Something smells a bit phishy?

How to spot a phishing/smishing scam before it finds you

Phishing is one of the oldest scams in the book, but scammers are always looking for new ways to steal. Take smishing for example, which is when they use SMS to trick you. In fact, in 2024 Australian Competition and Consumer Commission (ACCC) reported over $20 million in phishing losses¹, with SMS as the most common form of contact. So if something smells a bit phishy, it probably is.

What’s a phishing/smishing scam?

A phishing/smishing scam is when a scammer tries to trick you into revealing your bank account details, passwords or credit card numbers so they can steal from you.

They’ll contact you by email or phone (phishing) or SMS (smishing) pretending to be from a trusted organisation like a bank, government agency or well-known brand.

How it works

The scammer will contact you with an email, phone call or SMS that appears to be coming from a real organisation.
The scammer will say there’s an urgent issue that needs to be fixed, like suspicious activity on your account or a missed payment.
The message often includes a link to a real-looking fake website that prompts you to enter your information, or the caller may ask for it so they can ‘fix’ the problem.
Once you do, the scammers will use your details data to steal your identity, money or both.

Here’s how it happened to Sara

ING customer Sara* received an SMS saying it was from ING. The message said they attempted to make a payment and to click a link if she wasn’t the person who made it. However, Sally noticed the link looked unusual and didn’t include the proper ING web address, so she didn’t click it. Instead, she checked the official ING website to check the latest security alerts, then called ING to report the scam.

*Name changed for privacy.

4 signs it’s a phishing/smishing scam

Every crime has it’s MO, so here are some good clues it’s a phishing/smishing scam.

They use generic messages that don’t use your name and have awkward phrasing.
They use threatening language like ‘your account will be locked’ or ‘unauthorised transaction detected’.
They include links that look unusual and suspicious looking attachments.
They ask for sensitive information like your account, login or credit card details.

Specific things you can do

To help avoid a phishing/smishing scam you should:

never click on links or open attachments in unsolicited messages
verify by contacting the organisation using its official phone number, app or website
use strong, unique passwords and avoid reusing them across different sites
add an extra layer of security to your accounts by enabling two-factor authentication
report suspicious messages to ING and scamwatch.gov.au

Better yet: Stop, Reflect & Protect

Whatever the type of scam, keeping these simple steps top of mind could help prevent you from becoming a scam statistic.

3 steps to spot scams before they find you

Stop. Before clicking a link in an SMS, email or website or sharing details over the phone, take a breather to assess if you really know or trust who’s asking.
Reflect. Ask yourself: ‘Could this message or caller be fake?’
Protect. Don’t proceed if things seem fishy! If you’re an ING customer and notice unusual activity on your account, place your card on hold in the ING app and call our 24/7 scams line on 1800 052 743.

For our latest security alerts and more ways ING can help to protect you and your money, visit ing.com.au/security.

¹ The Australian Competition and Consumer Commission (2024), https://www.scamwatch.gov.au/research-and-resources/scam-statistics

The information is current as at publication. Any advice on this website does not take into account your objectives, financial situation or needs and you should consider whether it is appropriate for you. ING is a business name of ING Bank (Australia) Limited ABN 24 000 893 292, AFSL and Australian Credit Licence 229823. Before interacting with us via our social media platforms, please take a minute to familiarise yourself with our Social Media User Terms https://www.ing.com.au/pdf/Social_Media_User_Terms.pdf.