[Jonathan Leane]

A few Cyber scams to to be on the lookout for (and how to protect yourself)​

Cybercrime is big business these days, and scammers are always looking for new ways to rip off, swindle, or otherwise exploit people. Here are some of the most common cyber scams to be on the lookout for, and how to protect yourself from them.

1. The phishing scam

Phishing is a common tactic where scammers send out fake emails or text messages purporting to be from legitimate organisations such as banks, credit card providers or online stores. The emails or messages usually forward you to a fake (but often very convincing) website that asks you for personal information such as usernames, passwords or credit card details.

The scams can range from being relatively primitive (with obvious spelling or other grammatical errors) to extremely sophisticated. In some cases, the scammers may have already acquired some basic information about you (such as your name and some of the services you may use) so messages or emails can seem very authentic at first glance.

The above email may look like it’s from Google - it uses the typical Google font, colour scheme, and logo - but it’s actually a trap to trick you into sharing your password with a malicious hacker.

The ‘fake delivery notification’ phishing scam has ballooned in popularity over the last 12 months or so and usually involves receiving a fairly generic SMS like this:

In the above screenshot, clicking the link or replying will identify to the scammer that the phone number is valid, and almost certainly result in receiving far more unsolicited messages. The link leads to a page that asks for further information to ‘track your order’.

The best way to protect yourself from phishing scams is to be aware of the warning signs and always exercise caution when clicking on links (whether they’re in emails or sms messages) or entering personal information into websites.

Some of the warning signs of phishing scams are:

• The sms, email or website looks fake or is not what you were expecting.
• The email or website asks you to enter personal information such as usernames, passwords, or credit card details.
• The email or website includes poor grammar or spelling mistakes.
• The email or website asks you to click on a link.
• The email or website asks you to download a file.
• The email or website asks you to respond to an email.
• The email or website includes an attachment.

2. The malware / ransomware scam

Ransomware is a type of malware that locks you out of your computer or mobile device until you pay a ransom. The most common way ransomware is spread is through email, where the user is tricked into opening an attachment that contains malicious software. Once the ransomware is installed, it will encrypt files on the computer and display a message asking for a ransom to be paid in order to decrypt the files, usually with a warning that your data will be leaked and/or deleted if you don’t pay up by a certain deadline.

Ransomware scams have exploded in popularity since the rise of Bitcoin. While previously scammers would have needed to provide some form of account details for victims to deposit the ‘ransom’ into, these days they can get by with a relatively anonymous ‘wallet address’, making them far harder to track down.

There are a few things you can do to protect yourself from ransomware:

• Don't open attachments in emails from unknown senders.
• Make sure your computer's security software is up-to-date and run a scan regularly.
• Backup your files regularly and store the backups in a separate location.

If you are infected with ransomware, there are a few things you can do:

• Disconnect your computer from the internet.
• Contact a computer technician for help.
• Try to restore your files from a backup.

As with a real world hostage situation, paying the ransom is never a good idea. Aside from enabling these kinds of scams to continue, you have no guarantee that the attacker will release your files.

3. The tech support scam

Tech support scams are where scammers usually cold-call you (or trick you into calling their ‘support hotline’) and try to convince you that your computer or mobile device is infected with malware, and then offer to help you fix the problem. They usually do this by purporting to be from a reputable company (like Telstra, Microsoft, Apple, etc.) and asking you to download software or give them access to your device. This, in turn, gives them the opportunity to actually install malware and/or steal your data.

Remember, legitimate companies will generally never call you out of the blue to offer you technical support. If you're ever not sure if a call or email is authentic, simply hang up and call the company the original caller was purporting to be from directly. If the initial call was genuine, they will have a record of it.

There are a few things you can do to protect yourself from tech support scams:

• Don't call numbers that are given to you in unsolicited phone calls or emails.
• Don't give control of your computer to someone you don't know.
• Don't give out your personal information to someone you don't know.
• Don't pay for services that you don't need.
• Don’t be afraid to ask them to ‘prove’ that they are who they say they are.

4. The online shopping scam

Online shopping scams are where scammers try to convince you to buy fake or defective goods online. They usually do this by creating fake online stores or by sending fake or misleading emails about products.

To protect yourself from online shopping scams, always check the legitimacy of an online store before making a purchase. You can do this by looking for the store’s contact information, such as a phone number or address, and checking reviews online. You should also never click on links in unsolicited emails about products, and instead go directly to the product’s website.

To protect yourself from online shopping scams, you should:

• Only shop at reputable online stores.
• Avoid clicking on links or downloading attachments from emails that appear to be from reputable stores. Instead, go directly to the store's website to make your purchase.
• Never enter your credit card information into a website that is not secure. Look for the "https" in the URL, and make sure the website has a valid security certificate.
• Be careful when using coupons or discounts. Make sure the coupon or discount is legitimate, and that the website is reputable.
• Always read the terms and conditions of any online purchase before you make your purchase.
• Watch out for ‘last minute’ extra costs, like currency conversion or exorbitant shipping charges.

5. The online dating scam

Online dating scams are a reality and a danger that you should be aware of when looking for love online. These scams can take a variety of forms, but the most common is the promise of a romantic relationship that is too good to be true. The scammer will create a fake profile and start emailing or chatting with you, often professing their love very quickly. They may even send you gifts or money to try and get you to trust them. However, eventually they will ask you for money, usually to help them out of a difficult financial situation. They may even claim to be in danger and in need of your help.

