News

Australians lost more than $10 million to scammers last year. Follow these easy tips to avoid being conned.

  • Written by Damien Manuel, Director, Centre for Cyber Security Research & Innovation (CSRI), Deakin University
Scammers impersonating the Australian Taxation Office have fleeced Australians of more than $830,000. Shutterstock

Many of us start a typical day by checking our phones to read emails, social media posts and the weather. Our phones are trusted devices we use constantly throughout the day to communicate. But the trust we place in our phones, and the way we interact with the world, also makes it easy for scammers to target us.

Our evolutionary past also makes us susceptible to scams. Humans are curious social animals, which means we are more trusting than we should be. That’s especially the case when we’re dealing with people over the phone, email or via SMS, where we don’t have the normal body language cues we would subconsciously process when making decisions.

We are also susceptible to fear and other psychological tools scammers use to create a sense of urgency that tricks us into making irrational decisions and taking action. Simply being aware that scams are out there is not enough to protect us from them. We also need to change our behaviour.

Scam using branding and authority to make you click to see the confidential information. Damien Manuel

Read more: Why 'Nigerian Prince' scams continue to dupe us


Who are these scammers and what do they want?

Scammers come in all shapes and sizes. Some are individuals, others are gangs. The more sophisticated scammers are criminal syndicates and foreign governments looking for a way to subvert international sanctions and obtain money through cyber crime.

The motivations of scammers ranges greatly, but can include:

  • stealing intellectual property
  • tricking you to install malicious software (to steal your data or hold you to ransom)
  • stealing your identity so they can pretend to be you and conduct fraud
  • tricking you to part with your hard earned cash
  • gaining control of your device to steal information at a later date or using your device to attack other people you know.

What techniques are they using?

Scammers are experts at social engineering and use a number of tricks to build rapport, credibility and trust with their targets.

Modifying the caller ID is a simple way to build credibility by making a call or SMS appear to come from an authority like the Australian Tax Office. The rise of cheap Voice over Internet Protocol (VoIP) providers and other online tools has made it even easier for anyone to exploit the phone systems and “spoof” other numbers.

An SMS scam that uses urgency and fear of fines to get people to click a link. Damien Manuel

In the VoIP phone system, the person initiating the call defines the caller ID seen by the receiver. This is the same for traditional phone systems, however the lower price of VoIP and ease at which the caller ID can be modified without any technical knowledge (via a simple web page) makes it faster and cheaper for scammers to cycle through a number of fake caller IDs in a single day. It also allows them to move to a new source number or VoIP provider very quickly, making it harder for telcos in Australia to block.

There are legitimate business reasons for allowing the caller ID to be modified, such as when companies operating call centres want all outbound phone calls from their staff to appear to originate from a single “help desk” phone number.


Read more: New 'virtual kidnapping' scam targeting Chinese students makes use of data shared online


Email spoofing is also common and easy to do. This is where an attacker forges the email header, making the email look like it originated from a friend, authority or service provider, such as a bank. A key way to identify a spoofed email is to check the email address itself (the reply field) rather than just relying on the display name in the “from” field.

Most email clients (such as Gmail or Outlook) on desktops or laptops are capable of displaying email headers. Unfortunately email clients on most smartphones and tablets make it difficult to see the real source and often only show the forged “display name” information.

Phone and email are the two main scam delivery methods. Losses from attempts to gain your personal information rose by more than 61% between 2017 and 2018. This trend shows no sign of slowing down. Last year, Australians lost more than $10 million to scammers.

An example of a scam email. Damien Manuel

Signs of a scam

Ten common warning signs you are dealing with a scammer include the following:

  • being asked for password, PINs or other sensitive information
  • being told you are owed a refund
  • being told you have unpaid bills, unpaid fines from the police or a government department
  • being notified there is a problem with your email or bank account
  • being asked for urgent help
  • being congratulated on winning a competition (you didn’t enter)
  • being asked you to click on a link or open a document
  • being sent you an unexpected invoice to open
  • receiving a critical alert message with a link to click
  • receiving a tracking number and link for a delivery (you didn’t order).
A scam telling you your mail box full is designed to make you click on a link. Damien Manuel

Read more: More than just money: getting caught in a romance scam could cost you your life


Simple tips to avoid being conned

Firstly, don’t click on any links, don’t respond to offers to opt-out or unsubscribe, don’t call return calls from numbers you don’t recognise and, most importantly, don’t give out personal information – even if you think it isn’t important.

Remember, some scams are multi-step scams. The best thing you can do is to report the scam and tell your friends and family to be aware of the scam so they can modify their behaviours.

Scams can be reported to various government agencies, such as Scam Watch, the Australian Cybercrime Online Reporting Network (ACORN) and, in some cases, the service provider – for example, the ATO, Telstra, AusPost and the banks.

An example of a multi-step scam that validates your email is real and then harvests the credentials you enter. Damien Manuel

Damien Manuel is affiliated with AISA (Australian Information Security Association) as the chair, Oceania Cyber Security Centre (OCSC) as a director (representing Deakin University), mentor for CyRise founders (representing Deakin University), CompTIA as an exam writer and on the CompTIA Executive Advisory Committee in the USA and as an expert on the Standards Australia Committee for Information Security (IT-012).

Authors: Damien Manuel, Director, Centre for Cyber Security Research & Innovation (CSRI), Deakin University...

Read more

More Articles ...

  1. Women's fertility: does 'egg timer' testing work, and what are the other options?
  2. Cotton and rice have an important place in the Murray Darling Basin
  3. Gillette's corporate calculation shows just how far the #metoo movement has come
  4. Morrison's Vanuatu trip shows the government's continued focus on militarising the Pacific
  5. From robo calls to spam texts: annoying campaign tricks that are legal
  6. The big lesson from Opal Tower is that badly built apartments aren't only an issue for residents
  7. We're in the era of overtourism but there is a more sustainable way forward
  8. Are Australian classrooms really the most disruptive in the world? Not if you look at the whole picture
  9. Curious Kids: how do tongues taste food?
  10. 35 degree days make blackouts more likely, but new power stations won't help
  11. More than unpopular. How ParentsNext intrudes on single parents' human rights
  12. The Darling River is simply not supposed to dry out, even in drought
  13. Hidden women of history: Ruby Lindsay, one of Australia's first female graphic designers
  14. Weekly Dose: new drug MDPV, or 'monkey dust', found in Australia. What is it and what are the harms?
  15. What you need to know if your child with a disability is starting school soon
  16. New figures put it beyond doubt. When it comes to company tax, we are a high-tax country, in part because it works well for us
  17. Forcing Australia Day citizenship ceremonies on councils won't make the issue go away
  18. A current affair: the movement of ocean waters around Australia
  19. Venezuela is fast becoming a 'mafia state': here's what you need to know
  20. The future of the internet looks brighter thanks to an EU court opinion

Just in from around the World

 

LIfeStyle

Moving to Sydney: What You Should Know to Guarantee a Smooth Removal

Sydney is one of the most sought-after cities in the world, not just for travel but also for reloc...

What Exercises Should I Avoid After My Brazilian Butt Lift?

As you may already know, the Brazilian butt lift is a popular procedure because it removes excess ...

Finding the best barbers Melbourne

Unfortunately, most men do not enjoy the benefits associated with regular barbers. The barbershop ...

8 Skin Care Products Every Wander Woman Should Carry In Their Handbag

Every lady traveller needs to have things on her person that will make it easier for her to prepare ...