Phishing is a way cybercriminals try to steal confidential information. This confidential information may include logins for online banking, credit cards, utilities and other online accounts, as well as personal or business login credentials or passwords/passphrases, by sending fraudulent messages.
The phishing emails are deceptive messages pretending to be from a trusted organisation you have an account or do business with, making the scam more believable. These messages can be sent via email, text messaging, instant messaging or social media platforms, and will contain a link to a fake website. The aim of the message is to encourage you to enter your confidential details.
What you can do to protect yourself
- Don’t click on links in emails or messages, or open attachments, from people or organisations you don’t know or suspect may be fraudulent.
- Don’t give personal information to an unsecure website. Always make sure the website has a HTTPS.
- Always open the organisation’s website by typing the URL in the browser yourself or using Google search.
The 3 essential things to check
1. Check the FROM email address, making sure the email address is actually from the organisation, that is the @domainname. If you can’t see it, hover over the from name, and you should be able to see.
2. Check any URLs in the message are the correct domain. Don’t click on any links – hover over any link to see the actual web address, and you will be able to see the hidden URL at the bottom of your browser window. Beware of the trick that the contact and social emails will be legitimate, and other links will be fraudulent.
3. Check the legitimacy via visiting the organisation’s website. Many of the large organisations will have information on their website in regards to phishing emails.
Other things to ask yourself
- Are you expecting this email?
- Are there any typos or incorrect spellings?
- Is the email addressed as a general email without your name?
If you answer yes to any of these, be extremely cautious.
How do these scammers get my details for domain name and web hosting?
Information for the phishing emails can be found with technology or by guessing. Certain information for your domain is publicly available, and from this they may use bots to scrape websites for email addresses, and sometimes even guess the information.
Can I check my public information?
The WHOIS service allows you to query a domain name to find the identity and contact details of the registrant. The public WHOIS service is a standard feature of domain name systems around the world. Identity Digital, the .au registry operator, operates the public WHOIS service for asn.au, com.au, edu.au, gov.au, id.au, net.au and org.au.
To check your public Domain Registration details, for other domains go to VentraIP’s WHOIS Domain Name Lookup.
To prevent your personal details from being made publicly available via WHOIS lookup you will need to contact the registrar that currently manages your domain name and request that they offer a Whois Privacy product such as ID Protection. It’s important to note that due to Registry policy, some of the most popular domain names (such as .com.au) do not allow the use of Whois Privacy services.
Resources
Information from Domain Name Registrars & Web Hosting Providers
- VentraIP
- Synergy Wholesale – Our partners for domain name registrations and web hosting
- GoDaddy
- Crazy Domains
- auDA