This article was issued by BT on 16 April 2024.
“My password has been hacked again. That’s the third time I’ve had to rename the dog.” apocryphal
Cyber scams are a pervasive threat in the digital world and their impact can be devastating.
The average amount of money lost to cyber-crime is $20,000 (1). For some, scams can even mean the loss of an entire life’s savings. Cyber-crime can be hard to identify and difficult to stop once it is underway.
From deceptive emails and texts to fake websites and advertisements, our online world is awash with attempts at fraud aiming to trick us into divulging sensitive information or sending money.
But by understanding the nature of these kinds of threats, staying alert to attempts at fraud, and adopting best practices for online safety, it is possible to protect yourself and your loved ones from loss.
This guide explains the main types of online scams you may come across and offers the latest best practice thinking on how to keep yourself safe.
What is a scam?
A scam is when someone tricks you out of your money (2).
Scams can take many forms – from something as simple as being tricked into making a payment to something as complex as someone gaining control of your personal information and passwords.
One of the common types of fraud in wealth management is identity fraud (3), which involves stealing personal information to impersonate someone for financial gain.
This can be achieved offline through stealing a handbag or wallet or using telemarketing cold calls purporting to be from a bank, the ATO, or an internet service provider.
More commonly, theft of personal identification information occurs online through fraudulent emails and text messages pretending to be from a familiar organisation, fake banking and payment websites, or malicious software code that takes information from computers. And increasingly, personal information exposed in a data breach can lead to identity theft and fraud.
Compromising a person’s identification information is just the start for criminals.
Once a criminal has access to an identity, they can use it for accessing and operating accounts, withdrawing money, or making requests for early releases of superannuation. This can have serious consequences, including financial loss and emotional harm.
Summary of the main types of scams (4)
Identity theft and fraud: stealing personal information to impersonate someone for financial gain, like credit card fraud.
Phishing and social engineering: deceptive practices to trick individuals into revealing sensitive information, often through emails, text messages, or fake websites. This can include romance scams where individuals are tricked into believing they are in a relationship, or extortion threats aiming to frighten people into giving away money or information.
Remote access: allowing a malicious actor to get unauthorised access to a computer, often by inadvertently clicking on links or downloading software. This can happen after being tricked into clicking on a link that looks legitimate or from someone claiming to be a tech specialist and requesting access to a system.
Investment scams: trickery aimed at encouraging investing in a fraudulent scheme, often through promising high and quick returns.
How to protect yourself
The first step in protecting yourself from a scam is staying alert and learning what you need to look for to spot a fraudster coming.
Scams succeed because they look real – and noticing the warning signs is an important step to protecting yourself.5
The Australian government’s ScamWatch service offers a three-step process: stop, think, protect.
Stop: Do not give money or information unless you are sure. Scammers will ask you to verify who you are and pretend to be from an organisation you trust.
Think: Ask yourself if the message or call could be fake. Do not click links in messages. Contact organisations through their official website or app instead.
Protect: Act quickly if something feels wrong. Contact your bank if you notice unusual activity.
So, what are some of the warning signs to look for?
In emails and messages, there is a chance something may be a scam if it asks you to take immediate action, transfer money, click a link or call a number, or log in to an online account. Other signs might be a sense of urgency in the communication, suggesting something is wrong or threatening to stop a service, charge a fine, or delay delivery of a package (6).
For phone calls, tell-tale signs are asking for personal information, suggesting you install software, promising easy money, or threatening you in any way. Scammers are also known to ask for one-time security codes which can lead to problems accessing devices. A newer scam involves asking for payments to be made through the widely available but poorly understood PayID payments system.
Cyber security
Keeping your phone, computer, and online accounts secure is an important way to avoid being scammed.
Here are some tips for things you can do to ensure criminals do not get access to your accounts:
Use multi-factor authentication
A critical weapon against fraud, using separate forms of identification to access an online service is a clever way to protect yourself. Usually, multi-factor authentication takes the form of a password and a separate code sent by text message, but increasingly many providers also use authentication apps that can be downloaded and set up on your phone.
Use biometrics
Most phones and many computers come with the ability to set a biometric login that requires your fingerprint or a scan of your face to log in.
Never share usernames or passwords
Keep your passwords to yourself and make sure they are hard to guess combinations of letters, numbers, and symbols. Use different passwords for different systems and applications.
Be careful online
Never click on links in unexpected emails or text messages. Do not open attachments to emails unless you are sure of the source. Never connect to free public Wi-Fi networks.
Be cautious on social media
Do not give out personal information unless you are sure it is secure and limit social media connections to people you know in real life.
Use virus protection software
Running high-quality software on your computer to scan, detect and prevent viruses, spyware and malware can help protect you. It is important to keep the software up to date.
Been compromised? Here’s what to do
If you suspect your personal information has been compromised, it's crucial to take immediate and comprehensive action to safeguard your finances and identity:
Contact your financial institution: Immediately inform your bank or financial service provider. They can implement extra security measures, halt account activity, reset passwords and security questions, and set transaction alerts to prevent financial loss. | Device clean-up: If there's a suspicion of malicious software, have a professional clean your personal devices. |
Update your device passcodes: Change the passcodes on all your personal devices as a precautionary measure. | Report to law enforcement: Inform the police or relevant law enforcement agencies about the compromise for official documentation and potential investigation. |
Change online passwords: Update the passwords for all your online accounts to secure them against unauthorised access. | Monitor your credit: Regularly check your credit report and subscribe to credit monitoring services to stay alerted to any changes in your credit file. |
Credit card security: Consider replacing your credit cards to prevent fraudulent transactions. | Seek professional help: Contact ID Care, a free service in Australia and New Zealand that assists victims of identity fraud and provides support in identity and cyber issues. |
References:
2. https://moneysmart.gov.au/publications-and-resources/money-tips-in-other-languages/beware-of-scams
Disclaimer:
This information is general advice. We have not considered your objectives, personal or financial circumstances. You should consider the appropriateness of the advice for your circumstances before making any decision.