Outsmarting Scams in Australia: Prevention Tips

Outsmarting Scams in Australia: Prevention Tips

A quick review of some of the best strategies for avoiding scams in Australia, particularly phishing and email fraud.

While it seems we all like to think we are clever enough to outwit a scam, Australians collectively lost more than 480 million to scams last year.

Every year scammers get more sophisticated in the methods they use to part us with our money – or our valuable personal information. It’s important to recognise that even the savviest of us can fall victim to scams that are ever evolving to take us for a ride.

Let’s look at the scams that are having the most impact – and how to avoid them.

Phishing scams continue to reach new heights

The most common type of scam, and one that continues to increase in prevalence is known as phishing. The reason these scams are so common, is that unlike romance scams targeting those looking for love, or financial scams targeting investors, phishing scams target everyone – and everyone who has an email account, or a mobile phone is vulnerable.

There were nearly 109,000 phishing-related scam reports last year, with losses amounting to $26.1 million (up 6 per cent year-on-year).i

These may come in the form of text messages or emails from a scammer pretending to be a legitimate business or government entity you know and trust.

They are designed to convince you to provide personal information to steal your identity or to be able to access bank accounts and/or superannuation accounts. Or they can simply be asking you to part with your money to pay an overdue invoice, a “fine,” or tax debt.

There are also the scammers who pretend to be a person you know, in order to extract money from you. A classic that’s been doing the rounds is the “Hi mum/ dad” text where the scammers pretend to be one of your kids who has lost their phone and urgently needs you to transfer them money.

How to avoid getting caught

So, given how convincing these messages can be, how do you keep yourself safe? The best defence is awareness and knowing what to look for, so let’s look at some common characteristics of scam emails and texts and some of the methods commonly employed by scammers so you can be alert – and stay safe.

  • Urgent call to take action or threats – Scammers will often create a sense of urgency, telling you to take immediate action to claim a reward or avoid a fine or penalty. They are hoping you’ll react without thinking too much about it or checking the legitimacy of the message or email.

    Tip: be sceptical if a message is prompting urgent action and approach with caution.

  • Emails that look like they are coming from a trusted source – Scammers are often quite good at mimicking a business's branding and at first glance can look pretty convincing.

    Tip: Some of the red flags to look for are spelling mistakes or a generic greeting (if the message is from a provider, they should have your name on file).
    Check the email source carefully. Scammers use subtle misspellings of the legitimate domain name. Like replacing "o" with a zero or replacing "m" with an "r" and a "n".

  • Suspicious links – Scammers include links to online forms to capture your information that can look uncannily like the real thing and often send computer viruses and malware through malicious attachments. If you suspect that a message, or an email is a scam, don't open any links or attachments.

    Tip: Hover your mouse over, but don't click the link. Look at the address that pops up when you hover over the link and see if it matches the link that was typed in the message.

To visit a provider’s website rather than click on a link to a website manually type the official web address into your browser. You could also use a search engine to find the official website and log in that way.

With phishing attempts becoming ever harder to spot and avoid, it’s more important than ever to stay vigilant and equip yourself with tools to make sure you don’t take the bait. If you think you may have fallen prey to a scam, contact your bank and report the matter to Scamwatch.

i https://www.sbs.com.au/news/article/481m-in-losses-and-302k-complaints-the-scams-hitting-australians-hard/hg52ignc8

This article is intended as an information source only and to provide general information only. The comments, examples, words and extracts from legislation and other sources in this publication do not constitute legal advice, financial or tax advice and should not be relied upon as such. All readers should seek advice from a professional adviser regarding the application of any of the comments in this article to their particular situation.


Cybersecurity Essentials: Mastering Password Protection

Cybersecurity Essentials: Mastering Password Protection

Facing Australia's rising cybercrime rates head-on, our guide provides key insights into optimising your password security. Find out how to strengthen your defences and keep your digital world secure.

