How to protect yourself from phishing attempts.
By Colin Lewis, Judo Bank Information Security Manager
At Judo, we take security very seriously and we’re committed to keeping our customers safe. As Judo’s Information Security Manager, I help protect customers and staff from online scam attempts. While we have advanced security measures to keep Judo’s systems secure, we want to make sure our customers know how to keep their personal information safe. So, I’ve put together a guide on how to spot a phishing scam and what to do if you see one.
What is phishing?
Phishing is a common type of scam where someone tries to steal your personal information by sending fraudulent messages that appear to come from a reputable source. Scammers often impersonate businesses like financial institutions and government agencies, sending SMS messages or emails that ask for passwords, account info, credit card numbers or identification details.
Why does it pay to be alert?
If scammers get your personal information, they can use it to steal your identity for financial gain. Phishing attempts are using sophisticated tactics that make them harder to identify. As a result, Aussies are losing record figures to scams: approximately $324m in losses were reported to Scamwatch in 2021, and approximately $336m in the first half of 2022. Source: Scamwatch.gov.au
How can you spot a phishing scam?
The best defence is awareness – here’s what to look out for:
Anything that requires urgent action
Scammers create a sense of urgency to rush you into action before you have time to pay attention to the details. Slow down and look at the message carefully anytime you’re being asked to click, login or take any other action immediately – it’s most likely a scam.
Deals that seem too good to be true
Deals, rewards or prizes are another tactic to lure people in. Look out for messages that require you to follow a link, give personal information or open an attachment to take advantage of an offer. If it feels like an unbelievable deal – it usually is.
Requests for login details or sensitive information
Messages that ask you to login or provide payment information and other sensitive data should always be treated with caution. Scammers can forge login pages that look like legitimate ones so pay close attention whenever you’re redirected to a login page or told you need to provide personal information regarding an account or payment. If you’re not 100% sure, don’t fill anything in and contact the organisation using the details on their website.
Sender and domain name inconsistencies
Watch out for long or unprofessional email addresses that include numbers or come from public domains (a real Judo Bank email would never come from email@example.com). Pay attention to new senders with slightly different domain names (like judomelbourne.com instead of judo.bank).
Scammers also use hard-to-spot variations like lower case L and capital I or numbers in place of letters to trick people, you can check for these by copy and pasting into Word. You can also check the sender's full name and email address by hovering (or long pressing) on their name at the top of the email. The sender’s email in the header should match the name and email in the signature.
Requests that don’t match up with standard protocol
Any suggestion that you should bypass normal channels or proper approvals and processes should be treated with caution. Requests like this are extremely likely to be a scam. For example, if you’re sent an email by one financial institution and told to transfer funds to them where the BSB for them is connected to another financial institution, double check with the receiving and sending institutions before you hit ‘send’.
Spelling and grammar mistakes
Watch for typos, spelling mistakes and inconsistencies in grammar or language. Is the sender claiming to be local but using US spelling? Does the tone match up with how this sender usually writes or speaks? Is the sender using odd language patterns like ‘I am wanting to be having a meeting with you’ rather than ‘I would like to meet with you’? Trust your gut if something feels off, one typo may not signal a scam, but multiple mistakes usually do.
Unusual or generic greetings and signoffs
Organisations you’re connected to will generally address you by your first name. Emails that use your full name, variation of your email address or generic terms like sir or madam can indicate a scam, especially when accompanied with unusually formal salutations e.g. Greetings john.smith. Email signatures can also be used to spot scammers. Compare email signatures with the email signature in a verified email to spot any differences in name, branding and contact details.
Suspicious attachments or links
Be wary of any links and attachments that you’re not expecting, even when sent by an expected sender. There’s no harm in playing it safe by calling the organisation directly or forwarding messages you’re unsure of.
The Australian Cyber Security Centre has a free service on online security, with information, solutions, and details of recent threats. Subscribe to their Alert Service here: www.cyber.gov.au/acsc/register/individuals-and-families.
Remember, if you’re unsure it pays to be cautious. Take a moment to pause, review and check any message that’s asking you to login, deposit money or share personal information. If you’d like more information, get in touch with us via our contact page so we can support you. If you have any concerns about the safety of your accounts or personal information, call us on 13 58 36 or send an email to firstname.lastname@example.org.
Q: How do I know what is legitimate and what is a scam?
The official Judo Bank website at www.judo.bank is the only legitimate Judo Bank website. You cannot apply for a Judo Bank term deposit online via any other method.
Q: What is Judo Bank doing about scams?
We have a range of processes to help stop attempted scams, including around the clock scanning of the internet for suspicious clones of Judo Bank sites, takedown orders against malicious domains trying to pose as Judo Bank, and continuous monitoring of our website and emails to identify any attempts to compromise them.
While Judo Bank takes care to ensure our systems are kept secure, one thing we have no control over is scammers who might try to imitate us to directly target customers or members of the public. You may have seen this sort of con in other places – maybe a dodgy online vendor offering a ‘genuine Rolex’ at a bargain price. Similarly, scammers can imitate Judo Bank to try and scam you. In all these cases, because the communication is direct from scammer to you, the genuine brand doesn’t even know they’ve been copied until hearing about it, usually from a target of one of these scams.
Q: Is my money safe?
Yes, any money you have deposited through legitimate Judo Bank channels is safe, and still subject to the applicable government guarantees.
Q: What if I sent/deposited money some other way?
You should also notify:
Q: Where can I find support if I’ve been scammed?
After reporting to Judo, any other institution involved, Scamwatch, and ACSC, you can contact IDCARE, Australia & New Zealand's National Identity & Cyber Support Service, which provides free practical and behavioural support after a scam. Contact IDCARE on 1800 595 160 or visit their website idcare.org.
Q: What should I do if I suspect a scam?
- any other bank involved – e.g. where you transferred money from to the scammers.
- Scamwatch https://www.scamwatch.gov.au/report-a-scam.
- ACSC https://www.cyber.gov.au/acsc/report
If you’re unsure about an email or SMS, it’s better to be cautious:
- Never respond to a suspected scam in any way
- Don’t open any attachments or links
- Report the message to email@example.com or call us on 13 58 36
Remember, Judo Bank will never send you an email or SMS asking for your personal information such as your account details or password or include a link to login directly from an email or SMS.
If you receive a suspicious call asking you to provide or verify personal or financial information, you should hang up and call Judo Bank’s official phone number, 13 58 36, to verify the communication.
We have a range of processes to find and stop attempted scams, including around-the-clock scanning of the internet for suspicious clones of Judo Bank sites, takedown orders against malicious domains trying to pose as Judo, and continuous monitoring of our website and emails to identify any attempts to compromise them.
We’re committed to keeping our customers and their finances safe. We use advanced security measures to keep Judo’s systems secure. Any money you have deposited through legitimate Judo Bank channels is safe and subject to the applicable government guarantees.
For information on how to spot a scam and protect your personal information, read tips from our Information Security Manager here.