The phishing and ‘social engineering’ techniques used by scammers
Scams come in many shapes and forms these days, from online fraudulent activity to phone calls, text messages, and even emails. The worst part is they're getting more sophisticated by the day.
Here at the SDC, we want to ensure you and other members are properly armed in the fight against fraudsters, which is why in this article, we will closely examine phishing scams and how they work.
According to the Australian Competition and Consumer Commission (ACCC), tens of millions of dollars are lost to phishing scams each year in Australia alone–and the figure is still on the rise.
So, it's important to be informed and educated to avoid being a victim. Here’s what you need to know about phishing scams and how they work.
Clicking this link will take you to a website where you’ll be asked to enter your personal details. However, the website is fake: it's a clever imitation of an official site and has been carefully engineered by scammers to copy your passwords and account numbers.
One example is the Medicare scam, where a fake email asks the recipient to provide their details by filling out a form provided in a link. You can read more about it here.
What's more, scammers now use 'social engineering' to commit higher-level crimes. This tactic relies on playing with people's emotions and behaviour to get what they want–access to your money.
Here’s how it works: If you received a message telling you to 'pay off an outstanding tax debt', you’d be automatically put into alert mode and you might skip thinking it over and researching to get it fixed as soon as possible.
This is where the scammers try to take advantage. They’re trying to push you into just clicking that suspicious link and entering whatever personal data is required.
There were also instances of scammers using AI to stage a kidnapping and ask for ransom. You can read more about this here.
According to Craig McDonald, Founder of Australian cybersecurity firm MailGuard, businesses operating within this shady world employ professional coders, developers, and other support staff from across the globe, selling and supporting their 'service' of stealing people's money.
These businesses will even buy a ‘phishing kit’, which usually contains the HTML (Hypertext Markup Language) assets and scripts to set up a fraud site.
Shockingly, you can get such a kit for as little as $10 or as much as $1,000.
Moreover, the latest machine learning and AI have made it almost impossible to detect these phishing scams.
Now, they can draft an email in perfect English thanks to AI copywriting services and also use the AI to check their code and do other tasks to cover their tracks.
Unfortunately, most phishing scams are under-reported, with only 13 per cent of scam losses reported to Scamwatch and about a third not reported to organisations. The actual costs of phishing are likely way higher than the official figures.
It is reported that shame and embarrassment are the main reasons why most victims of this type of scam don't report it at all.
What’s more important is to be aware of your own natural warning signs: Professor Turel's research found that fear, trust in the purported source of the scam message, loneliness, and sleep deprivation were the main risk factors for susceptibility to these scams.
Remember, if you spot any common warning signs, pause for a moment, take a deep breath, and take a step back. Don’t act immediately.
And if you’ve received a message from an email address or a phone number that you don’t recognise, don’t do anything until you’ve verified the identity of the source.
Make sure you adequately secure all your passwords and account numbers and be aware of the scams out there.
If you come across something suspicious, don't be shy to ask us here at the SDC about it. You can post at our Scam Watch forum. The more you know, the less likely you'll become a victim of fraud.
If you are concerned or notice any suspicious activity, please contact Services Australia's Scams and Identity Theft Helpdesk on 1800 941 126 or send a report to ACCC here.
Additionally, kindly seek advice from the Australian Financial Complaints Authority if you’re unhappy with how your bank has responded to your situation.
Have you seen or encountered a scam or something similar, members? Share your experience in the comments below!
Here at the SDC, we want to ensure you and other members are properly armed in the fight against fraudsters, which is why in this article, we will closely examine phishing scams and how they work.
According to the Australian Competition and Consumer Commission (ACCC), tens of millions of dollars are lost to phishing scams each year in Australia alone–and the figure is still on the rise.
So, it's important to be informed and educated to avoid being a victim. Here’s what you need to know about phishing scams and how they work.
