Page Contents
Main Content
Phishing is an offence where a person is convinced to place their user name and password into a fraudulent web site. The criminal then accesses the victims account and withdraws all the money they can access using the victim’s credentials.
Money is stolen from the bank account of an innocent victim usually by a person located overseas.
How does this work?
People receive emails represented to be from their bank. The email states they need to log back into their online account and update their password due to security or technical issues. A link is attached which directs the user to an online copy of the legitimate bank account where the user inputs their user name and password. Once received, the user is directed to their legitimate account where they see their account balances.
The cybercriminal now has their access details and uses this information to withdraw the money from their account as well as draw down on any loans they can access.
Alternatively, the user is induced to click on a link in the email which downloads a computer virus onto the computer that captures the user name and password next time the user logs into their online banking.
How do I protect myself?
- Do not reply or action any email from your bank asking you to click on the link to access your account.
- Use 2 faction authentication which sends a code to your phone whenever there is an attempt to log into your account.
- Delete emails containing links and attachments
- If you have concerns, contact your bank in person or by phone to discuss your concerns.
Report this crime
This crime should be reported to the Australian Cyber Security Centre (ACSC).