Large sums are being taken from those unaware they’re being duped, writes Jason Murphy.
In late March, across Australia, hundreds of people received what appeared to be an email from Australia Post. It told them a parcel could not be delivered and contained an instruction to click a link for a shipping label to take to the post office.
Those who clicked that link, went to a website which directed them to another link containing dangerous software that could steal their identity or freeze their computer until a ransom was paid.
This is just one example a kind of fraud called “phishing”.
The term sounds like fishing for a reason: the bait looks good — but it has a harmful hook hidden inside.
The most common kind of phishing comes via email. You may have, for example, received a poorly-worded message from a “Nigerian prince” asking you for help moving a $10 million fortune. All he needs is your bank account details and you will get a cut of that pot of money.
That may be an obvious one to avoid, but attackers are getting far more clever. Their ploys may arrive via phone, text message, online selling sites or social media. They can impersonate anyone: banks, the tax office, utility companies, even the police.
Phishers are taking large sums. The Australian Competition and Consumer Commission says nearly $200,000 was stolen in February 2016 alone, a month in which it received 1800 reports of phishing attacks. Unreported attacks may be 10 to 20 times more numerous.
Veda Advantage fraud and identity solutions general manager Imelda Newton said the risks of identity fraud were growing constantly.
“Data is being recorded on a previously unseen scale and creates new risks for consumers and the vendors of these technologies as cyber criminals seek new opportunities to steal.”
ACCC deputy chair Delia Rickard says the most common phishing attack impersonates a bank, saying there has been a glitch, or that your card has been used overseas. In either case they ask for your bank account details. What happens next is where the damage is done.
“They will try to get into your account and take your money,” Rickard says.
“People need to know — banks have made it clear they will never contact someone asking them for their account details.”
Men and women are targeted evenly and those over 65 are the most vulnerable. Phishing fraudsters are constantly innovating and combining identity theft with other scams, Rickard says.
“The most novel one I’ve seen of late though is a Microsoft-style scam where they call up and tell you there is a problem with your computer, they need to fix it and there will be a small fee. This one usually hits elderly people. They want to be paid by online banking ... the elderly person doesn’t have online banking. So they then talk them through everything they need to do and in doing that they get their username, their ID, their password … they then hang up and go onto the online account and start draining it.”
What you can do
Rickard gave a few tips to avoid being a victim of fraud:
- Never, ever, give your bank account details to someone who has contacted you out of the blue.
- Never click on any links that are asking you to provide them with details.
- If you think the contact is genuine, call that institution back on their listed phone number — not the number given to you by a likely scammer.
- Use the Scamwatch website to learn more about the risks.
- Run antivirus software regularly – links might contain malware that downloads onto your computer and steals your information.