Glossary / Fraud & scams
Phishing
Phishing is a scam where fraudulent emails, texts, or websites pose as a trusted organisation to trick people into revealing passwords, financial details, or approving payments.
How does phishing work?
Phishing uses a fake email, text, or website that impersonates a trusted organisation to trick people into handing over passwords, financial details, or approvals. The message copies real branding and creates a reason to act now: a locked account, a failed payment, an urgent document to review. A common Australian example is an email dressed up as a bank or the ATO, linking to a convincing but fake login page. The moment a staff member enters their credentials, the attacker captures them and can move on to the inbox, the banking portal, or the payment approvals that sit behind it.
Why it matters for Australian finance teams
Phishing is the entry point for much larger fraud. Stolen email credentials enable account takeover and business email compromise, which then drive payment redirection, the categories the ACCC’s Scamwatch and the Australian Signals Directorate rank among the costliest for organisations. For finance teams, a single successful phishing email against one person can expose supplier lists, invoice histories, and the ability to request bank detail changes from a trusted address. The initial theft of a password is small; the downstream payment fraud is where the real money goes.
How ezyshield helps
ezyshield cannot stop a phishing email from reaching an inbox, and it is not an email security gateway, so keep your filtering and awareness training in place. What it does is remove the payoff: even if credentials are stolen and a fraudulent bank-detail change is requested, ezyshield verifies that the person or business owns the account before money moves, and re-verifies on any change. See how it works and how we tackle payment redirection fraud.
Also known as: phishing attack, phishing scam
Last updated: 7 July 2026
Related terms
- Spear Phishing Spear phishing is a targeted form of phishing that uses personalised details about a specific individual or organisation to make the fraudulent message more convincing.
- Social Engineering Social engineering is the manipulation of people into revealing information or taking action, such as approving a payment, by exploiting trust, urgency, or authority rather than hacking systems.
- Email Spoofing Email spoofing is the forging of an email's sender details so a message appears to come from a trusted person or company, and is commonly used to make payment fraud look legitimate.
- Business Email Compromise (BEC) Business email compromise (BEC) is a scam in which an attacker hacks or impersonates a company email account to trick staff into transferring money or changing payment details.
See also: Business email compromise , Payment fraud prevention in Australia , Payment redirection fraud
Stop payment fraud before money moves
Verify the person, business, and bank account before any payment leaves your account.