Skip to main content

Know how to spot phishing (scam) messages

Can you spot a scam when you see one? Take the quiz now!

Since early March 2020, the Australian Cyber Security Centre (ACSC) has seen an increase in reporting from individuals, businesses and government departments about a range of different COVID-19 themed scams, online frauds and phishing campaigns.

Cybercriminals send phishing messages all the time. But crises like COVID-19 sadly provide more opportunity for cybercriminals to take advantage of vulnerable people wanting additional information by imitating trusted, well-known organisations or government agencies who might provide answers.

The phishing messages we’ve seen use all sorts of lures to trick people into handing over their personal details. For example, we’ve seen fake reports of new local virus cases and safety measures to prevent the spread, as well as emails on how to access government benefits or financial assistance payments. There have also been reports of fake online stores offering to sell non-existent products, including cures or vaccinations for the COVID-19 pandemic and protective items such as face masks.

Phishing messages can be sent via email, SMS, social media, instant messaging platforms or phone calls. They can look extremely authentic and convincing, replicating legitimate messages from trusted senders.

As well as featuring official-looking logos and disclaimers, phishing emails typically include a 'call to action' to trick recipients into sharing sensitive personal information from passwords to banking details.

Examples of phishing techniques include sending malicious links or attachments to a potential victim and requesting personal information such as name, date of birth, credit card number, or even usernames and passwords.

Identifying these messages as fakes can be very difficult, as cybercriminals go to great lengths to make them appear genuine. If you think a message you have received is not legitimate, there are techniques you can use to verify the message.

How do I stay safe?

Scam messages are one of the most common ways cybercriminals try to steal your information online.

Think you can spot a scam when you see one?

Put your skills to the test – take the quiz now!


  1. Think before you click on a link.

Think before you click

The link itself could contain malicious or nasty software. If you can, hover over the link to see the actual web address it will take you to.

  1. Never provide your details via a link in a message.

Never provide details via link

To visit a website (such as your bank) it's safest to manually type the web address into your browser.

  1. Contact the person or business to check if they sent the message.

Contact person or business to check if they sent message

Use the contact details you find through a legitimate source. Don’t rely on the contact details in the suspicious message.

  1. Think you’ve entered your personal details into a scam (phishing) site?

Entered personal details into a scam

These scam messages are very convincing and lots of people fall for them. Don’t feel embarrassed if it’s happened to you! Act quickly and get help.


To promote awareness of phishing messages and share tips on what to look out for, visit our phishing resource kit page. Here you will find a range of digital resources, including social tiles, GIFs and web banners to share with your staff, customers, family and friends.

How do I keep up to date?

This website provides important, timely advice and guidance to help Australians take proactive steps to protect themselves and their businesses from COVID-19 related and other cyber security threats.

You can also visit to report cybercrime and cyber incidents. And sign up to our free email alert service to stay up-to-date on the latest online threats and how to respond.

Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it