How to report suspicious messages
Forward (then delete) suspicious emails to phish@stjohn.org.au
How to spot a scam
Think before you respond. Is St John really contacting you?
- Verify unexpected invoices or bills sent to you from St John by calling us direct on 1300 St John (78 5646).
- We’re stopping the use of links in unexpected texts.
- If you get an unexpected text message claiming to be from us, don’t click on the link.
- We’ll never ask you to download programs directly from our site. We’ll always direct you to the appropriate download source.
- When sending phishing emails, criminals sometimes set the sender’s name as “St John Ambulance Australia”. This doesn’t mean our systems have been breached, it simply means a criminal is impersonating our brand. An example is shown below.
Forward (then delete) suspicious emails to phish@stjohn.org.au
Example of a fraudulent message #1 - Overdue invoice scam
These screenshots demonstrate how criminals attempt to phish St John customers by sending emails that appear to come from a legitimate St John email address.
Criminals will often use language that creates a sense of urgency to trick the recipient into taking action.
The example shown above encourages the recipient to view a fake overdue invoice. If the recipient clicks the 'View Invoice' link, they are asked to login with their Microsoft account credentials to view the fake overdue invoice. The criminal would then take a copy of the Microsoft credentials entered by the recipient and may use them to gain access to other online services.
Example of a fraudulent message #2 - Medicare Kit Prize Scam
This message entices recipients to click a link in order to claim their exclusive prize of a Medicare Kit. The scammers have built an online shop that appears legitimate and encourages recipients to complete a survey and then enter their credit card details.
