Amongst the stress and anxiety that the COVID19 pandemic has brought on the world, is an additional threat that’s emerged: scammers. As restrictions have forced us to spend more time online and stay home longer than ever before, you may have noticed an abundance of phishing emails, false texts with suspicious links and emails with PDF attachment links that urge you to download malware. Whether they’re trying to inflict a virus onto your device or obtain your bank details, The Australian Competition and Consumer Commission’s (ACCC) Scamwatch reported that in 2020 Australians lost a reported $176.1 million to scams, which was up by 23% when compared to data from 2019.
The ACCC reported that in July 2021 alone, Australians lost a combined $27.1 million to scams. Due to stay-at-home orders, due to the COVID19 Delta variant, NSW residents were the most financially impacted, accounting for 37% of the amount lost. This is particularly prevalent for those who have less experience with identifying misleading emails and fake text messages or calls. Additionally, in July 2021, there was an 11% increase in the number of scams that were being reported to the ACCC. There were more than 26,700 reports which breaks a record as the highest number of scams in the last 10 months.
We give you some tips to spotting a scam in its tracks, to avoid financial losses, with some extra hints from a cyber security expert.
- Spot a scam in its tracks
We asked a cyber security expert, how you can first spot a scam.
“There are new campaigns being run by scammers to try and entice you to either click on a link, or overly share some private information. These have been getting more sophisticated than those we have seen in the past, as they may sometimes look very convincing, or be coming from a number that is only a digit or two different from your own.
This means the scammers are getting smarter at understanding how people interact with their messages and phone calls. I know personally if I see a phone call coming from a number starting with 04… I would have safely assumed it was a legitimate call from a friend or company I’ve recently done business with. Turns out, phone numbers are extremely easy to spoof. Simple pieces of software can manipulate outbound calls to ensure that the calling number that shows up on your phone’s screen, looks very similar to your phone number. The number is not actually where the scammer is calling from and might belong to a real person, some people have returned missed calls from these scammers, only for the person on the other end to be totally confused why a stranger is telling them that they called them. It’s an incredibly cheeky tactic, that seems to be working. If you answer one of these calls, don’t give away any personal information and hang up as soon as you suspect it is a scam.”
- Say no to investment scams
One scam that’s become quite common as of late is investment scams. Unlike traditional scams that tend to target older Australians, those aged between 25 to 34 are victims, losing the largest amount of money to this new type of scam. These scams are often sophisticated in appearance, and use fake platforms, websites and social media accounts, posing as financial professionals. These scammers often contact you to encourage you to make a hasty decision to invest and threaten you with the risk of losing out if you aren’t timely, using the idea of FOMO (fear of missing out.) They may lure you into my offering a ‘no risk’ opportunity, which as we logically know in the investment world there is no guarantee. They also could entice you with quick returns and offer ‘inside information’ about shares that will immediately increase in value, which again cannot be guaranteed.
On social media, they may pose as a friend or another connection that you trust, reaching you via instant message, posting on their own profile feed or in groups.
- Do your research before clicking
A scam we are seeing a lot lately is one that indicates you have a delivery coming, sent with a link to track it. With most of us engaging in a lot of online shopping as of late, this scam doesn’t seem out of the ordinary and is a text or email we’re used to receiving. Our iPhones are even grouping the texts under the legitimate ones from AusPost that we’ve received in the past, making it even less obvious that the link is a scam. One way to work out whether this message is legitimate or not is to copy and paste the tracking number at the end of the link, rather than clicking the link itself. Then, paste it into Australia Post’s website and if no data returns, you know the tracking number is not real. Naturally your first response is to click the link, so instead, take a moment to remember whether you’ve ordered anything recently, or whether this text is out of the blue and fishy. It’s always better to be safe than sorry.
Our cyber security expert gave us some insight: “Once the user provides some form of action (a click, or a tap), there are unlimited amounts of attacks and/or possibilities that the scammer can be employing. All it takes is one user interaction, and an app can be silently downloaded onto your phone and hidden from view. Some of these apps impersonate your banking app so next time you open your banking app, you may be surprised to see a slightly different log on page, asking for your client banking credentials. If you receive a text message from an unknown number with a link either pretending to be a voicemail, parcel tracking link or something else, look at the link, usually it is random words and letters not a URL to a trusted website.”
- You’ve clicked the link – now what?
You fell for it, but it happens to the best of us. Unfortunately, as our cyber security expert has indicated, the sky is the limit once you’ve interacted with the scam. “It all depends on what phone you are using, or the Operating System on your computer, as to what the attacker might be able to do. For example, if you open a sketchy email on a Windows XP computer (remember those?), which have hundreds or thousands of known vulnerabilities, the attacker could simply install some malware, or take control of the computer and track keystrokes. On the other hand, if you tap on the link on your iPhone, the scammer may struggle to find a flaw in the system that allows them to steal your data. These attacks are generally configured to only work on a particular Operating System or particular device (Andriod or iPhone), but when they send the text messages en masse, they don’t discriminate who they target, they are just trying to cast the net as wide as possible.”
However, the best thing we can do in this situation is to first remain calm. “If you find yourself in a situation where you have clicked a malicious link, the impacts can vary wildly. Firstly, I would ensure I am keeping a look out for anything out of the ordinary on my device going forward. If something looks different, or weird that you don’t expect, then there may be cause for concern. Secondly, If I have spotted something out of the ordinary, I would try to remove the malware through some sort of anti-malware software (e.g. MalwareBytes). The final step if I am still feeling uncomfortable would be to change critical account passwords from a different device, including your email account, banking account and potentially social media.”
- Protect yourself for the future
Often, we have to learn the hard way, but it means we’re unlikely to make the same error in the future. One way to protect yourself from falling victim to scammers again is virus protection software.
“For iPhone or Android phones, I would never recommend installing any anti-malware… they will often cause more damage than good. On a PC, I would ensure my Windows Defender is operating correctly and not throwing any alerts.
You obviously can take this further depending on your IT skills, such as utilising a network DNS filter which can detect and block malicious websites for all your devices on your Home WiFi, or even use a VPN with inbuilt detection capabilities. Your best bet for staying safe against scammers is to remain vigilant and informed. The human behind the phone or computer is often the easiest target… not the device or software itself.”
