How phishing works

What is phishing?
How to protect yourself
What to do if you get phished

• You get an email that looks genuine, like it’s from a familiar company like eBay or your bank eg support@ebay.com.au.
• These emails often have a generic non-personalised greeting and encourage you to take immediate action like signing-in to your account. They may also have grammatical errors as many are created overseas.
• The email may include a link that appears to go to a familiar website but actually directs you to a fake one.
• The fake website is often a copy of a familiar sign-in page like eBay or your bank where you are asked to input your password or other account information.
• These websites can be very convincing and have very similar addresses to genuine pages.
  For example a genuine eBay log-in page will usually start with:
  
  • https://signin.ebay.com.au/
  • A fake eBay log-in page can be as close as:
  • http://signinebay.com.au/
  • http://123.456.78.9/signin.ebay.com.au
  Be sure to check the web address carefully against the genuine example above if you are in any doubt, or sign into the site directly rather than through a link.
• Some websites also contain hidden malicious software that download to your computer without your knowledge.
• If the fraudster manages to get your details they can steal money from your bank account, use your eBay ID to commit fraud or log in to other websites you visit, like email or social networking sites.