Phishing emails, disguised as legitimate communications, often contain urgent requests or warnings designed to manipulate you. These links can lead to fake websites that mimic the real ones, leading to the loss of your personal details such as passwords, credit card numbers, or even your health data in the case of healthcare scams.
Spotting phishing scams
While some phishing emails can have obvious red flags, others are sophisticated and can be tricky to distinguish from genuine communications.
-
Check the sender
One of the best ways to spot phishing emails is by checking the sender's email address. We’ll never send emails from addresses with outsourced domain names like Gmail, Yahoo, or Outlook. -
Spelling, grammar, and unusual symbols
If an email has typos, grammatical errors, or strange symbols, it's a strong indication that it may be a phishing attempt. -
What’s in the content
Phishing emails often copy things like logos and titles to look like trusted organisations. But these imitations are often imperfect. To check an email, compare it with our official website and make sure the logo and other elements match up. -
Urgency and too-good-to-be-true offers
Healthcare scam emails can create a sense of urgency or excitement, pressuring you into taking immediate action. They may threaten to release private healthcare records or photos, or they may offer something that sounds too good to be true, such as free or discounted healthcare services, products, or prescription drugs.
Spotting a phishing attempt: a Medibank scam example
Here's an example of a scam email:
This person received an email from someone claiming to be Medibank, telling them that they need to “secure” their account.
Sender's name and email address: the name in the sender field is “MediBank” rather than Medibank. The email address also comes from a domain called “Meadibank.com.au”.
Tone: this email creates a sense of urgency both by using words like “urgent” and creating fear around possible fraud.
Grammar, spelling, and punctuation: there are several errors in this email.
Suspicious link: the message contains a link that may lead to a fraudulent website designed to steal your information.
Incorrect logo: the logo on this email is slightly different to the official Medibank logo.
Similar phishing scams to look out for
-
Cancelled health insurance
"Your health insurance plan is being cancelled. Please call us at 1-800-555-1212 to make a payment immediately."
The aim of this email is to pressure you into giving away your credit card details. Avoid calling unknown numbers. You can log in to your ahm account to check the status of your cover. -
Fraudulent activity
"We have detected fraudulent activity on your health insurance account. Please click on the link below to verify your identity."
The aim of this email is to direct you to a fake website where your login details can be stolen. Don’t click on any suspicious links. We’ll never ask you to verify your identity via a link if we detect fraudulent activity. -
Health insurance provider hack
"Your health insurance provider has been hacked. Please click on the link below to change your password."
The aim of this scam is to trick you into revealing your password. Don’t make any changes to your account by clicking a link on an email. Log in to your ahm account to update your password.
If you get an email that you think is a phishing attempt, report it.
If you ever feel unsafe online, file a report at ReportCyber.
To help others spot new and emerging scams, report to Scamwatch.