Scam emails and phishing
If you've received a suspicious email, see How to Report Phishing Scams.
Jump to a section:
- Common phishing scams
- The “hooks” in phishing scams
- Tips to help you avoid phishing scams
- Scam examples
"Phishing" is the term for practices used to get your private information such as passwords or credit card details. Scammers use this information to commit fraud and other illegal acts.
- Emails that look like they are from your bank, asking you to click on a link to update your bank details on a fake website
- Suspicious emails or messages/posts on social media (such as Facebook) from your friend, asking you to click a link. These usually happen if your friend’s account is being accessed by a scammer, or machine designed to phish, scam or infect other accounts.
- Websites impersonating a charity or shop
- Websites made to look like popular websites, with a slightly different spelling in the website address
Most phishing scams appear to come from your bank or financial institution, a company you regularly do business with, or from a social networking site. They will use language that makes you feel like you should respond as quickly as possible, such as:
- "Verify your account."
Businesses (including iiNet) should not ask you to send passwords, login names, or other personal information through email.
- "You have won the lottery."
If you receive a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for any reason; be suspicious.
- "If you don't respond within 48 hours, your account will be closed."
A tight deadline is used with a threat of losing something to trick you into responding quickly without thinking. Real businesses would not risk losing customers so quickly with unreasonable deadlines.
- "Click the link below to gain access to your account."
Some phishing scams provide a link that takes you to a website that looks like the real thing but it is actually a fake. You should always make sure the URL (i.e. website address, such as http://iinet.net.au) is spelled correctly in the address bar of your web browser.
For more information about "scare" and "bait" tactics used in scam emails, please read our article on the iiNet Blog.
- Be cautious of emails that use the hooks described above.
- If you receive any suspicious emails with links in them, simply copy the link and paste it into Google. If it's a common scam, you'll see plenty of search results saying so.
- The Australian Government's SCAMwatch website is a great resource for learning about scams.
- Head directly to the bank's (or other organisation's) website as you normally would instead of using any links in the email. If they really do require you to update your details, you will almost always be notified after you log in. If you’re concerned, ring your bank or visit your local branch to see if they know what's going on.
- Be sceptical and if something sounds too good to be true, it probably is.
- iiNet will never ask you for your password in an email. We would only ask you to update details in your Toolbox.
- Avoid participating in chain emails – your email address can remain in the email to be seen by anyone who reads it in the future. These emails can end up contain hundreds or thousands of email addresses, making them highly desirable to be collected and used for phishing scams or spam email.
- If you do need to send emails to large groups of people, you should make use of the BCC (Blind Carbon Copy) field when sending the email. The advantage of using this instead of the To or CC field is that all of the email addresses are hidden from the recipients. Although recipients can still make use of the "reply all" feature, BCC means that the list of email addresses can't be forwarded on in the same manner as chain emails.
The following emails are examples of real scam emails sent by third parties who were attempting to impersonate iiNet. If you've received a suspicious email, please see How to Report Phishing Scams.
Many scams steal the layout of real iiNet emails. It's vital to check that the email is coming from a real iiNet email address and you should hover your mouse over a link for a moment to confirm that the destination is really an iiNet website and not a scam website.
Webmail discontinued scam
Update payment details scam linking through to fake Toolbox login page