We spend a lot of time online and don’t often think about the risks involved. Yet if we are not careful, we can make ourselves vulnerable to criminal activity such as hacking, phishing, and identity theft.

The annual Cyber Threat Report announced in 2023 a 23% year-on-year increase in cybercrimes in Australia, amounting to a cybercrime reported every six minutes.i And according to the recent Cybercrime in Australia report also published in 2023, 47% of survey respondents experienced at least one cybercrime that year, with half of all victims experiencing more than one instance.ii

One of the simplest ways to protect yourself online is to ensure you have secure login credentials and to update your passwords regularly. So, if you haven’t updated your passwords for some time, below are some tips to ensuring stay secure online.

Stronger password security

Vary your passwords
The most common vulnerability is passwords. We have passwords for many things we do online, protecting our bank accounts, inboxes, and social media accounts to name just a few.

With the need for so many passwords, it’s easy to see why we often become complacent and choose the same one for multiple accounts. A 2019 Google/Harris Poll study found that 52% of respondents use the same password for multiple accounts and 13% reuse the same password for all their accounts.iii Not only does this put your accounts at risk of being compromised, using the same password can lead to hackers utilising your credentials as a way of identifying as you.

Get creative
It’s no surprise that the most common passwords are 123456 and admin– they are easy to remember, however they are also easy for anyone to guess.iv

Choose a password that’s at least 12 characters long with a mix of uppercase and lowercase letters, numbers, and symbols. Some sites will need you to do this when you sign up, and it is good practice even when not required. Avoid using easily guessed information like birthdays, names, or common words (such as user or password).

Password management
Remembering your passwords, especially those which are a unique combination of letters and numbers, can be tricky. Use a centralised password management system to record passwords. There are many to choose from so look out for ones that are encrypted with a strong algorithm to prevent hacking.

Use 2-step verification
Another way to strengthen online security is to use 2-step verification. This adds additional security by asking you for further details, such as a number sent to you as a text message or email, or using an authenticator application to verify your identity when you log-in.

More ways to keep safe online

Using anti-virus software is wise as it’s designed to provide protection against the latest viruses and other types of malware. It updates automatically so you don’t need to worry as much about having to be on top of the latest cyber threats. It’s also worthwhile backing up any important data.

Not all our interactions online are protected, so be sure to use secure networks and be careful about public Wi-Fi, such as the one you might use in a café, airport, or library. Public Wi-Fi is convenient, however if you are using websites that aren’t encrypted, this information is at risk. Look out for the lock symbol near your browser’s location field and check that the site address starts with ‘https’ rather than ‘http’ to be on the safe side.

Lastly, it’s the simplest solution but one that bears mentioning – keep your personal information private. Don’t share your log-in information unless absolutely necessary and don’t display your passwords somewhere that’s easy to find (such as a label on your phone or laptop).

These preventative measures can help you stay safe online and away from the risks of cybercrime.

Common passwords in Australia
1. Banned — 2 minutes to crack
2. 123456 — less than a second to crack
3. Admin — less than a second to crack
4. password — less than a second to crack
5. qwerty123 — less than a second to crack
6. 12qwasZX — less than a second to crack
7. Starwars29 — 3 seconds to crack
8. welcome11 — 2 seconds to crack

i https://www.minister.defence.gov.au/media-releases/2023-11-15/release-annual-cyber-threat-report-2022-23
ii https://www.aic.gov.au/publications/sr/sr43
iii https://services.google.com/fh/files/blogs/google_security_infographic.pdf
iv https://nordpass.com/most-common-passwords-list/

This article is intended as an information source only and to provide general information only. The comments, examples, words and extracts from legislation and other sources in this publication do not constitute legal advice, financial or tax advice and should not be relied upon as such. All readers should seek advice from a professional adviser regarding the application of any of the comments in this article to their particular situation.


