SMS scams used to be obvious. The new generation isn't. Six recurring patterns.
SMS scams — "smishing" — used to be obvious: bad English, weird links, transparent appeals. The new generation is polished, locally targeted, and increasingly hard to tell from the real thing. The good news: there are only about six recurring patterns. Once you recognise them, you spot all of them.
"Hi, your AusPost parcel could not be delivered. Re-schedule here: auspost-track.delivery". You probably do have a parcel coming — you order things online — so the click rate on these is high. AusPost and Australia Post never text you links to reschedule deliveries. If you're expecting something, open the AusPost app or website directly and check the tracking number.
"You are eligible for a $480 ATO rebate. Claim now: ato-portal.gov-au.com". The ATO does not text refunds. Centrelink does not text payments. Real government communication arrives in your myGov inbox, not your SMS. If you're owed a refund, log into myGov directly and check.
"Hi mum, I broke my phone, this is my new number. Can you help me out with a payment, I'll explain later xx". Targets parents. The criminal hopes for emotional response that bypasses verification. Always call the original number first, even if you're worried. Confirm via a separate channel.
"Hi, this is [bank/Telstra/M365] — for security please read me the code we just sent". The code is sent because someone is trying to log into your account. They've already got your username and password from somewhere; they need the code from your phone to finish the login. NEVER read a code to anyone. The legitimate sender already knows the code.
"Hi, I came across your profile. We have part-time work paying $80/hour for product reviews. Reply YES for details". The scam usually progresses to "register on this site" / "transfer this small amount to verify your bank" / "buy these gift cards and we'll reimburse you". Real recruiters don't cold-text. They use LinkedIn and email.
"Hi, sorry — Jane gave me your number, said we'd get along. How's your week going?" Then a slow build over weeks to a financial ask. Long-game scams. Anyone you've never met who progresses to asking for money is a scammer. Block, report to Scamwatch.
Smishing overlaps with banking and phone-safety. Read the lot.
whedo.it runs short awareness sessions covering current Australian smishing patterns — usually 20 minutes including a live walkthrough. Especially valuable for finance teams. Add to the quarterly security training cadence.
A Support Representative will get in touch.
A Support Representative will be in touch the same business day.
No deck, no pitch — walk your environment with a senior Australian practitioner. Confidential by default.
I built this business because I wanted to do Managed services properly — for a small number of clients, at a senior level, with the same person on the end of the phone every time. The work is too important and the stakes are too high for anything less.
Behind the formal qualifications: a Cyber Security degree from the University of the Sunshine Coast, currently working on my Master’s, plus a continuous stack of Microsoft, Acronis and Nerdio certifications — the ones that have to be renewed because the threats don’t stay still.
Behind the certifications: thirty years of doing the work. I cut my teeth in consulting, then went to Cisco on the team building the original iPhone — Cisco’s VoIP handset, the trademark Apple later acquired in the 2007 settlement. At TPG in 1999 I sold frame-relay networks when frame-relay was the cutting edge of business connectivity. I built and sold a Sydney-based MSP called Online IT before relocating to Perth.
Three decades of watching what’s actually changed and what hasn’t. The technology has changed almost beyond recognition. The principles haven’t. Identity first. Backup that has actually been tested. A senior practitioner who knows your environment. Calm in an incident. Honest answers when the answer is “no.”
That’s whedo.it. That’s the brief. That’s why long-tenure clients don’t leave.
— Warren Ephron, Director