Online scams and attacks are surging and growing more sophisticated, conning thousands of people and companies out of millions of dollars.
How to detect and avoid online scams
Digital technology, social media and email have changed the world in the way we all communicate as it provides such great access to people and such detailed information.
The only problem is that they are giving crooks easier access to you.
Online scams are so sophisticated and appear so authentic that they are conning thousands of Australians out of millions of dollars. And the scams are like cockroaches — you can’t seem to kill them.
The worst scams doing the rounds to be aware of and avoid now are;
- Netflix: Fake emails claiming your account has been blocked because of payment issues and asks for bank details to resume service.
- PayPal: Fake emails wanting your bank details and passwords to confirm account.
- Tax Office impersonators: Telephone using an automated voice claiming you haven’t lodged a tax return and to call a number or legal action will commence immediately. A similar scam claims to be from a law enforcement agency.
- Gift Cards: Fake emails claiming you owe a company payment and they only want you to be paid by gift cards like iTunes, Google Play, Amazon and Australia Post Load&Go prepaid debit cards.
- ASIC: Scammers are even pretending to be the regulator and asking for personal details to renew business or company names online.
- Surprise inheritances or money owed: Usually posing as a lawyer or accountant, these scammers notify you they are holding money in your name from an inheritance or lost superannuation and want your bank details to transfer it over.
- Telco and energy bills: Fake invoices and statements from Telstra and Optus as well as Origin and AGL demanding immediate payment. Or they claim you’ve overpaid or entitled a refund and want bank details to send the money.
Social Engineer Attacks
- Phishing never seems to go away. These are authentic-looking emails supposedly from your bank asking you to click a link to the bank website and verify all your details and passwords. It’s a con.
- Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.
- Vishing the use of telephone calls to try and con you into providing personal details, payment for scams, or just trying to intimidate you into buying iTunes cards to cover some fine.
- SMiShing A form of phishing, SMiShing is when someone tries to trick you into giving them your private information via a text or SMS message. Smishing is becoming an emerging and growing threat in the world of online security.
- Business Email Compromise (BEC)is a form of email fraud. Typically, it involves targeting employees with access to company finances and using social engineering to trick them into making money transfers to the bank accounts of the fraudster. Often email spoofing is used to create an email pretending to be from the CEO, or a trusted customer
The list of digital attacks is almost endless, and we haven’t even got to pyramid schemes, dating scams and online shopping.
Now that we’ve scared you with ways you can be conned out, here are some key ways to protect yourself.:
- Never give your password, PIN, bank details or Tax File Number to anyone online or over the phone. Generally, no legitimate company will ask for those details online. If you’re uncertain, ring the bank or telco and check whether it is legitimate. If someone rings us and asks for us to verify our details, we’ll ask them to tell us what they have rather than us volunteer the information.
- Review your security and privacy details on social media and be careful with who you connect with.
- Choose passwords We must remember an enormous number of passwords across different accounts, but it is important to make them hard to crack. Use a password authenticator app or a password keeper.
- Check for clues on the authenticity of an email. Try these simple triggers to alert you:
- If there is a request to download something, PAUSE, and think, before you act.
- If there is a request to click a link, PAUSE, and think, before you act.
- If there is a request to enter personal details, PAUSE, and think, before you act.
- Beware of unusual methods of payment. A lot of scammers like to work outside traditional financial systems and processes. Anyone who wants payment by a gift card or virtual currencies (like Bitcoin) is usually a crook and probably into money laundering.
- Don’t agree to deals straight away. Tell the person who calls that you’re not interested or that you want to get independent advice before deciding. Then you can do more research to verify an offer.
- Check in with the Australian Competition and Consumer Commission, has a terrific website (scamwatch.gov.au) listing all the rorts they have come across. You can also sign up to their email ScamWatch which sends out constant warnings direct to your inbox, and follow their Twitter feed.
- Visit other great websites. Stay Smart Online (staysmartonline.gov.au ) is an online safety and security website designed to show people how to protect themselves, while ASIC’s Money Smart website (www.moneysmart.gov.au ) provides tips on how to spot investment and other money related scams.
- If it seems too good to be true, it probably is. The most powerful filter you have against scams is your gut feel. These offers are probably best avoided or, at least, need detailed verification.
Hopefully we haven’t spooked you too much, but you need to be on your guard.
For more information on these and other great articles, check our articles here: https://layer8securit2.wpengine.com/blog/