23 April 2020

In 2019, online fraud cost Australians at least $455 million1. And events like coronavirus present new opportunities for scammers to take advantage of vulnerability, so it’s more important than ever to remain vigilant. We’ve pulled together information about the four most common types of scams, tips on how to avoid them, and advice on what actions you can take if you’re impacted by a scam or cyber attack.

4 common types of scams and how to avoid them

1. Phishing and SMS-ishing scams

Phishing and SMS-ishing messages are sent to you, often pretending to be from legitimate organisations like a bank, utility provider or government agency. Cybercriminals send out millions of these fraudulent communications to random email addresses and phone numbers in attempts to coax people into providing their personal information or access to personal accounts for malicious purposes.

Phishing emails range from very simple all-text emails to sophisticated, well-written emails with very carefully crafted messages and graphics.

If you do give information to a cybercriminal operating a phishing campaign, they may attempt to take over your identity, compromise your online accounts, attempt to steal money from your bank account or attempt to conduct fraudulent transactions on your credit card.

What can I do to protect myself?

  • Always navigate to banking, government or utility provider websites directly, not via links in emails or text messages.
  • Look carefully at the suspected phishing message and spot anything not quite right, like tracking numbers, unusual names, funny attachment titles, odd sender names or sender email addresses and strange web addresses.
  • If you’re on a PC or laptop, hover your mouse over any links to see if they’re real websites, being careful not to click.
  • Research the sender, their email address or the subject line on Google to see if it’s been reported as malicious.
  • Get in touch with the organisation the email is supposed to be from using their official phone number (obtained from their website when you type in the URL - don’t use links or contact information on the email) to verify its legitimacy.
  • You can also check an organisation’s mobile app, social media presence or website to check whether something is legitimate.

2. Ransomware

Ransomware is a type of malware that denies access to files or computer systems until a ransom is paid.

You can expose yourself to a ransomware attack by:

  • opening unsolicited emails with malicious attachments, such as PDFs or Word documents which may also contain links to malicious websites
  • opening emails or files from someone you don’t know, or
  • clicking on malicious links within social media.

Ransomware infects a computer or a network of computers with malicious software that encrypts all files leaving computers unusable unless a ransom is paid.

Ransomware often starts off as a phishing email with a link to download the malicious software hidden in a Word document or PDF.

Cybercriminals usually accept ransom payments via a cryptocurrency like Bitcoin or Ethereum, given their greater anonymity. They don’t always send a key to unlock your files even if you do pay.

What can I do to protect myself?

  • Look carefully at emails you receive, particularly from unusual senders or organisations you don’t work with. Don’t click on links or open attachments if you’re not sure who sent them or whether they’re legitimate.
  • Keep your devices up to date with the latest software by installing updates.
  • Make backups of your valuable files and data on a regular basis and maintain them on a separate device (like an external hard drive or a cloud backup service).
  • Use anti-virus software and let it install the daily updates.
  • Disable macros in Microsoft Office software. These can be used to automatically download and install ransomware without you knowing.

3. Scams

Scams come in many forms including, but not limited to, “unbeatable deals” on high end and in-demand goods, phony invoices and infringement notices, as well as imposter romantic partners.

Scammers may attempt to extract funds from you with a promise of love and companionship, the sale of desirable goods at a bargain basement price or demanding you pay phony invoices and infringements under threat of arrest or imprisonment.

The scammer will reach out to you via a method appropriate for their scam such as a phone call, an email or instant message or even sometimes via internet and social media ads.

What can I do to protect myself?

  • Be alert to the risk of a scam if you receive a call, or repeated calls, from someone offering unsolicited advice on investments.
  • Keep an eye out for unusual links on social media such as to random websites, blogs or shops you’ve never heard of before.
  • Scammers impersonate genuine charities and ask for donations or contact you claiming to collect money. If you want to donate to a charity, get in touch with them on their official website, not off the back of a cold call.
  • If you’re unsure, talk the opportunity you’re considering through with a friend, family member or a financial adviser. They can help you do a sanity check of the “opportunity”, as scams can be hard to spot in the moment.
  • Never feel pressured to make a decision on the spot. Always take time at the end of an initial conversation to think about it and ask yourself “is this for real?”.

4. Investment scams

An investment scam is when someone contacts you out of the blue, via phone or email, with a chance to invest in a “once-in-a-lifetime opportunity”. They’ll often tell you “it’s the next big thing” or a “miracle cure that the world needs” but only if you buy in now and send the money through today. Once you send through your money, they might keep in contact if you can keep sending funds, but you’ll ultimately never recover the funds you’ve sent out.

Investment scams come in many forms including cryptocurrency purchase, binary options trading, business ventures, superannuation schemes, managed funds and the sale or purchase of shares or property.

What can I do to protect myself?

  • You receive a call, or repeated calls, from someone offering unsolicited advice on investments.  They might pressure you to act quickly and invest or you will miss out.
  • You receive an email from a stranger offering advice on the share price of a company.
  • An advertisement or seminar makes claims such as “risk-free investment”, “be a millionaire in three years”, or “get-rich quick”.
  • The scammer is operating from overseas and does not have a mandatory Australian Financial Services Licence.
  • The scammer offers you professional-looking prospectuses, brochures, share certificates or receipts, but their prospectus isn't registered with ASIC.

What to do if you think you’ve been impacted by a scam on ransomware attack

If you’ve been impacted by a scam or ransomware attack, there are a number of actions you can take:

1. Alert the organisation

If you’ve received a phishing email or SMS-ishing message pretending to be from a legitimate organisation, but haven’t interacted with it, forward it to the organisation’s scam-reporting inbox. At Macquarie, you can send these to scams@macquarie.com. If you’re reporting an SMS-ishing message, include a screenshot. If you’re reporting a phishing email, where possible, forward the email as an attachment.

2. Contact your financial institutions

Contact your financial institution and your advisers to let them know if you have interacted with a possible scam. Provide them details of:

a. what happened (for example, you clicked a link to X website and entered your username and password after receiving a text message you thought was from your bank),

b. when it happened (date and time) and

c. whether you’ve seen anything suspicious on your accounts like unauthorised transactions or password resets initiated without your consent.

If you need to contact Macquarie, you can ring us at any time on 1800 806 310 (or +61 2 8232 3333 from overseas)

3. Report the crime

Report the scam via the Australian Cyber Security Centre. Reports may be referred to the police for possible investigation.

4. Access help and support

If the scam has impacted you across multiple organisations, and you feel like you need help working through how to recover, you may want to reach out to IDCare, Australia’s scams, identity theft and cyber-crime charity counselling service. They can assist you work through the recovery process across the companies and institutions you deal with. Contact them via:

Phone: 1300 432 273

Website: https://www.idcare.org/

More information and guidance

For more information, you can access the following Federal Government resources:

Please share this article with colleagues, friends and family who might find it useful.