The discussion on scamming is incredibly important for raising awareness and giving residents and retirees the tools needed to be safe online.
Like it or not, scams are becoming more prevalent in our day-to-day lives, and it is not uncommon to hear about hacking, data breaches, and all kinds of scams. Now more than ever, it is vital to be street-smart and learn the basic skills that will help you identify and respond to scams.
Before we dive into some examples of scamming, let's briefly touch on the difference between a scam and a hacking incident.
How are scams different to hacking or viruses?
A scam is different from traditional hacking or a virus because:
- They target the person, not the device (Computer, Smart Phone, Tablet).
- They attempt to deceive the person, so they become complicate in the scam and will assist them in their actions.
At first this may sound extremely scary, however by examining the situation, we can build a series of skills to help us identify a scam and prevent it from taking place.
In 2022, the most common type of scam is known as the phishing scam. Whilst this is spelt with a ‘ph’ it shares its meaning with the traditional word fishing, and in the same way you catch a fish, the scammer will dangle some ‘bait’. This may be:
- A positive message such as: “you have a package waiting for you”; or
- A negative message such as, “an illegal payment has been made, login to cancel”.
The main purpose of the bait is to entice the person to act. If you happen to receive a random message asking you to act, do not click.
So, how do you spot a scam?
If you receive a phone call or a message in the form of a text or email, and it meets any of the criteria below, its highly probable that it is a scam. Always consider the following:
- Does the communication have ‘bait’?
- Does the communication want you to act?
- Does the communication provide you with a link or button to press?
Regardless of the negative or positive bait, most professional organisations will state that something is happening on a text, but not provide a link.
Here are two common examples as illustrated below:
- A text message communication for the Australian Taxation Office may be seen as bait because there is a positive action, however, the biggest indication that this is a legitimate communication, is that it is not asking for any further action to be taken via the text.
There is no link to click. If we received a communication that showed “Click here to claim your $1000 rebate now” then that would ring some alarm bells because we have a positive message that is asking us to take immediate action.
- MyGov will often text us “You have a new message, login to view it” but will never provide us a link to click in the message.
These tips do not mean that in our use of the internet we will never receive links in communications. For example, when we want to reset our password, we are often emailed a link to do so. It is important to consider if we have initiated any action.
In the example of a password reset, we would only receive the email after going to a website or app and then requesting to reset our password. So, we can be fairly certain that it is a legitimate communication and one we started/requested.
You can apply the same rule to phone calls. Have you called the bank and requested a call back? If so, then maybe it is a legitimate call. If not, then treat it with scepticism.
Bendigo Bank login scam
Let’s now look at another example of a text message from a bank. The scammer is claiming the account is under review and to restore it, the user must click the link and login. We can see that there is bait in this text.
When receiving a communication like this, do not click on the link, but instead contact the bank via its registered phone number. Remember, to prevent the scam, take no further action.
This scam works by having the victim login to the scammer’s website instead of the real bank, this will allow the scammer to capture the login details of the user, including access id (username/account number) and password. Scammers will go to a lot of trouble to make these scam websites as convincing as possible, below are two screenshots comparing the real Bendigo Bank website (Right) to the fake Bendigo Bank website (left).
Ask your bank about installing two-factor authentication on your devices and your bank accounts. Two-factor authentication is an identity and access management security method that requires two forms of identification to access resources and data. It gives people the ability to monitor and help safeguard their most vulnerable information.
When you receive a phone call, text, or email claiming to be from a company that wants you to act immediately, always take a step back and slow down. It is then recommended you take the following steps below:
- Ask yourself, am I trying to be lured into action?
- Have I initiated this conversation (if a phone call comes in from an unexpected number)?
- Does the other party want me to take some imminent action?
For example, login to your bank account?
- Would there be a negative action taken against me if I do not take the action? (threat)
On a final note, if you feel suspicious, always proceed with caution. Call a family member or neighbour and ask them what they think? Call the correct company from
a different device and ask them if its real or not.
Never login and transfer money or provide your banking details unless you have initiated the action for your own benefit.
This information in this article has been supplied by Jack Harris from Peninsula Interactive. Visit www.peninsulainteractive.com for more information.