10 December 2018

In today’s blog we’re going to talk about phishing and why we need to be alert when receiving digital communications.

Chances are you have heard about phishing in the context of the Australian Taxation Office and a range of well-known financial institutions. These kinds of scams fleece Australians out of hundreds of thousands of dollars each year.

What is phishing?

Phishing is a cyber-criminal act where a person is targeted with a digital communication (email, SMS, phone call) with the aim of illegitimately extracting data or money from them. Typically, phishing emails are made to look like official correspondence from an organisation but the tell-tale sign they’re sinister is that they ask you to do something which that organisation would normally not ask you to do.

In July 2018, a fake ATO email went out asking for credit card details to provide a tax refund. The ATO list three things that indicate that this is phishing:

 - is not sent from a legitimate @ato.gov.au sender;
 - is unexpected; and
 - asks you to click a link that appears to be the ATO website but when hovering over the link it does not lead to an ato.gov.au address.

What’s the relevance to .au domain names?

As this example highlights, the domain name can be an obvious indicator that a phishing attack is being attempted. Most phishing occurs on namespaces that have less stringent eligibility requirements such as .com, .net, .ve or .cc, among others. The .au namespace is regularly assessed for threats like phishing, spam, malware, etc and the registration policy surrounding the .au namespace makes it difficult for a scammer to register a domain name.

How can we avoid being phished?

KnowBe4 have put together an amazing infographic that shares several red flags to look out for including:

 - A suspicious looking domain name;
 - a form of communication sent at an unusual time, not consistent with normal business hours;
 - an unexpected attachment or call to action (e.g. to provide credit card details or log-in credentials); and
 - bad grammar or low-quality graphics.

Many organisations, especially in the government and/or financial services industry, such as the Commonwealth Bank, publish web pages with their own advice and information on any current scams that are running under their name.

If you are a victim or suspect abuse of a .au domain name, contact us at abuse@afilias.com.au.

Or, if you have a question or want to suggest a topic for us to cover, email us at blog@afilias.com.au.