The Phishbate Field Guide
Everything you need to know to avoid getting hooked. Consider this your survival guide for the internet's murkiest waters.
Phishing 101
The oldest trick in the book (and it still works)
Check the sender domain
Hover over the sender's email address. 'support@paypa1.com' is NOT PayPal. Scammers use lookalike domains with swapped letters, extra characters, or different TLDs.
Example: netfliix-support.com vs netflix.com
Hover before you click
Links can say one thing and go somewhere else entirely. Hover over links (or long-press on mobile) to see the real URL before clicking.
Example: Link says 'ato.gov.au' but goes to 'ato-refund.xyz'
Urgency = red flag
'Act within 24 hours or your account will be deleted!' Legitimate companies don't threaten you into clicking. If it feels rushed, it's probably a rush job by a scammer.
Example: 'Your account will be permanently suspended in 2 hours'
When in doubt, go direct
Never click links in suspicious emails. Instead, open a new browser tab and navigate to the real website yourself. If there's a real issue, you'll see it in your account.
Example: Got a 'bank alert'? Open your banking app directly.
Look for generic greetings
'Dear Valued Customer' or 'Dear User' means the sender doesn't actually know who you are. Your real bank knows your name.
Example: 'Dear Valued Customer' vs 'Hi Sarah'
Attachments from strangers
Never open attachments from unknown senders. Even familiar-looking file types (.pdf, .docx) can contain malware. If unexpected, verify with the sender through another channel.
Example: 'Please review the attached invoice' from someone you've never worked with
Spotting AI-Generated Content
The robots are writing, and they're getting better at it
Perfectly vague
AI loves to write things that sound impressive but say nothing specific. If a review, article, or post could apply to literally anything, it's probably AI.
Example: 'This product exceeded my expectations in every conceivable way'
No personal details
Real humans mention specific experiences — dates, names, quirky observations. AI generates generic content that lacks the messy specificity of real life.
Example: Real: 'Battery lasted 2 hours, not the 8 they claimed' vs AI: 'The battery life is exceptional'
Buzzword bingo
'In today's rapidly evolving digital landscape...' If you can play buzzword bingo with the text, AI probably wrote it. Humans write like humans, not like a corporate brochure.
Example: 'Foster innovation', 'leverage synergies', 'drive meaningful impact'
Suspiciously balanced
AI tends to present perfectly balanced arguments — 'While some experts disagree, others remain optimistic.' Real writing usually has a point of view.
Example: 'Some say X, while others say Y' with no actual conclusion
The email test
AI-generated emails are often packed with filler phrases: 'I hope this finds you well', 'at your earliest convenience', 'do not hesitate to reach out'. Real people write 'Hey, any update?'
Example: 'Per our previous discussion' vs 'As we talked about'
Too clean, too polished
Real writing has personality — contractions, humor, sentence fragments, mild typos. AI text is often grammatically flawless but soulless. Perfection is suspicious.
Example: A review with zero typos, perfect grammar, and absolutely no personality
Scam Survival Guide
If the deal seems too good to be true, it's because someone is casting a wide net
Too good to be true
PS5 for $150? $5,000 return on a $500 crypto investment in 3 days? Your brain knows this is wrong. Listen to it.
Example: 'Brand new iPhone 15 Pro Max — $200, must sell today!'
Upfront payments for 'prizes'
You never have to pay to receive a legitimate prize. If you 'won' something but need to pay a 'processing fee' or 'taxes', it's a scam. Full stop.
Example: 'Congratulations! Pay $49.95 shipping to claim your new laptop!'
Government threats by phone
The police, ATO, and immigration department will not call you to threaten arrest. They won't ask you to 'press 1' to avoid a warrant. Hang up.
Example: 'This is the AFP. A warrant will be issued unless you verify your identity now.'
Unsolicited job offers
Real jobs don't land in your WhatsApp DMs offering $65/hr for data entry with no experience. If a stranger offers you easy money, you're the product.
Example: 'Hi! We found your profile and want to offer you $50/hr for simple tasks!'
Payment method matters
Scammers love payment methods you can't reverse: gift cards, crypto, wire transfers, PayID to strangers. Legitimate sellers offer buyer protection (PayPal, credit card, in-person cash).
Example: 'Please pay via iTunes gift cards' — no legitimate business has ever said this
Pressure to act NOW
Scammers create artificial urgency because thinking is their enemy. 'Only 2 spots left!', 'Offer expires in 1 hour!' — legitimate businesses give you time to decide.
Example: 'This investment opportunity closes in 30 minutes!'
Ready to test what you've learned?
Put your new skills to the test. See if the scammers can still reel you in.
Take the Quiz