Scammers don’t need lock-picking skills or Hollywood hacking montages — they just need you to trust them. Phishing attacks work by tricking you into handing over your own info, whether it’s a fake email from your boss or a dodgy text from ‘your bank’.

Cybercriminals will try to reel you in with phony emails, messages, or websites. They want your passwords, card details, or anything else they can use to steal your money. These scams can look scarily legit, but trust us — your bank will never ask for your login details via email or text. 

How do phishing scams work?

Phishing works by sending a victim a fake email or text, with the aim to trick them into providing personal information, logins or to click a dangerous link. 

Scammers dangle bait — an urgent email, a ‘suspicious login’ alert, or even a fake refund —hoping you’ll panic and click without thinking. Once you do, they’ve got you, hook, line and sinker. That dodgy link you clicked?

It leads to a fake website that looks real enough to fool you into entering your details. And just like that, they’re in your account.  

What do phishing scams look like?

So, how do phishing scams actually unfold? It’s always about getting you to click, provide info, or act before you think. Stay sharp!

The ‘urgent account alert’.

You receive an email claiming your account has been compromised, urging you to click a link and ‘verify’ your details. You do, but instead of securing your account, you’ve just handed your info over on a silver platter.

The prize notification.

You get an email or text saying you've won a massive prize, but to claim it, you need to provide personal details or pay a fee upfront. Spoiler alert: The prize doesn’t exist, and neither does your money.

The ‘fake tech support’ call.

A scammer calls, claiming to be from a well-known company, saying your device is infected with a virus and needs URGENT attention. They ask for remote access to fix it — uh oh. They’re installing malware or stealing your info instead.

Spot the phishing scam red flags.

Scammers are getting slicker, but their tricks are still the same. Here’s how to spot the red flags early: 

Pressure tactics.

Scammers love urgency. If an email says you’ll be locked out of your account unless you ‘click right now’. Red flag. 

Odd email addresses.

Check the email against other emails received from your company or bank. If it doesn’t match, red flag. 

Dodgy links.

Hover over links before you click. If the URL looks dodgy or doesn’t match the company’s official site, red flag. 

Spelling mistakes & bad grammar.

Banks hire proofreaders. Scammers, not so much. If there’s mistakes aplenty, red flag.

Unexpected attachments.

If you didn’t ask for it, don’t open it. Unexpected files are how malware sneaks in, and you definitely don’t want that. Red flag. 

What phishing scams are out there?

There’s no shortage of phishing scams floating around. Recognising the different types can help you see them coming. Here’s a quick rundown of common phishing attacks

Spear phishing.

Scammers do their homework and send targeted, personal attacks. Think: a fake email from your boss asking you to wire money. 

Clone phishing.

They copy a real email you’ve received before but swap in a dodgy link. 

Pharming.

Instead of sending a dodgy email, scammers can install malicious software that changes your computer’s DNS settings.

This redirects you to fake websites that look real — so when you enter your login details, they steal your personal information. 

Protect yourself from phishing fraud.

Now that you know how phishing scams operate, how do you protect yourself from getting hooked?

The key is staying alert and double-checking everything.
  • Never click links in unsolicited emails or texts. Instead, go directly to the official website. 
  • Use multi-factor authentication (MFA) or biometrics such as face ID. Even if scammers get your password, MFA or biometrics stops them in their tracks. 
  • Update your passwords regularly. And make them strong — no ‘123456’ nonsense. 
  • Verify before you trust. If your ‘bank’ emails you unexpectedly, call them directly to check. 
At ME, we know how slick and convincing scams can be, and we’re committed to keeping you one step ahead of fraudsters. 

We keep you in the loop with up-to-date alerts on the latest scams making the rounds. Check out our latest scam alerts to stay informed. 

Knowledge is mightier than the keyboard. Something feeling a bit shady? Visit our Protect Yourself page and shine a light on it. 

If in doubt, call ME on 13 15 65, or email us at melb.fraudgroup@mebank.com.au


Have you been the target of an phishing scam?

Here’s what to do.

It can be scary to realise that you’re being scammed — but don’t panic, you’ve still got options: 

 

Cut contact immediately

If you’re still in communication with the scammer, cut ties.  

 

Report it.
Let the right people know.

ASIC (Australian Securities and Investments Commission) If the scam involved financial services. 

Scamwatch To help track and prevent future scams. 

Talk to us We may be able to stop or recover transactions. 

 

Secure your accounts.

Change passwords and PINs for banking, emails, and any other sensitive accounts. If you gave out personal details, consider identity protection services. 

 

Stay alert.

Scammers may try again. Be wary of follow-up scams pretending to help you recover lost funds. 

Did you find this page useful?
We're sorry, please tell us why?
Please leave your feedback before submitting.
Please note: This form is for website feedback, so enquiries won't reach our customer service team. If you need to get in touch, call or email us here.
Thanks for giving ME feedback.