7 “…ishing” Scams to Avoid
🎣 7 “...ishing” Scams You Should Know About
— And How to Avoid Them
Cybercriminals are constantly evolving their tactics — and many of their most successful scams end in “…ishing.” These attacks are designed to trick people into giving up sensitive information, clicking malicious links, or even transferring money.
Whether it’s through email, text, phone calls, or social media, these scams can cause serious damage to your business.
Here are 7 common “…ishing” scams you should know about — and how to protect your team from falling for them.
1. Phishing
Phishing is the most well-known scam. Attackers send emails that look like they’re from trusted sources — banks, service providers, or even internal departments — to trick users into clicking links or entering login credentials.
Example: An email that looks like it’s from your bank asking you to “verify your account” by clicking a link.
How it works: The message often creates a sense of urgency or fear, prompting quick action without thinking.
2. Spear Phishing
Spear phishing is more targeted. Attackers research their victims and craft personalized messages that appear to come from someone they know — like a manager or colleague.
Example: An email from “your boss” asking you to urgently transfer funds or share confidential documents.
How it works: It feels personal and legitimate, making it harder to spot as a scam.
3. Whaling
Whaling is spear phishing aimed at high-profile individuals — CEOs, CFOs, and other executives. These attacks often involve legal or financial themes to add credibility.
Example: A fake legal notice sent to a company executive requesting sensitive business data.
How it works: Executives are busy and often handle sensitive information, making them prime targets.
4. Smishing
Smishing is phishing via SMS. Attackers send text messages that appear to be from trusted services, often with links to fake websites.
Example: A text from “Australia Post” with a link to track a package — but the link leads to a malicious site.
How it works: People trust SMS more than email and are more likely to click without verifying.
5. Vishing
Vishing involves phone calls where attackers impersonate trusted entities — like government agencies or IT support — to extract sensitive information.
Example: A call from someone claiming to be from the ATO asking for your tax file number.
How it works: Voice adds a layer of trust, and attackers often use pressure tactics to rush decisions.
6. Clone Phishing
Clone phishing involves copying a legitimate email you’ve received before and resending it with a malicious link or attachment.
Example: An email that looks identical to one you got last week — but now the attachment contains malware.
How it works: It looks familiar and safe, lowering your guard.
7. Angler Phishing
Angler phishing happens on social media. Attackers impersonate customer service accounts and respond to public posts with fake support links.
Example: A fake Telstra support account replies to your tweet with a link to “resolve your issue.”
How it works: It appears helpful and timely, especially when you’re already frustrated or seeking support.
🛡️ How to Protect Your Business
Here are some simple but powerful tips to help your team avoid falling for these scams:
- Verify the sender before clicking links or downloading attachments
- Don’t share sensitive info via email, SMS, or phone
- Hover over links to check their true destination
- Use strong, unique passwords and enable multi-factor authentication
- Report suspicious messages to your IT or security team
- Keep software and antivirus tools up to date
A4 Poster (click to download/print)
🚨 Stay Cyber-Safe with Teltech ICT
At Teltech, we help businesses build strong defenses against phishing and other cyber threats.
Our services include:
- Cybersecurity awareness training
- Phishing simulations
- Threat monitoring and response
- Policy management and compliance support
A3 Poster (click to download/print)
📣 Ready to Strengthen Your Human
