A single believable story can do more damage than a thousand dodgy emails. We sit down to untangle misinformation vs disinformation and why that difference matters when you’re trying to protect people, money and reputation. From clickbait headlines to “credible” reposts, we talk about how false information spreads across digital platforms in Australia, and why even well-meaning sharing can create real harm.

Then we get practical about cyber security. Think “phishing 2.0”: attackers soften the target with rumours, social proof and urgency, so the later link or attachment feels safe. We walk through scenarios like fake merger news, “highly confidential” PDFs that deliver malware, and the very real risk of deepfake video or audio being used to pressure finance teams into making transfers. We also dig into everyday traps like paid search ads that sit at the top of Google, QR codes that hand over account access, and AI-generated summaries that confidently repeat the same misinformation you were trying to fact-check.

The big takeaway is behavioural and process-driven: don’t trust by default, verify by design. We share clear steps like out-of-band confirmation, risk-based checks, and building a culture of healthy scepticism without turning work into a paranoia fest.