When Helen Douglas received a text about outstanding toll payments, she thought nothing of it. The message and adjacent link looked just like ones she had received before.
But the Stockton woman was one of more than 550,000 Australians who have fallen victim to scams this year in a growing issue for the nation.
"I went ahead and paid [the money]" Ms Douglas said. "What could the problem be? Twenty minutes later, I had a message from my financial institution."
Ms Douglas said she spent "a whole morning" at her bank after a sleepless night wondering if money would disappear from her account.
"It was very scary," she said. "I entered my card number, account information. It was all [there]."
Nationwide exposure to phishing scams increased by 10 per cent over the 2021-22 financial year compared to the 12 months prior, according to the Australian Bureau of Statistics (ABS).
Card fraud was the most significant risk, with 1.7 million Australians impacted. The risk of phishing scams - posing as a reputable company to secure people's personal information - came in at second.
And the national anti-scam department, Scamwatch, warned even seemingly minor phishing methods could have huge consequences.
"Combining small amounts of data can turn into useful information that enables access to confidential personal information, identity theft, financial fraud, and unauthorised access to sensitive business systems and files," a Scamwatch spokesperson said.
They recommended people asses messages and links thoroughly before giving any personal details away. You can also call companies directly if you are unsure about communications you have received.
"If you feel uncomfortable providing the information or feel something is not quite right, stop the contact and seek advice," the spokesperson said.
But knowing if a message is genuine is not always simple. Tactics used by scammers can be sophisticated, piggy-backing off legitimate communications from companies.
Newcastle Permanent's head of financial crimes and banking operations Cameron Smith said issues like spelling mistakes, overly long email addresses or web links and unprofessional design may signpost a scam.
Many websites, including Linkt, where the text Ms Douglas received was posed as coming from, list their genuine email addresses, links and numbers to help customers navigate unknown messages.
"A few other red flags to keep an eye out for include being asked to pay a debt using gift cards, requests for money over social media - and that includes dating websites or even gaming platforms, as well as the more recognisable social channels," Mr Smith said.
Another factor that can raise alarm bells is messages from companies you do not usually interact with. Though Ms Douglas had used Linkt before, she had not recently driven on toll roads.
"I was thinking [I hadn't] been down to Sydney lately," Ms Douglas said. "But my daughter had borrowed the car."
Ms Douglas believed had her bank not acted quickly, she could have lost money in the thousands. She is now using her experience to help others.
"I discussed it with all my friends over coffee this morning," the retiree said. "I don't think people are quite aware of this form of scam."
More information to prevent phishing scams is available on the ID Care website.
