Spot phishing before it steals your login
Most account takeovers start with a convincing fake email or text that walks you to a fake login page. Learning the tells is the cheapest protection there is.
- Be suspicious of urgency and threats — account suspended, payment failed, act now — which are designed to rush you.
- Hover over links to see the real destination, and never log in via a link in an email or text.
- Go to the website directly by typing the address or using a saved bookmark instead.
- Check the sender address carefully, as scammers use lookalike domains a glance can miss.
- Never enter a one-time code or password on a page you reached from a message.
- If unsure, report it to Scamwatch at scamwatch.gov.au, and tell whedo.it if it targeted a work account.
Still stuck after those?
You’ve done the right thing by trying. Send whedo.it a quick note — what you tried, what you saw — and a senior pair of eyes will be on it the same business day.