The anatomy of a phishing scam
Phishing scams begin with a message sent to you, usually from an unrecognised email address or phone number. In the message, there will be an urgent call to action, often with a suspicious-looking web link provided.Clicking this link will take you to a website where you’ll be asked to enter your personal details. However, the website is fake: it's a clever imitation of an official site and has been carefully engineered by scammers to copy your passwords and account numbers.
One example is the Medicare scam, where a fake email asks the recipient to provide their details by filling out a form provided in a link. You can read more about it here.
What's more, scammers now use 'social engineering' to commit higher-level crimes. This tactic relies on playing with people's emotions and behaviour to get what they want–access to your money.
Here’s how it works: If you received a message telling you to 'pay off an outstanding tax debt', you’d be automatically put into alert mode and you might skip thinking it over and researching to get it fixed as soon as possible.
This is where the scammers try to take advantage. They’re trying to push you into just clicking that suspicious link and entering whatever personal data is required.
There were also instances of scammers using AI to stage a kidnapping and ask for ransom. You can read more about this here.
The global underground industry of phishing
Since phishing has become so widespread, it has even developed into a worldwide industry.According to Craig McDonald, Founder of Australian cybersecurity firm MailGuard, businesses operating within this shady world employ professional coders, developers, and other support staff from across the globe, selling and supporting their 'service' of stealing people's money.
These businesses will even buy a ‘phishing kit’, which usually contains the HTML (Hypertext Markup Language) assets and scripts to set up a fraud site.
Shockingly, you can get such a kit for as little as $10 or as much as $1,000.
Moreover, the latest machine learning and AI have made it almost impossible to detect these phishing scams.
Now, they can draft an email in perfect English thanks to AI copywriting services and also use the AI to check their code and do other tasks to cover their tracks.
Unfortunately, most phishing scams are under-reported, with only 13 per cent of scam losses reported to Scamwatch and about a third not reported to organisations. The actual costs of phishing are likely way higher than the official figures.
It is reported that shame and embarrassment are the main reasons why most victims of this type of scam don't report it at all.
Spotting the signs of a phishing attack
Ofir Turel, Professor of Information Systems Management at the University of Melbourne, suggested that one way to spot a phishing scam is to look out for typos and grammatical mistakes–although this may not be all that helpful anymore.What’s more important is to be aware of your own natural warning signs: Professor Turel's research found that fear, trust in the purported source of the scam message, loneliness, and sleep deprivation were the main risk factors for susceptibility to these scams.
Remember, if you spot any common warning signs, pause for a moment, take a deep breath, and take a step back. Don’t act immediately.
And if you’ve received a message from an email address or a phone number that you don’t recognise, don’t do anything until you’ve verified the identity of the source.
Protect yourself from phishers
The best thing you can do to protect yourself from phishers is to be prepared.Make sure you adequately secure all your passwords and account numbers and be aware of the scams out there.
If you come across something suspicious, don't be shy to ask us here at the SDC about it. You can post at our Scam Watch forum. The more you know, the less likely you'll become a victim of fraud.
If you are concerned or notice any suspicious activity, please contact Services Australia's Scams and Identity Theft Helpdesk on 1800 941 126 or send a report to ACCC here.
Additionally, kindly seek advice from the Australian Financial Complaints Authority if you’re unhappy with how your bank has responded to your situation.
Key Takeaways
- Phishing is the most reported scam in Australia, causing millions of dollars in losses each year.
- Scammers use 'social engineering’, which involves persuading someone to voluntarily disclose their personal information, often through counterfeit websites that appear genuine.
- The success of phishing scams hinges on manipulating victims' emotions, calling for urgent action that plays on fear, loneliness, or the promise of a reward.
- Australians who believe they've been phishing victims are urged to contact ACCC’s Scamwatch and Services Australia’s Scams and Identity Theft Helpdesk. Victims who are unhappy with their bank’s response may also report to the Australian Financial Complaints Authority.
Have you seen or encountered a scam or something similar, members? Share your experience in the comments below!