Already started an interview? Just login to your account and continue where you left off...

Staying Safe Online

Keeping you safe while using Well.

Hi there! So you would like to know more about phishing e-mail attacks in other words fake e-mails, you are in the right place.

We, as Well Home Loans are all about educating our customers, whether it is financial topics, mortgage terminology or Internet security we are dedicated to inform our customers and add value to community.


What is Phishing Attacks?

Phishing attacks, in simple words, are e-mails targeted to individuals in order to gain access to their personal information. The information the attackers might be after can be, usernames, passwords, personal information such as date of birth, address and etc.

The most common methodology attackers use for these attacks are to impersonate an actual legal body or a company and either refer the victims to their fake website or even worse make them install a malware on their computer.


Why your Antivirus/Antimalware software alone can't protect you?

E-mail is one of the oldest Internet protocols out there and some of the exploitations available to cybercriminals are related to its age. It wasn't designed having security in mind however, software we have today in both e-mails servers and clients are smart enough to filter out most of the maliciously intended messages.

Although we have these sophisticated security solutions in place, it's not so easy to filter out phishing e-mails. One of the reasons for this is, phishing e-mails can blend in as a legitimate, benign e-mails due to the nature of how they work. They don't carry a malicious payload that can be directly scanned by security software. Instead they either inject the malicious payload into a regular attachment such as a document file or they will ask the victim to click to a link that will trigger the download of malware.

Don't get me wrong, I'm fully advocating for everybody to use an antimalware solution, especially one that is scanning your mailbox against phishing and other type of malicious e-mails, however being an educated user is the most important aspect in order to keep yourself safe from 'social engineering' attacks. That is why large organizations train their employees on a regular basis in order to protect their IT assets, they don’t even trust on their expensive security software alone when it comes to social engineering attacks and you shouldn’t as well.


What are some tell signs of a Phishing E-mail?

Attackers don't have to adhere to a certain structure, however there are some common points you can check to see if an e-mail is sent out from a legitimate source.

This green bar showing the company/institution name is proving the authenticity of the website you are connected to.

  • Sender Address: Always check for 'From' field of an e-mail address. Although this can be spoofed, you might be able to catch some of the phishing e-mails sent just by evaluating the domain name (the part that comes after the @ sign) of the sender address.
  • Spelling: The messages generated may contain spelling and or grammar mistakes. This is due to them being generated via automated software rather than written by a person.
  • Call to Action: It is common for these messages to invite the recipient for some sort of action. This might be, paying your bill, viewing your invoice, updating your password or something similar that would create a sense of urgency, aiming to get pass the skepticism you might have to the content in front of the you.
  • Threats: The messages may contain a threat that would imply negative affects if you fail not to comply with their call to action. Threat can be anything from account suspension to penalty fines and can vary depending on the type of message you have been sent.
  • Hyperlinks: Hyperlink is the technical term for a piece of text having an action bound to it that takes you to a webpage upon mouse click.
    Most of the e-mail clients allows you to view the link when you hover over the text.
    It is best to analyze the linked URL to see:
    • a. If the domain name matches the real domain name of the institution they claim to be. Be real careful because attackers usually try to get a real close domain name to the actual one.
    • b.If the link starts with a 'HTTPS://'. If you have been sent a request for something that requires privacy and security that webpage should be SSL encrypted therefore should start with 'HTTPS://'
    • c.However having HTTPS in front of it alone is not enough to identify authenticity of a website. Make sure the SSL certificate can state the institution's correct legal name. Certificate Authorities conduct series of identification challenges before processing these SSL certificate requests, hence an attacker can't obtain this certificate to use on their fake website.
  • Attachments: Be careful about is attachments. Companies and institutions almost never will send you private information such as invoices as a direct e-mail attachment. This would be a huge risk for them because they would be trusting another party other than their own to secure their and practically their customer's data.
    Common practice would be to take you to their website and allow you to view the document once you can authenticate in other words prove your identity. Keep in mind that, this is also how attackers might get access to your username and password, so it's very important that you visually analyze the website they referred you to.
  • Check its address and SSL certificate for authenticity: As a rule of thumb, do not trust any attachment you receive that claims to have private information. Especially executable files, however lately cybercriminals was able to inject malicious code inside regular Microsoft office documents and PDF files so you are never %100 safe unless you really trust the sender.

Further actions you can take to protect yourself for phishing attacks?

Unfortunately there is no end all be all solution to protect yourself from cybercriminals. They will always come up with new strategies and we as online service providers and you as an online service consumer would always have to keep ourselves up to date as possible in terms of knowledge.

However, there are dedicated Australian government websites that are regularly updated to inform Australian people from such attacks and security outbreaks in various types of technologies. You may join to their e-mail alert list as well to receive weekly digests and urgent notifications upon a detection of a new attack type.

