Written by Medibank
February 2024
Navigating the digital age with confidence only gets tougher in today’s interconnected world. Emails have become an indispensable tool for communication, and like text messages, they too can carry unwelcome surprises.
Did you know that phishing scams go back as far as the mid-90s? Hackers would request users to share personal information or financial information through emails or fake websites. Since then, hackers have evolved into a more sophisticated threat, successfully impersonating government agencies or even trusted contacts, such as your healthcare providers.
Phishing emails, often disguised as legitimate communications, commonly contain urgent requests or warnings designed to manipulate you. These links often lead to fake websites that mimic the real ones, leading to the loss of your personal details such as passwords, credit card numbers, or even your health data in the case of healthcare scams.
Identifying and defending against phishing scams
Phishing emails can be difficult to spot, especially if they are scammers pretending to be someone you know and trust.
While some phishing emails can have obvious red flags, others are sophisticated and can be difficult to distinguish from genuine communications. To protect yourself from falling victim to these scams, it's crucial to develop a keen eye for identifying suspicious emails.
Phishing emails can be difficult to spot, especially if they are scammers pretending to be someone you know and trust.
While some phishing emails can have obvious red flags, others are sophisticated and can be difficult to distinguish from genuine communications. To protect yourself from falling victim to these scams, it's crucial to develop a keen eye for identifying suspicious emails.
1. Verifying the sender: your first line of defence
One of the most effective ways to identify phishing emails is to scrutinise the sender's email address. We will never send emails from addresses with outsourced domain names like Gmail, Yahoo, or Outlook. Always check the sender's email address against our official contact information: you can find this on our website or in a previous email we've sent you. If you have any doubts about the email, contact us directly on 132 331.
2. Spelling, grammar, and unusual symbols: signs of deception
Scammers often overlook the finer details of language, resulting in emails with poor spelling, grammar, or unusual symbols. At Medibank, we’re committed to using clear, concise, and grammatically correct language in all communications with our customers. If an email has typos, grammatical errors, or strange symbols, it's a strong indication that it may be a phishing attempt.
3. Examining the content: unveiling the truth
Phishing emails often mimic the logos, titles, and other brand elements of trusted organisations like Medibank. These imitations are often imperfect, however. To check an email, compare it with our official website: make sure that the logo has the correct colours and font, and that the overall layout and tone match. If you have any concerns about whether an email from us is legitimate, contact us directly on 132 331.
4. Recognising the tone: urgency and too-good-to-be-true offers
Healthcare scam emails often create a sense of urgency or excitement, pressuring the person who receives it into taking immediate action. They may threaten to release private healthcare records or photos, or they may offer something that sounds too good to be true, such as free or discounted healthcare services, products, or prescription drugs. We will never use these tactics in our communications. If an email makes you feel afraid, anxious, or excessively excited, it may be a phishing attempt.
If you receive any suspicious emails claiming to be from us, file a report at ReportCyber. You can help inform others about new and emerging scams by reporting them to Scamwatch.
If you receive an email that you suspect is a phishing attempt, don't hesitate to report it. You can file a report with the Australian Cybercrime Online Reporting Network (ReportCyber) or inform others about new and emerging scams by reporting them to Scamwatch. By reporting suspicious emails, you are contributing to the fight against phishing scams and helping to protect yourself and others from falling victim.
Spotting a phishing attempt: a Medibank scam example
Here’s an example of a scam email. How many red flags can you spot?
This person has received an email from someone claiming to be Medibank, telling them that they need to “secure” their account. At first glance, it appears to come from Medibank: the colour, font, images, and even logo look familiar. If you look closer, however, you can spot the red flags:
Sender's name and email address: the name in the sender field is “MediBank” rather than Medibank. Even more tellingly, the email address comes from a domain called “Meadibank.com.au”.
Tone: this email creates a sense of urgency both by using words like “urgent” and creating fear around possible fraud.
Grammar, spelling, and punctuation: there are several errors in this email. We are very careful to use correct grammar, spelling, and punctuation in our communications.
Suspicious link: the message contains a link that may lead to a fraudulent website designed to steal your information.
Incorrect logo: the logo on this email is slightly different to ours. Always cross-reference logos with what’s on our website to make sure.
Similar phishing scams to look out for
1. Cancelled health insurance
"Your health insurance plan is being cancelled. Please call us at 1-800-555-1212 to make a payment immediately."
The aim of this email and others like it is to pressure you into revealing your credit card details. Avoid calling unknown numbers. Log into My Medibank, either online or on the app, to check the status of your cover. You can also call us on 132 331.
2. Fraudulent activity
"We have detected fraudulent activity on your health insurance account. Please click on the link below to verify your identity."
The aim of this email is to direct you to a fake website where your login credentials can be stolen. Do not click on any suspicious links. We will never ask you to verify your identity via a link if we detect fraudulent activity. If you’re worried, log into My Medibank, either online or on the app, to check your profile.
4. Health insurance provider hack
"Your health insurance provider has been hacked. Please click on the link below to change your password."
The aim of this scam is to trick you into revealing your current password. Do not make any changes to your account by clicking a link on an email. Log into My Medibank, either online or on the app, to update your password.
Learn more: how to change your login details.
Your best defence: vigilance
Staying vigilant is your strongest defence against scam emails. By staying alert, analysing the sender's information, and refraining from clicking on suspicious links, you can safeguard yourself from phishing scams and navigate the online world with confidence.
If you ever feel unsafe online, file a report at ReportCyber.
To help inform others about new and emerging scams, report to Scamwatch.