Show more

How to protect yourself from phishing attempts.

By Colin Lewis, Judo Bank Information Security Manager

At Judo, we take security very seriously and we’re committed to keeping our customers safe. As Judo’s Information Security Manager, I help protect customers and staff from online scam attempts. While we have advanced security measures to keep Judo’s systems secure, we want to make sure our customers know how to keep their personal information safe. So, I’ve put together a guide on how to spot a phishing scam and what to do if you see one.

What is phishing?

Phishing is a common type of scam where someone tries to steal your personal information by sending fraudulent messages that appear to come from a reputable source. Scammers often impersonate businesses like financial institutions and government agencies, sending SMS messages or emails that ask for passwords, account info, credit card numbers or identification details.

Why does it pay to be alert?

If scammers get your personal information, they can use it to steal your identity for financial gain. Phishing attempts are using sophisticated tactics that make them harder to identify. As a result, Aussies are losing record figures to scams: approximately $324m in losses were reported to Scamwatch in 2021, and approximately $336m in the first half of 2022. Source: Scamwatch.gov.au

How can you spot a phishing scam?

The best defence is awareness – here’s what to look out for:

Anything that requires urgent action

Scammers create a sense of urgency to rush you into action before you have time to pay attention to the details. Slow down and look at the message carefully anytime you’re being asked to click, login or take any other action immediately – it’s most likely a scam.

Deals that seem too good to be true

Deals, rewards or prizes are another tactic to lure people in. Look out for messages that require you to follow a link, give personal information or open an attachment to take advantage of an offer. If it feels like an unbelievable deal – it usually is.

Requests for login details or sensitive information

Messages that ask you to login or provide payment information and other sensitive data should always be treated with caution. Scammers can forge login pages that look like legitimate ones so pay close attention whenever you’re redirected to a login page or told you need to provide personal information regarding an account or payment. If you’re not 100% sure, don’t fill anything in and contact the organisation using the details on their website.

Sender and domain name inconsistencies

Watch out for long or unprofessional email addresses that include numbers or come from public domains (a real Judo Bank email would never come from judo57@gmail.com). Pay attention to new senders with slightly different domain names (like judomelbourne.com instead of judo.bank).

Scammers also use hard-to-spot variations like lower case L and capital I or numbers in place of letters to trick people, you can check for these by copy and pasting into Word. You can also check the sender's full name and email address by hovering (or long pressing) on their name at the top of the email. The sender’s email in the header should match the name and email in the signature.

Requests that don’t match up with standard protocol

Any suggestion that you should bypass normal channels or proper approvals and processes should be treated with caution. Requests like this are extremely likely to be a scam. For example, if you’re sent an email by one financial institution and told to transfer funds to them where the BSB for them is connected to another financial institution, double check with the receiving and sending institutions before you hit ‘send’.

Spelling and grammar mistakes

Watch for typos, spelling mistakes and inconsistencies in grammar or language. Is the sender claiming to be local but using US spelling? Does the tone match up with how this sender usually writes or speaks? Is the sender using odd language patterns like ‘I am wanting to be having a meeting with you’ rather than ‘I would like to meet with you’? Trust your gut if something feels off, one typo may not signal a scam, but multiple mistakes usually do.

Unusual or generic greetings and signoffs

Organisations you’re connected to will generally address you by your first name. Emails that use your full name, variation of your email address or generic terms like sir or madam can indicate a scam, especially when accompanied with unusually formal salutations e.g. Greetings john.smith. Email signatures can also be used to spot scammers. Compare email signatures with the email signature in a verified email to spot any differences in name, branding and contact details.

Suspicious attachments or links

Be wary of any links and attachments that you’re not expecting, even when sent by an expected sender. There’s no harm in playing it safe by calling the organisation directly or forwarding messages you’re unsure of.

The Australian Cyber Security Centre has a free service on online security, with information, solutions, and details of recent threats. Subscribe to their Alert Service here: www.cyber.gov.au/acsc/register/individuals-and-families.

Remember, if you’re unsure it pays to be cautious. Take a moment to pause, review and check any message that’s asking you to login, deposit money or share personal information. If you’d like more information, get in touch with us via our contact page so we can support you. If you have any concerns about the safety of your accounts or personal information, call us on 13 58 36 or send an email to fraud@judo.bank.

FAQs