Safeguard Your Small Business: Cybersecurity Must-Dos

Safeguard Your Small Business: Cybersecurity Must-Dos

Discover essential cybersecurity practices to shield your Australian small business from cyber threats. Learn to navigate the digital landscape safely and secure your business's future.

Cybersecurity has been in the news a lot lately. Australia recently witnessed large-scale data breaches that affected some of the country’s most prominent corporations. These highlighted that no business is impervious to cyber-attacks, which is why it’s especially important for small business owners to protect their businesses against cyber threats .

The Australian Cyber Security Centre (ACSC) Small Business Survey revealed that a staggering 62 per cent of the small to medium business owners surveyed had been victims of cyber-crimei. And these attacks come at a significant cost to businesses. Companies lost over $300 million last year due to cyber-attacks. Notably, the average cost per cybercrime reported to the ACSC rose to over $39,000 for small businessesii.

Given that digital data breaches can have a massive impact on a business, what are the challenges faced by small businesses and what are the best ways to keep yours safe?

Understanding Cybersecurity Insurance Options

Antivirus and malware security is an obvious starting point, but there is more to cybersecurity than signing up to a plan or downloading an app.

It’s important to understand what data your business holds, and in what locations. You might have data stored across numerous devices or services whether they are cloud-based or not, which increases the number of applications you need to keep secure. Multiple and numerous systems can also create more opportunities for a cybercriminal to attack, so streamline where possible.

Identify what information needs to be protected, thinking about legal requirements and confidentiality and security of information as well as what assets are most important to your company, including financial data, customer information, and intellectual property.

Effective Password Management Systems

The next step is protecting that information, which at the company level means encryption and using secure passwords. Consider implementing multifactor authentication for an additional layer of security to let the right people in and keep the wrong people out. This involves adding a secondary factor to your password, for example, a mobile phone number to receive an SMS with an access code.

Once you’ve reviewed your password protection, it’s time to think about how you keep track of them. Most businesses use a lot of applications, so password management tools are the best way to keep track of multiple, unique logins and passwords .

Regular Software Updates: Your Cyber Shield

Backing up data doesn’t just protect against cyber-attacks but also against human error and malicious actions as well as hardware failures and natural disasters. If you are using cloud-based applications, data back-up may seem easier as you are not having to manually back up things like hard drivers and servers. However, a note of caution – while the cloud is extremely secure, some providers still recommend doing regular backups with third-party services.

It’s also important to update software regularly to protect against the latest threats. You should regularly update your operating systems, web browsers, and other software to protect against malicious intent.

Cost-Effective Cybersecurity Strategies

Of course, maintaining a secure environment is also about educating your staff on how to avoid cyber-threats .

As well as having policies that describe how your business manages its infrastructure, it’s important that staff are up to date on how to actively avoid threats. All it takes is one person to click on a link in a dodgy email and your business could be vulnerable. The Australian government provides a useful resource for small businesses at www.cyber.gov.au/learn which includes modules and quizzes to help businesses educate their personnel.

Leverage Australian Government Resources

Finally, despite your best efforts, there is always a chance that your business may experience a cybersecurity incident. In such a scenario, it is important to respond quickly and effectively to minimise the damage and get back up and running as soon as possible. Make sure you have a defined process in place that describes who responds and what happens in the event of a breach so that you can react quickly.

Given the cost and time involved in recovering from a cyberattack , it’s worth putting a bit of thought into preventative measures.

The most common cyberattacks impacting small businesses are:

  • Scam emails and phishing attacks designed to elicit passwords or confidential information.
  • Business email compromise (BEC) emails impersonating a supplier requesting payment.
  • Malicious software including ransomware, viruses, spyware, and trojans.

If you're looking for professional advice on how to better protect your business, we're here to assist. We offer a free half-hour consultation aimed at understanding your needs and exploring how we can support you. Feel free to reach out; we'd love to help .

