Everyday Cyber Security: Outsmart Scams, Think Before You Click, and Spot Deepfakes
Scams aren’t the clumsy, typo-filled emails they used to be, they now look exactly like the messages you trust every day. Today’s cybercriminals use AI-powered tools to create emails, texts, calls, and even fake videos or voice recordings that look and sound real. These scams are polished, personalised, and designed to catch you off guard.
In 2024 - 25, Australians reported a cybercrime every six minutes. With scams becoming more convincing, the most powerful defence you have is simple: pause, verify, and protect yourself.
This week in Everyday Cyber Security, we’re breaking down how to recognise modern scams, including deepfakes and what to do when something doesn’t feel right.
The everyday approach: Slow down and check the signs
It starts with a message from ‘your bank’. The logo looks right. The tone feels right. And for a moment, your brain says: this must be real.
When you receive an unexpected message, call, or request, treat it as unverified until proven otherwise. Here’s your step-by-step process.
1. Pause before you act
- Email/SMS/Chat: Don’t click links, open attachments, or reply.
- Calls/Video: Don’t share information, approve payments, or install software mid-call.
A few seconds of hesitation can save you hours of damage control.
2. Look for urgency or pressure
Scammers love phrases like:
- “Pay now”
- “Your account will be closed”
- “Confirm within 2 hours”
- “Keep this confidential”
Urgency is a tactic. Slow the interaction down.
3. Check the source
Email:
- Hover over the sender address, look for look-alike domains like
paypa1.com. - Hover links to reveal the real destination.
SMS:
- Random numbers, new threads, or shortened links are red flags.
Calls/Voicemail:
- Caller ID can be spoofed.
- Never trust callback numbers provided in the message.
Social/Video:
- New accounts, low history, or off-brand behaviour should raise suspicion.
Messaging apps:
- New numbers, no profile photo, or sudden requests from a “friend” whose writing style feels off.
4. Inspect the content
- Common scam scenarios: fake parcel, fake bank call, fake workplace request
- Generic greetings (“Dear Customer”)
- Odd phrasing or formatting
- Requests for passwords, MFA codes, bank details, or remote access
- Unexpected attachments or links
- Deepfake clues: lip-sync issues, strange blinking, inconsistent lighting, robotic audio, or behaviour that feels “off”
5. Verify using a second channel
This is your golden rule.
- Contact the organisation using details you find yourself, like from their official website and not the ones in the message.
- Search the exact message text online; many scams are reused.
- At work, follow your internal verification process.
6. Decide what to do
- Safe: No red flags and verification checks out.
- Suspicious: One or two red flags, stop and verify.
- Malicious: Multiple red flags, report it and delete.
7. Report and remove
- Use built-in reporting tools (Outlook/Gmail).
- Forward scam SMS to 7226 (Telstra).
- Lodge a report at ReportCyber.
- Delete the message and block the sender.
- At work, always follow your organisation’s reporting process so security teams can block the threat for others.
Pro tips:
- Type, don’t tap: Manually enter website addresses for banking, government, or work.
- MFA rule: Never share MFA codes or approve prompts you didn’t initiate.
- Screenshots: Capture evidence before deleting if you need to report it.
Quick reference: Top signs of phishing
| Indicator | Why it matters | What to do |
|---|---|---|
| Urgency or threats | Designed to make you panic | Pause and verify |
| Look-alike sender address | Easy to miss at a glance | Hover and compare with official domains |
| Generic greetings | Real organisations use your name | Treat as a red flag |
| Unexpected attachments/links | Common malware delivery | Don’t open; confirm first |
| Spelling/formatting errors | Often used in mass scams | Combine with other signs |
| Mismatched URLs | Fake login pages | Type the address manually |
| Requests for sensitive info | Legit orgs won’t ask | Report and delete |
Quick reference: Top signs of deepfakes
| Indicator | Why it matters | What to do |
|---|---|---|
| Lip-sync mismatch | AI struggles with perfect alignment | Request a follow-up call |
| Unnatural blinking | Missing natural cues | Compare with known footage |
| Odd lighting/shadows | AI struggles with physics | Inspect multiple frames |
| Robotic or glitchy audio | Voice cloning artifacts | Verify via a known number |
| Sudden behaviour change | Impersonation attempt | Cross-check via another channel |
| No verifiable contact | Avoids traceable channels | Look up official details |
Reporting tools you should know
| Tool | Purpose | How to use |
|---|---|---|
| ReportCyber | Report scams, phishing, ID theft | Visit cyber.gov.au/report |
| Outlook “Report Phishing” | Alerts Microsoft/security teams | Email > Report > Phishing |
| Gmail “Report phishing” | Helps block global campaigns | Email > ⋮ More > Report phishing |
| SMS to 7226 | Reports scam texts | Forward the SMS to 7226 |
The faster you report, the faster providers can block the scam for everyone.
The everyday cyber security mindset
You don’t need to be technical, you just need to slow the moment down.
Not every message is what it seems.
Pause. Check. Protect.
This simple habit is one of the strongest defences you can build into your daily life, and it only takes a few seconds.
Comments
Post a Comment