Cybercriminals are opportunistic and have used the global pandemic and shift in working arrangements to prey on the vulnerable. We remind all network brokers of the importance of cybersecurity and anti-scam processes. Below are some countermeasures to phishing attacks and other ways your business can stay safe online.


There are many tools and resources provided by the Australian Competition and Consumer Commission (ACCC) and Australian Cyber Security Centre (ACSC), that can help you develop effective training for your staff. Understanding what types of attacks are out there and why they can be so dangerous is your first line of defence.

Review the details

Some things to pay attention to is examining the “To” and “From” in the address line of a suspicious email. Ensure the email came from a sender you actually know. Even if it does come from a trusted sender, look in the To line to see if you are the only recipient. Many times a phishing email is sent from a compromised account, and the new “user” will create a phishing email, and maybe in an attempt to save time, or typing, will send the email to as many recipients as possible. If this is the case, delete the email and confirm with the recipient offline, if they had sent that correspondence. 

Links, ‘Click here’ and images. 

If a suspicious email includes images, attachments, or a URL – these are to be examined without clicking. Many phishing emails will contain links to URLs that are actually links to Cyber and Typo Squatting sites. This is when a hacker will create an email or domain name similar to the domain they have compromised. For example, In this example, the hacker has inserted an extra ‘I’ to trick the recipient of their phishing email in believing the link is legitimate. Microsoft provides tips on spotting and avoiding falling victim to Cyber and Typo Squatting.

Conduct a simulated phishing 

A simulated phishing campaign is one where the phishing is done by the organisation trying to protect itself. In order to better train staff, an organisation may deploy a phishing email created in house to see who bites. The goal of these simulated campaigns is to train users to better spot suspicious emails.

Do not share personal details 

Never provide your personal, credit card or online account details if you receive an email claiming to be from your bank or any other organisation. Instead, review the sender details, recipient list and do an independent check, perhaps face-to-face or on the phone. Most banks and organisations will never ask for personal details in an email.

If you would like to learn more about cybersecurity, download the ACSC resource here

Back to News