Scammer at work

Common Scams and how to avoid them

Two, high profile customer data breaches recently have exposed millions of Australians to a new wave of potentially devastating threats from scammers. To mark Scam Awareness Week 2022, we look at two of the most common forms of threat, and what you can do to protect yourself.

Added together, the Optus and Medibank data breaches have put sensitive customer data of roughly half of Australia’s adult population in the hands of cyber criminals!

Changing your password is an important first step when these breaches happen. But the days when a password change could make everything right again are long gone.

What makes these breaches so dangerous for customers who’ve had their data stolen is all the unchangeable, or hard to change data that criminals gain access to.
For example: full name, date of birth, next of kin, mobile number, email addresses, residential address, Medicare, driver’s license and passport numbers, bank and other service provider details.

Armed with just 3 or 4 items from that list it’s very easy for criminals to concoct highly personalised, believable cover stories with which to hoodwink victims.

Two common forms of attack these days are phishing and imposter scams.

Phishing

Phishing is a two stage attack where criminals first trick victims into divulging login or credit card details. Armed with that data, they then commit fraud.

Phishing attacks take many forms and are constantly becoming more sophisticated. But normally the criminal impersonates a service provider or government body, either by electronic communication, or with a phone call. Sometimes they just ask for details. But often, they direct victims to bogus web pages that look legitimate. The victims think they are logging in to a known website, but in fact are entering their log in details into a form controlled by the criminal.

Imposter scams

In this type of attack, the criminals first manage to impersonate close relatives or work colleagues. Soon after they request some kind of money transfer, usually for some urgent reason like an accident, or being stranded somewhere.

A new, and increasingly common form of imposter scam is the “Hi Mum” attack. This
typically starts with a text message from a son or daughter claiming they’ve changed their mobile phone number.

Protecting Yourself

Be Extremely Suspicious of ALL Information Requests and Surprise Notifications

Any time a service provider contacts you, asking for sensitive information, a request to login to their site, for updated information, or a password change, you should treat it as a potential threat.

Likewise, be suspicious of notifications about online orders you don’t remember making, warnings that an important account is about to be suspended, or debts you didn’t know about

NEVER trust links or contact information provided in the notification messages in question. Instead use publicly available contact details to reach out and verify the message.

NEVER Use the Same Password Twice

One of the first thing hackers do when they capture usernames and passwords from any site is try those same details on a list of high value sites such as email providers, financial institutions, Amazon, ebay and social networks. So, if you duplicate passwords, you’re extremely vulnerable and you should expect trouble!

Cyber security experts highly recommend the use of password management apps such as LastPass, Dashlane, LogMeOnce and BitWarden. These not only help you keep track of unique passwords and make it quicker to log into many sites; they also help you generate new, hard to guess passwords.

Keep Abreast of The Latest Scams

Scammers are constantly inventing new ploys to catch people off guard that can be stunningly clever. As such it’s worth keeping up to date with the latest methods.

www.scamwatch.gov.au is one trustworthy source of information that provides a lot of up-to-date information on new threats in Australia and ways to outsmart them. Make a point of checking this site regularly.

Should you ever be unsure whether someone requesting your financial details is a trusted source, don’t hesitate to get in touch for our advice.

This article is intended as an information source only and to provide general information only. The comments, examples, words and extracts from legislation and other sources in this publication do not constitute legal advice, financial or tax advice and should not be relied upon as such. All readers should seek advice from a professional adviser regarding the application of any of the comments in this article to their particular situation.