This article is intended as an information source only and to provide general information only. The comments, examples, words and extracts from legislation and other sources in this publication do not constitute legal advice, financial or tax advice and should not be relied upon as such. All readers should seek advice from a professional adviser regarding the application of any of the comments in this article to their particular situation.


Think you'll never fall for a scam Think again

Don't Fall Victim: How to Spot and Avoid Scams in Australia

Don't Fall Victim: How to Spot and Avoid Scams in Australia

With the increasing sophistication of scammers, anyone can become a target. Australians were expected to lose around $4 billion to scams in 2022, and no one is immune to these threats. Learn how to identify and avoid some of the most common scams in Australia, and protect yourself and your loved ones from becoming a statistic.

While it’s easy to think “it will never happen to me”, people who never expected to be victims of scams are actually among the most vulnerable to being taken advantage of. While the stereotype is that older people are the most likely to be scammed, Gen Xers, Millennials, and Gen Zs are actually more likely than seniors to report losing money to fraud.i

The reality is scammers don’t discriminate and people of any age or demographic who believe they are too smart to be tricked may be less careful and more likely to suffer a loss.ii And the losses are considerable. Australians were expected to lose around $4 billion to scams in 2022.iii

Here are some scams to be aware of that are doing the rounds:

Avoiding Scams from Trusted Brands and Government Agencies.

One of the most common scams at the moment is where a criminal pretends to be a trusted brand or government agency getting in touch to collect personal information or demand a payment. You may be contacted by email, social media, phone call, or text message and they will often direct you to an official looking website.

It’s easy to be taken in via text message as it can appear to be from a legitimate sender as the scammer uses ‘alpha tag’ technology to register a mobile number with a word or acronym – the ATO (Australian Tax Office) for example.

Beware of clicking on links and if you get a text message or call that doesn’t seem right, you can find the official contact details on the company’s website and call them to verify the scam.

Smart Shopping: How to Recognize and Avoid E-commerce Scams in Australia

Scammers prey on consumers and businesses that are buying or selling products and services.

As a buyer you may pay the money and never receive the goods you have paid for. To protect yourself be on the alert for scams - if the advertised price looks too good to be true, it probably is. For rental properties or holiday accommodation, only use reputable online booking agents.

As a seller, you may be tricked into believing the buyer has paid in full or even paid over your advertised amount, including sending falsified payment receipts to support their claim. The buyer may then request a refund for overpayment. To protect yourself, don’t accept a mobile payment from someone you don’t know and never accept or refund a deposit for more than the selling price.

False billing scams request you or your business to pay invoices for services or supplies you did not order so always double check and query demands for payment if in doubt.

Safeguard Your Identity: How to Prevent Scammers from Stealing Your Personal Information

Dating and romance scammers often make their approaches on social media or dating sites and will go to great lengths to gain trust. Protect yourself by never giving money or goods of value to someone you have never met in real life.

Scammers also appeal to our emotions by impersonating genuine charities to ask for donations after natural disasters or major events. To avoid being scammed approach charity organisations directly and check an organisation’s credentials on the Australian Charities and Not-for-Profits Commission (ACNC) website to see if they are a genuine charity.iv

Attempts to gain personal information

These include when a scammer gains access to your personal information by using technology.

Consider using multifactor authentication, a security measure that requires one or more proofs of identity to grant you access to any applications you use regularly and change passwords regularly, making sure to choose secure passwords.

Taking a little extra care to be aware and alert to the possibility of being scammed could save you a lot of heartache. Of course, we are here to help if you think something may be a little suspect.

i https://consumer.ftc.gov/consumer-alerts/2022/11/fraud-reports-and-losses-not-just-grandparents-story
ii https://www.finrafoundation.org/sites/finrafoundation/files/exposed-to-scams-what-separates-victims-from-non-victims_0_0.pdf
iii https://www.news.com.au/finance/money/costs/australia-to-cop-4-billion-scam-loss-in-2022-according-to-scamwatch/news-story/890e469b4b05a6c950e3cb6b4f83f56c
iv https://www.acnc.gov.au/charity/charities

This article is intended as an information source only and to provide general information only. The comments, examples, words and extracts from legislation and other sources in this publication do not constitute legal advice, financial or tax advice and should not be relied upon as such. All readers should seek advice from a professional adviser regarding the application of any of the comments in this article to their particular situation.


