Email Phishing: What it is & How to Stay Safe

Nathan |

It seems there is a never-ending list of scams for organisations to navigate nowadays. From ransomware to Zoombombing to email phishing, minimising security threats to your business has almost become a full-time job.


The WFH shift has really ramped up concerns about the safety of company data, with email phishing making its way into more and more conversations in this department. So let’s break down what it means and how you can recognise and dodge an email phishing scam.

Man sitting at pc looking over emails

What is email phishing?

The easiest way to remember what “phishing” is, is to think of it as cybercriminals “fishing” for your information. They do this by sending fraudulent emails (like those in your junk folder, or the sneaky ones that sometimes make it into your inbox), to lure you into providing things like passwords, credit card details, or online banking log-ins.


Scammers will often design their email so it looks like one from an organisation you trust, such as your bank or mygov. It will usually contain a link to a fake website (that could look like an identical copy of a website you know), and you’ll be encouraged to enter your confidential details.

What happens when you get phished?

Just like when a fisher uses bait to “hook” and catch a salmon, phishers use virtual bait in the form of an email to catch their victims. If you unsuspectedly become the salmon in the scenario, what’s really happening?


In many cases, the email will use fear tactics to prompt you to act quickly. An urgent “unpaid bill”, or a subscription that will be cancelled unless you “pay immediately” are both common hooks. An invoice could be attached, and when you download that invoice, it actually infects your PC with malware. In other cases, you’re sent to a website where you share your private information, so scammers now have access to your accounts.


It’s all very convincing, and it could end up being a costly trap that threatens your business’ reputation and livelihood. The good news is: phishing scams are avoidable.

Your anti-phishing guide

According to Scamwatch, last year in Australia, we lost a total of $1,689,406 to phishing. Outsmarting the scammers and avoiding phishing scams starts with recognising them. Here are some common features of phishing emails you should keep a lookout for:


  • Claims of suspicious activity in your account
  • Claims that there’s a problem with your payment or payment information
  • A request for you to confirm some personal details
  • Downloadable attachment 
  • A link for you to follow and provide your login details
  • Coupons for free stuff


Be vigilant about any email that exhibits the above characteristics, and add an extra layer of protection to keep you and your business safe from phishing attacks.


  1. Even if emails look real, don’t download attachments, follow links or share your personal information. Instead, log onto your account directly on the official website and look for any messages there.
  2. Install security software and set it to update automatically.
  3. Use multi-factor authentication (2FA) when logging into your accounts. That means providing a password and proving your identification a second way, such as with a code sent to your phone.
  4. Backup data on your laptop and phone, such as to an external hard drive or cloud storage.

Enhanced protection from cyber risks for your business

Staying safe from email phishing and other cyber vulnerabilities is a growing focus for Australian businesses. The IT Department can help you put the infrastructure in place to adapt to the changing digital landscape and safeguard your business from attacks. 


Give us a call on 1300 10 10 40 or email to find out what we could do for you.