To protect yourself from online dating scams, you should:

• Never send money to someone you have never met in person
• Be very suspicious of anyone who professes their love very quickly or who asks for money.
• Always do your research on any potential online dating partners before getting too involved with them. One basic tip is to run their profile images through a reverse image search engine (e.g. https://tineye.com/) and see if they show up on stock photo sites.

Some common related techniques to the typical ‘romance’ angle include:

The travel scam: The scammers ask you to send money so that they can buy a plane ticket to visit you, or so that they can travel to a different country to meet you.

The employment or visa scam: The scammers ask you to send money so that they can start a new job, or so that they can travel to your country to meet you.

The inheritance scam: The scammers ask you to send money so that they can inherit money from a wealthy relative (stereotypically a wealthy Nigerian prince).

6. The social media scam

Another close cousin of the online dating scam, social media scams are where scammers try to exploit you by using fake profiles on social media websites to befriend you. They then try to get you to share personal information or click on links that install malware on your computer or mobile device.

To protect yourself from social media scams, always be suspicious of unsolicited friend requests, and never provide personal information or click on links in messages from people you don’t know.

7. Tax scams

One of the most common cyber scams is tax-related fraud. In this scam, the scammer will pose as an ATO or other government official and try to get the victim to provide sensitive personal information or to make a payment.

If you receive a call from an unknown number or an Australian government agency that seems suspicious, do not provide any personal information and hang up. You can contact the ATO directly to check if the call was legitimate.

Signs that you may be dealing with a tax scammer rather than an official government agency include:

• Being threatened with arrest if you don’t pay immediately
• Demanding immediate payment through unusual means (like gift cards or cryptocurrency) over the phone
• Sending you links to login or update details on one of your government accounts (e.g. MyGov, Service Australia, etc.)
• Being told your TFN has been suspended or compromised

If in doubt, contact the Australian Tax office on 1800 008 540.

8. Identity theft scams

In this scam, the scammer tries to gain access to your personal information, such as your name, date of birth, address, and credit card details. They may do this by pretending to be from a legitimate organisation such as a bank or credit card company, or by sending you a phishing email.

There are a few reasons why scammers might commit identity theft. One reason is that they can use someone's personal information to commit fraud or other crimes. For example, they might use someone's personal information to open a credit card account in that person's name and go on a spending spree.

Scammers can also use stolen personal information to create fake identities. These can be sold on to other criminals for a variety of nefarious purposes.

What to do if you think you may be the victim of a scam

If you think you may be the victim of a scam, there are a few things you should do immediately:

1. Stop any communications with the person you think may have scammed you. It may be tempting to try to ‘reason’ with the person, but you are likely to be dealing with a seasoned criminal. Ongoing communication is likely to make things worse, not better.
2. Contact your bank or financial institution. Depending on the type of scam, your bank may be able to put a hold on money taken out of your account and/or cancel the account altogether if necessary.
3. If you think your identity has been stolen, contact IDCARE. As per the ACCC, “IDCARE is a free service that provides support to victims of identity crime. IDCARE can help you to develop a response plan to take the appropriate steps for repairing damage to your reputation, credit history and identity. Visit the IDCARE website at www.idcare.org or call 1800 595 160.”
4. Report the scam to the appropriate authorities. The ScamWatch report a scam webpage (https://www.scamwatch.gov.au/report-a-scam) is a good starting point. You should also report cybercrime on the ReportCyber webpage (https://www.cyber.gov.au/acsc/report).
5. Alert your friends and family. If your online accounts and/or identity have been compromised, it’s possible that the scammers’ next targets will be people you know.
6. Change your passwords. Note that you should only do this from a device that you think is free from any kind of virus or malware.

 

[Riverlandlass]

I haven't been caught out yet.........
Thanks for the info on who to contact if I ever do.

 

[Ricci]

You can't be too careful these days.

 

[Dougal]

Next time you get a call supposedly from Telstra, NBN wi-fi, Microsoft, etc about your faulty
internet; use the “Hermann Gruntfuttock” defence;
“What?” I hear you say.
One day the phone rang; silence.
When the silence goes on for a while you know it’s an Indian call centre’s autodial system
which automatically dials phone numbers in sequence until it detects a human voice, then
it transfers the call to the team of scammers.
Sure enough a very Indian voice asking me how am I, to which I replied by asking why are
you calling me.
“I’m from Telstra” she said, “We have detected a fault in your internet, so are ready now to
fix it for you” to which I replied, “Are you looking at my account at the moment?”
“Yes“ was the reply, following which I said “I’ll advise you of my name to make sure it is my
account you’re looking at”
Then I said “My name is Hermann Gruntfuttock, Hermann with two n’s; is that my account
you’re calling about?”
“Yes” was her reply, followed by me saying “Bye bye”
The other day I received yet another call supposedly from Telstra; so just in case they had
recorded Hermann Gruntfuttock as a dud, I used a different name.
My name is Norbert Goosecreature I said.
Did it work? ……………….Yes!
I’ll now need to come up with a new idiotic alias; got a suggestion?

 

[Riverlandlass]

I've found that if it's a number I don't know, I just stay mute, and if it's a scam call, they put the receiver down if no one speaks.

 

[SGH]

I always like when they ring and say they are calling about my Telstra account, I kicked them to the kerb years ago along with a reporting to the Telecommunications Ombudsman, hanging up is so satisfying. Also we recently got a new phone that tells us it looks like a dodgy number calling.

 

[DEL boy]

If I receive calls from numbers that I have not named, then I let them ring out. Should I pick up and say nothing as Riverlandlass does? We do not have a landline now, when we had, it was a silent number that enable me to call back from an unnamed caller to check.