What it is
Phishing is a type of email scam. The sender pretends to be a trustworthy organisation – like a bank or government agency – to try and get you to provide them with personal information or financial details.
A phishing email will ask you to either click a link and enter personal information, or open an attachment in the email.
How it works
Phishing emails can look and feel legitimate. They use the same design and logos as the company or organisation they’re pretending to be, and the same kind of language.
Most phishing emails look like they come from:
- a bank
- a social media site
- a government agency
- an online game, or
- an online service with access to your financial details, like iTunes, Netflix or Google.
Phishing emails that ask for personal information
The email will ask you to click a link, where you'll be prompted to enter personal information. This could be:
- your credit card information
- your internet banking details
- personal information and documents, like your driver's licence or passport
- usernames or passwords for your online accounts, including social media accounts, or Microsoft or Google accounts.
For example, you may be directed to a website that looks like your bank’s website, and asked to enter your internet banking login details. This will give the attacker access to both your login information, and your bank accounts.
Phishing emails with attachments
Clicking an attachment in a phishing email allows the sender to infect your computer with malicious software, or ' malware '. This gives them access to your personal information without you knowing.
For example, you might get an email saying that you’ve been charged for services you didn’t receive – like lawn mowing, for example – with an invoice for the job. If you open the invoice to check the details, it could download malware to your computer without you realising.
How do phishers get your email address?
Attackers can get lists of email addresses:
- from contact details found on web pages and social media sites
- from email lists or data breaches that are shared and sold online
- by guessing addresses that might be in use.