Glossary / Fraud & scams

Phishing

Phishing is a scam where fraudulent emails, texts, or websites pose as a trusted organisation to trick people into revealing passwords, financial details, or approving payments.

How does phishing work?

Phishing uses a fake email, text, or website that impersonates a trusted organisation to trick people into handing over passwords, financial details, or approvals. The message copies real branding and creates a reason to act now: a locked account, a failed payment, an urgent document to review. A common Australian example is an email dressed up as a bank or the ATO, linking to a convincing but fake login page. The moment a staff member enters their credentials, the attacker captures them and can move on to the inbox, the banking portal, or the payment approvals that sit behind it.

Why it matters for Australian finance teams

Phishing is the entry point for much larger fraud. Stolen email credentials enable account takeover and business email compromise, which then drive payment redirection, the categories the ACCC’s Scamwatch and the Australian Signals Directorate rank among the costliest for organisations. For finance teams, a single successful phishing email against one person can expose supplier lists, invoice histories, and the ability to request bank detail changes from a trusted address. The initial theft of a password is small; the downstream payment fraud is where the real money goes.

How ezyshield helps

ezyshield cannot stop a phishing email from reaching an inbox, and it is not an email security gateway, so keep your filtering and awareness training in place. What it does is remove the payoff: even if credentials are stolen and a fraudulent bank-detail change is requested, ezyshield verifies that the person or business owns the account before money moves, and re-verifies on any change. See how it works and how we tackle payment redirection fraud.

Also known as: phishing attack, phishing scam

Last updated: 7 July 2026

Stop payment fraud before money moves

Verify the person, business, and bank account before any payment leaves your account.