-incentive-scams","tag-phishing-scam","tag-phishing-scams","tag-phishing-scams-in-australia","tag-protect-business-from-scams","tag-scam-reports","tag-scammers","tag-spear-phishing","tag-types-of-phishing-scams","tag-vishing-scam"],"_links":{"self":[{"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/posts\/31654","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/comments?post=31654"}],"version-history":[{"count":102,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/posts\/31654\/revisions"}],"predecessor-version":[{"id":43582,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/posts\/31654\/revisions\/43582"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/media\/32062"}],"wp:attachment":[{"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/media?parent=31654"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/categories?post=31654"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cos.net.au\/c\/wp-json\/wp\/v2\/tags?post=31654"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}