This article will explain what phishing is and how to avoid scam emails which commonly employ phishing tactics. It will also show you examples of iiNet scam emails, where third parties are impersonating iiNet.
If you've received a suspicious email, see How to Report Phishing Scams.
"Phishing" is the term for practices used to get your private information such as passwords or credit card details. Scammers use this information to commit fraud and other illegal acts.
Select one of the links below to jump to a query:
Common phishing scams
- Emails that look like they are from your bank, asking you to click on a link to update your bank details on a fake website
- Suspicious emails or messages/posts on social media (such as Facebook) from your friend, asking you to click a link. These usually happen if your friend’s account is being accessed by a scammer, or machine designed to phish, scam or infect other accounts.
- Websites impersonating a charity or shop
- Websites made to look like popular websites, with a slightly different spelling in the website address
The “hooks” in phishing scams
Most phishing scams appear to come from your bank or financial institution, a company you regularly do business with, or from a social networking site. They will use language that makes you feel like you should respond as quickly as possible, such as:
- "Verify your account."
Businesses (including iiNet) should not ask you to send passwords, login names, or other personal information through email.
- "You have won the lottery."
If you receive a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for any reason; be suspicious.
- "If you don't respond within 48 hours, your account will be closed."
A tight deadline is used with a threat of losing something to trick you into responding quickly without thinking. Real businesses would not risk losing customers so quickly with unreasonable deadlines.
- "Click the link below to gain access to your account."
Some phishing scams provide a link that takes you to a website that looks like the real thing but it is actually a fake. You should always make sure the URL (i.e. website address, such as http://iinet.net.au) is spelled correctly in the address bar of your web browser.
For more information about "scare" and "bait" tactics used in scam emails, please read our article on the iiNet Blog.
Tips to help you avoid phishing scams
- Be cautious of emails that use the hooks described above.
- If you receive any suspicious emails with links in them, simply copy the link and paste it into Google. If it's a common scam, you'll see plenty of search results saying so.
- The Australian Government's SCAMwatch website is a great resource for learning about scams.
- Head directly to the bank's (or other organisation's) website as you normally would instead of using any links in the email. If they really do require you to update your details, you will almost always be notified after you log in. If you’re concerned, ring your bank or visit your local branch to see if they know what's going on.
- Be sceptical and if something sounds too good to be true, it probably is.
- iiNet will never ask you for your password in an email. We would only ask you to update details in your Toolbox.
- Avoid participating in chain emails – your email address can remain in the email to be seen by anyone who reads it in the future. These emails can end up contain hundreds or thousands of email addresses, making them highly desirable to be collected and used for phishing scams or spam email.
- If you do need to send emails to large groups of people, you should make use of the BCC (Blind Carbon Copy) field when sending the email. The advantage of using this instead of the To or CC field is that all of the email addresses are hidden from the recipients. Although recipients can still make use of the "reply all" feature, BCC means that the list of email addresses can't be forwarded on in the same manner as chain emails.
Examples of iiNet scam emails
The following emails are examples of real scam emails sent by third parties who were attempting to impersonate iiNet. If you've received a suspicious email, please see How to Report Phishing Scams.
Please update your billing details scam
This example was most likely created by copying a genuine iiNet email so it looks convincing. However, when you hover your mouse over the link in the email, you can see that the destination website is not an iiNet website.
Mailbox quota warning scam
Please update your billing details to avoid a service interruption scam