Content written for

Individuals & families

What is phishing?  

Phishing is a way cyber criminals trick you into giving them personal information. They send you fraudulent emails or text messages often pretending to be from large organisations you know or trust. They may try to steal your online banking logins, credit card details or passwords. Phishing can result in the loss of information, money or identity theft.  

Spear-phishing is when these emails and text messages are highly targeted to the recipient.

See if you can spot a phishing scam.

Spotting phishing attempts can be harder than you think. Take the quiz now to see how you do.

Think you've been targeted by a phishing attack?

Read on to understand the steps you should take.

  • If the phishing was via email, contact your email provider for advice on how to block future phishing emails.  

  • If the phishing was via text message, report the attempt to your telecommunications provider. Visit the Australian Communications and Media Authority (ACMA) Phone scams page for more information.  

  • If the phishing attempt was via a social media, report the attempt to the platform.  

  • Report the scam via National Anti-Scam Centre - Scamwatch.

  • Visit our Emails and texts information page for more details on how to identify and report phishing attempts.

  • Run antivirus or security scan software on your devices to remove any malware. See our step-by-step guide Performing a malware scan using Microsoft Defender Antivirus for Windows 10. If you use another antivirus product, refer to their instructions.  
  • For extra peace of mind, consider saving important files on an external storage device (such as a USB Thumb Drive or memory stick) and performing a factory reset of your device. Contact an IT professional if you are unsure how to do this.  
  • Report the incident to us through ReportCyber
  • Visit our Malware information page for details on how to identify, protect yourself and recover from malware.  
  • Immediately report the transaction(s) to your bank or financial institution.  
  • Change your online banking passwords to secure your online accounts. You may also need to close any unauthorised accounts that have been opened in your name. Refer to for advice on securing your online accounts.   
  • Contact your email, telecommunications or social media provider for advice on how to block future phishing attempts.  
  • Report the incident to us through ReportCyber.   
  • Contact your bank or financial institution to secure your financial accounts.  
  • Contact any other services where the personal information could be used to access accounts. For example, the ATO or Services Australia.  
  • Change the passwords to any accounts which may be accessed. This could include banking, superannuation, MyGov and email accounts.  
  • Report the incident to us through ReportCyber
  • Contact a credit reporting agency to see if any attempts have been made to open accounts in your name.  
  • Contact your email, telecommunications or social media provider for advice on how to block future phishing attempts.  
  • Refer to for a list of checks to complete to minimise the effects of identity theft.  
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it