Recognising phishing
Phishing is a type of email scam. The sender pretends to be a trustworthy organisation – like a bank or government agency – to try and get you to provide them with personal information or financial details.
Although you can’t prevent a phishing attack, there are things you can do to make sure you recognise one.
Know what to look for
A phishing email will ask you to either click a link and enter personal information, or open an attachment in the email.
Most phishing emails use the same design and logos as the company or organisation they’re pretending to be, and the same kind of language. They often look quite legitimate, but you might notice that:
- you don’t recognise the sender
- the sender's name doesn’t sound quite right
- you don’t recognise the name of the company
- the company logo doesn’t look like it should
- the email refers to you in a generic or odd way — for example, 'Dear You…' (note that a phishing email may contain your name if the attacker got your information from a data breach)
- the email contains bad grammar or spelling
- the email is trying to convince you to hurry or take action urgently – for example, using language like "action required" or telling you you need to collect a parcel or pay a toll
- if you hover over a link in the email with your mouse, the address that you see doesn’t match the place it’s saying it’ll take you.