ScamWatch - https://www.scamwatch.gov.au

Backed by Australian Competition and Consumer Commission (ACCC) this websites goal is to educate Australian businesses and consumers against scammers and provide guidance on securing themselves against such scams. Make sure you subscribe to their e-mail alerts for receiving regular updates and stay ahead of the hackers.

Stay Smart Online - https://www.staysmartonline.gov.au

Stay Smart Online program is similar to ScamWatch however its covering a broader range of attacks. On top of scammers, stay smart would also send you notifications on various types of IT security exploits that have been discovered. It's being managed by Cyber Crime and Security Branch, Attorney-General's Department and provides valuable information to Australian people in terms of the digital security.

Here is a summary of actions you have to take in order to increase your chances against malicious e-mails:
1 - Have a reliable antimalware solution that receives regular updates and provides security against phishing e-mails.
2 - Learn common tell signs of scam e-mails, so you are better prepared to identify them yourself.
3 - Subscribe to e-mail alert lists that can provide you up-to-date and reliable information on recent attack types and forms, you are on alert for those.


It all comes down to experience and knowledge

Hopefully, after reading this article you are now better informed of the evil minds behind the phishing attacks that are designed to get pass our software security mechanisms and targeting our human nature via something security experts calls 'social engineering'.

As I've mentioned before, what you should aim is to develop a sceptical mindset and an intuition to detect malicious communication you may receive. How you build this is related to your knowledge and understanding of Internet and digital world in general, the more you know better you are prepared.

What home loan is right for me?

Determining which loan is right for you depends on a number of factors including your credit history, loan amount, property location and employment situation. We help you to better understand your situation and ascertain which Well Home Loans product is most suitable during our interview.

If you're refinancing

Refinancing with Well could see you better off in the long run. Understanding your options is just the first step.

If you're purchasing

Use our purchase scenario to understand your borrowing capacity and the most suitable product.

Investors or Owner Occupiers are welcome

If you're a property investor or just live in your home, explore our solutions above or just get straight to it and apply.

Skip the marketing and apply now »

We make it easy to find a loan that suits you

With just a few simple products, we reduce the stress of having to search through thousands of home loans only to be presented with a few hundred to choose from. A Well home loan is designed with you in mind and caters for your situation.

Well Balanced

A good credit history and can provide evidence of their income.

Borrow up to 95% of the value of your property.

Well Easy

A home loan for those who don't quite meet the mainstream criteria.

Borrow up to 95% of the value of your property.

Well Restore

For those with recent credit impairment, this home loan is designed to help.

Borrow up to 95% of the value of your property.

Steps in the well process

 

Step 1 - Apply

You can apply via our online application interview. The whole interview can now be done from the comfort of your own home, in your own time.


Step 2 - Verify

A single trip to Australia Post to verify your identity (much like getting a passport) and upload your financial documents for us to review.


Step 3 - Approval

Now we're rolling! This is where we'll provide you with the decision on whether or not we can lend you the money that you've asked for.


Step 4 - Finalise

This is always the most exciting part of any loan. Getting your home loan settled and either moving into your new home, or relaxing with the savings off your old loan.

How we assess your situation

Most other lenders have rigid eligibility criteria, and if you don't fit their mold then you don't qualify for a loan. At Well, we've tailored home loans that can fit different situations.

What you earn

We look at what you earn over a different period of time than a traditional lender. This can suit those that show irregular income over shorter time frames.

What you owe

Using rough percentages isn't the best way to work out exactly what you owe to other people. We get the right information to help you see the bigger picture.

What you spend

Looking at what you actually spend rather than just relying on benchmarks means we know more about your situation. Who even has 2.3 kids anyway?

What's your history

No Credit Scoring! We look at each record on your credit report to get a proper picture of you and your credit history. We don't like to put a score on people's lives.

Home loans shouldn’t be hard

No gimmicks, no hidden fees, no hidden rates. Just simple, easy home loans. The way it should be.

Open and honest

It's about time there's more transparency in the lending process. Why hide it, when we can hopefully help you learn more.

More free time

You can apply online in your own time and at your own pace. No waiting around for someone to visit or ring you.

All about you

We don't rely on benchmarks, averages or estimates. We ask about you and your life, to easily fit the right loan.

Better by design

Choose the features that you want in a home loan. We don't force you to take a bundle of features just to get a lower rate.

Chat 24/7 via Facebook Messenger

Meet Jewell.
Our chatbot with a name that's spelt a little different. Always on and never judging, you can talk about your financial situation, with no embarrassing meetings or phone calls. Just help. When you need it.

Give it a go, right here - just hit the "Send to Messenger" button.

Discover the right solution for you

We're not a stuffy old bank. We're a modern online home loan provider.