How well are you protected against scammers?
October 1, 2020
Scams cost Australians millions, leaving people financially and emotionally devastated. And with the arrival of the Covid virus, a new suite of cons aimed at the greedy and gullible have appeared. In fact, according to the Australian Competition and Consumer Commission’s (ACCC) Scamwatch, Australians lost more than $A634 million to scams in 2019.
“Unfortunately, it is another year with devastatingly high losses, and scammers are constantly finding new ways to defraud Australians,” says ACCC deputy chair Delia Rickard.
Australians reported losing $2.5 billion over the past decade, which she describes as “astonishing”, although this probably underestimates the amount by a third, given the ease of access via the internet and the improved sophistication and psychology of scammers.
Business email-compromise scams accounted for the highest losses in 2019, with businesses, and some individuals, losing $132 million. Investment scams accounted for another $126 million, followed by dating and romance scams at $83 million.
A scam might last for months, often ending in tears. Most of us want to trust. We assume that others possess our own level of honesty and goodwill. Sadly, this is neither a sensible nor a safe attitude anymore.
“Over the past decade, scammers have taken advantage of new technologies, and current scams are using social media apps and new payment methods that didn’t exist a decade ago,” says Rickard. “In particular, a new trend with dating and romance scams is scammers contacting the victim on social media apps or games that aren’t designed for dating. Scammers can target you anywhere.”
Scammers target both individuals and sophisticated and well-protected businesses, with the latter targets generally being more lucrative. Scamwatch received almost 6000 reports of losses by businesses last year—the average loss was $11,000, but some individual businesses lost up to $200,000—with false billing the most common con used.
“These combined losses from the ACCC, other government agencies and the big four banks show how financially harmful these scams can be,” says the ACCC’s Mick Keogh. “Scammers [will] intercept legitimate invoices and change the details to include fraudulent payment information. The recipient will pay the invoice as normal and not realise they’ve been scammed.
“Another technique is to impersonate the CEO of a company and request staff transfer funds to them for a variety of reasons, such as to purchase gift cards as a surprise for other staff,” he says.
Now you tell me!
On a weekend, when we were all at home, I received an SMS from my boss’s number. He was needing me to purchase some gift cards for some overseas visitors, but was in too remote a location to get to an outlet. Would I buy the gift cards and then forward their ID numbers to him for activation? We often had overseas visitors in our office—it all sounded plausible. No, it was not too much to ask, I was going to the shops anyway.
At the checkout, I asked about purchasing some cards of higher denominations than those on display. “Oh, we keep them under the counter so that people don’t pick and purchase, as there’s a scam going around. Do you want to check with your boss first?”
Whoops! Saved.
“It’s important for businesses and their staff to know that these scams are out there, so they can learn how to avoid them,” says Keogh.
Scams start small—in my case, when they “accessed” my Qantas Frequent Flyer account and purchased a gift card, value $50, to see if they were being blocked or detected. Then they came back for more. And more, until the account containing some 300,000 points was emptied. I only became aware when I received a “thank you” from Qantas for my recent purchase. And in the top right-hand corner of the screen, my new points balance: 300. A desperate phone call and my half-dozen Qantas gift cards were cancelled and stolen points reinstated.
Then there’s “phishing” and its subtypes “whaling” and “spear phishing”—attempts to trick you into giving your personal information such as your bank account and credit card numbers and passwords—and “pharming”, where the scammer redirects you to a fake version of a legitimate website. This is done by infecting your computer with malware, usually in an email attachment, which causes you to be redirected to the fake site, even if you type the real address or click on a previously bookmarked link. Finally, there’s the good, old-fashioned “hacking”, where a scammer seeks access to personal information by breaking the codes that protect access to your computer, phone or network by subterfuge or trickery.
Scams target people of all backgrounds, ages and income levels; there’s no one group of people who are more likely to become the target of a scam. Scams succeed because they look like the real thing, catching you off guard. Scammers are both tech-savvy and psych-smart, creating convincing and compelling narratives.
Currently, scammers are taking advantage of people in financial hardship due to Covid-19 by attempting to steal their superannuation or by offering unnecessary services and charging a fee. At the time of writing in early August, Scamwatch had received more than 3600 such Covid-related reports, as people took advantage of government handouts and allowed access to superannuation.
“Unfortunately, scammers are using the uncertainty around Covid-19, or coronavirus, to take advantage of people,” says Ms Rickard. “We’ve had a wide variety of scams reported to us, including fake online stores selling products claiming to be a vaccine or cure for coronavirus, and stores selling products such as face masks and not providing the goods. Do not buy any products that claim to prevent or cure you of Covid-19. They simply don’t exist.”
Limit your exposure by never clicking on hyperlinks in text/social media messages or emails, even if it appears to come from a trusted source, never via a hyperlink of a third party. Scammers will impersonate official organisations such as the World Health Organization and government health departments, or claim to be from a superannuation or financial service.
“Most [professional] fund managers are fighting the scams,” says superannuation and investment funds manager Greg Nuttall of the GrowUp group. “They total in the millions each year; this is why there are multiple interactions (and lots of paper) when money moves around, all to ensure it’s the owner making the changes. It might be inconvenient, but it makes it safer. We’re all vigilant in our dealings, and still millions are lost.”
So, responding to unsolicited messages or calls is a no-no. To protect yourself, simply stay alert; quickly think about what you’ve got to lose rather than what you’ve got to gain; then tap delete or hang up.
Do’s and Don’ts
- Do be alert to the fact that scams exist. Always consider that an approach may be a scam. If it looks too good to be true, it probably is!
2. Do know who you’re dealing with. If you’ve only ever interacted online, do some research. If a message or email comes from a friend and it seems unusual or out of character, contact your friend directly to check.
3. Don’t open suspicious texts, pop-up windows or click on links or attachments in emails. Delete them: If it looks legit but you’re unsure, verify the identity through an independent source such as an old-fashioned phone book or online search. Don’t use the contact details provided.
4. Don’t respond to phone calls about your computer asking for remote access. Hang up, even if they mention a well-known company such as Telstra.
5. Do keep your personal details secure. Put a lock on your street-front mailbox and shred your bills and other important documents before throwing them out. Have you financials delivered to a PO box or your workplace.
6. Do keep your passwords and pin numbers in a safe place, being very careful about how much personal information you share on social media sites.
7. Do look for the secure symbol on webpages. Secure websites can be identified by the use of “https” rather than “http” or a closed padlock or unbroken key icon in the corner of your browser window. Legitimate websites that ask you to enter confidential information are generally encrypted to protect your details.
8. Keep mobile phones and computers secure. Use password protection with two-stage transaction confirmation (email or SMS).
9. Do keep an up-to-date virus scanning app on your computer—and back up content just in case.
10. Do protect your WiFi network with a solid password and avoid using public computers or WiFi hotspots to access online banking.
11. Choose your passwords carefully. Choose a password that would be difficult to guess and update regularly. Don’t use the same password across every account/profile.
12. Be wary of all requests for your details or money. Never send money or give credit card and online account details to anyone or an online site you don’t know or trust.
13. Be wary of unusual payment requests. Scammers will often use unusual payment methods, including preloaded debit cards, gift cards or a virtual currency such as Bitcoin.
14. Be careful when shopping online. Only use an online shopping service that you know and trust.
Lee Dunstan heads up Christian Services for the Blind and Hearing Impaired. He previously edited Signs magazine for 23 years.