Scammer at work

Common Scams and how to avoid them

Scammer at work

Common Scams and how to avoid them

Two, high profile customer data breaches recently have exposed millions of Australians to a new wave of potentially devastating threats from scammers. To mark Scam Awareness Week 2022, we look at two of the most common forms of threat, and what you can do to protect yourself.

Added together, the Optus and Medibank data breaches have put sensitive customer data of roughly half of Australia’s adult population in the hands of cyber criminals!

Changing your password is an important first step when these breaches happen. But the days when a password change could make everything right again are long gone.

What makes these breaches so dangerous for customers who’ve had their data stolen is all the unchangeable, or hard to change data that criminals gain access to.
For example: full name, date of birth, next of kin, mobile number, email addresses, residential address, Medicare, driver’s license and passport numbers, bank and other service provider details.

Armed with just 3 or 4 items from that list it’s very easy for criminals to concoct highly personalised, believable cover stories with which to hoodwink victims.

Two common forms of attack these days are phishing and imposter scams.

Phishing

Phishing is a two stage attack where criminals first trick victims into divulging login or credit card details. Armed with that data, they then commit fraud.

Phishing attacks take many forms and are constantly becoming more sophisticated. But normally the criminal impersonates a service provider or government body, either by electronic communication, or with a phone call. Sometimes they just ask for details. But often, they direct victims to bogus web pages that look legitimate. The victims think they are logging in to a known website, but in fact are entering their log in details into a form controlled by the criminal.

Imposter scams

In this type of attack, the criminals first manage to impersonate close relatives or work colleagues. Soon after they request some kind of money transfer, usually for some urgent reason like an accident, or being stranded somewhere.

A new, and increasingly common form of imposter scam is the “Hi Mum” attack. This
typically starts with a text message from a son or daughter claiming they’ve changed their mobile phone number.

Protecting Yourself

Be Extremely Suspicious of ALL Information Requests and Surprise Notifications

Any time a service provider contacts you, asking for sensitive information, a request to login to their site, for updated information, or a password change, you should treat it as a potential threat.

Likewise, be suspicious of notifications about online orders you don’t remember making, warnings that an important account is about to be suspended, or debts you didn’t know about

NEVER trust links or contact information provided in the notification messages in question. Instead use publicly available contact details to reach out and verify the message.

NEVER Use the Same Password Twice

One of the first thing hackers do when they capture usernames and passwords from any site is try those same details on a list of high value sites such as email providers, financial institutions, Amazon, ebay and social networks. So, if you duplicate passwords, you’re extremely vulnerable and you should expect trouble!

Cyber security experts highly recommend the use of password management apps such as LastPass, Dashlane, LogMeOnce and BitWarden. These not only help you keep track of unique passwords and make it quicker to log into many sites; they also help you generate new, hard to guess passwords.

Keep Abreast of The Latest Scams

Scammers are constantly inventing new ploys to catch people off guard that can be stunningly clever. As such it’s worth keeping up to date with the latest methods.

www.scamwatch.gov.au is one trustworthy source of information that provides a lot of up-to-date information on new threats in Australia and ways to outsmart them. Make a point of checking this site regularly.

Should you ever be unsure whether someone requesting your financial details is a trusted source, don’t hesitate to get in touch for our advice.

This article is intended as an information source only and to provide general information only. The comments, examples, words and extracts from legislation and other sources in this publication do not constitute legal advice, financial or tax advice and should not be relied upon as such. All readers should seek advice from a professional adviser regarding the application of any of the comments in this article to their particular situation.


How to spot and stop financial abuse

What is financial abuse and how do you stop it?

What is financial abuse and how do you stop it?

Until recently, financial abuse was often kept secret, especially where it occurred within the family. Thankfully that’s changing with public awareness campaigns and help becoming more readily available.

The emotional and economic damage caused by financial abuse can be far reaching and devastating. A recent Australian report calculates that in 2020 alone, financial abuse victims lost $5.7 billion while the cost to the broader economy was $5.2 billion.i

Nearly one in 30 women and one in 50 men suffer financial abuse each year, according to the Deloitte Access Economics report The Cost of Financial Abuse in Australia, 2022. These figures are almost certainly an underestimate, the report adds.

There are no typical victims of financial abuse: those affected are of all ages and means. Sadly, the abuser is often a friend, carer, partner or family member.

What is financial abuse?

Financial abuse is when someone uses your money without your permission, prevents you from getting access to money or takes charge of your financial decisions.

These days, financial abuse is considered a form of domestic and family violence, taking away your independence and leaving you feeling vulnerable and anxious. Victims may also suffer physical violence and emotional abuse.

The most common type of financial abuse is withholding income or controlling how it is spent, according to the Deloitte report. But there are other forms of abuse that can be equally harmful such as making a partner liable for a joint debt, preventing someone from working, refusing to contribute to household expenses and refusing to contribute to the costs of raising a child.

Many victims also suffer flow-on effects of the abuse such as financial hardship and stress, leading to mental health issues. Some may also lose their home.

In some cases of family violence, one partner takes control of the couple’s finances, preventing the victim from leaving the relationship. In others, where the victim does manage to leave, the abuser may continue their abuse using tactics such as expensive legal action or disrupting the victim’s work or business.

Recognising the signs

Victims of financial abuse may not be aware of the abuse for some time, allowing perpetrators to empty bank accounts, deplete investments and incur large debts in the victim’s name.

The federal government agency, Services Australia says the warning signs include:

  • taking or using your money without your permission
  • not being allowed to work
  • having to account for how you spend your money
  • withholding financial information from you
  • spending any government payments you receive without your consent.ii

Incurring debts in your name is another form of financial abuse. Your partner may spend more than you agree on your credit card, pressure you into co-signing a loan with them, or take out a loan in your name, according to Australian Family Lawyers.iii They may also limit your educational opportunities by, for example, preventing you from enrolling in studies that could advance your career.

Older people and those living with disability can be particularly vulnerable to financial abuse if they rely on others for help and advice. Financial abusers may take money from their bank accounts or wallets, ask an older person to change their Will, take jewellery or other valuable items from their home, or take control of their decisions using a Power of Attorney when they are still capable of making their own decisions.

Where to go for help

If you or someone you know is suffering financial abuse, a number of free and confidential resources are available.

The MoneySmart website provides information about free legal advice at community legal centres or legal aid centres, and a number of suggestions if you need urgent help with money.

You can also find free and confidential counselling for family violence, abuse and sexual assault at: 1800RESPECT (24 hours a day, seven days a week)
1800 737 732

For crisis support, contact Lifeline (24 hours a day, seven days a week)
13 11 14

We understand that it can be difficult reaching out for support if you feel you or someone you love is being taken advantage of financially, especially if a family member is involved. Please call us if you would like a confidential discussion about safeguarding your finances.

i https://www.commbank.com.au

ii https://www.servicesaustralia.gov.au/what-family-and-domestic-violence?context=60033#a8

iii https://www.australianfamilylawyers.com.au/information-centre/signs-of-financial-abuse

This article is intended as an information source only and to provide general information only. The comments, examples, words and extracts from legislation and other sources in this publication do not constitute legal advice, financial or tax advice and should not be relied upon as such. All readers should seek advice from a professional adviser regarding the application of any of the comments in this article to their particular situation.