Published Oct 06, 2022 by Xiph
Everyone can be duped online, no matter how tech-savvy or shrewd we think ourselves. That’s because online scams are the most opportunistic and deceptive of all frauds – you rarely see one coming until it’s too late. Online scammers often use sophisticated social engineering techniques to trick unsuspecting victims into handing over information or money (or often both).
It’s not surprising that Australians lost a record $2 billion to scams and online frauds in 2021, according to the Australian Competition and Consumer Commission (ACCC) Targeting Scam report. To help you dodge online scammers, we’ve compiled a brief guide to the most common online scams and share tips on how to stay safe online.
Who’s most vulnerable to online scams?
With more services, businesses, and activities shifting online, everyone can be a victim of online fraud, whether that’s identity theft or some type of online transaction fraud. Contrary to popular belief, it’s not just the rich and elderly that are more at risk of online fraud. Scams target people of all backgrounds, ages, and income levels, as well as businesses, and not-for-profit organisations.
Common online scams to watch out for
Here are some of the most common online scams to be aware of and how to avoid them.
1. Buying and selling online scams
Online shopping scams can involve fake classified websites, scammers pretending to be legitimate sellers or buyers online or on marketplaces, or fake businesses asking you to pay fake invoices or follow fake tracking links to track products or services you didn’t order. Always check that any online payment gateway you encounter is secure and always think twice before making any online money transfers. On the flip side, if you're selling products online, don’t send off your product(s) before receiving payment.
2. Identity theft
Scammers use all kinds of sneaky tactics to steal your personal details. This may include simple ones like fake online profiles sending ‘friend’ or chat requests, phishing emails trying to trick you into handing over personal information, or remote access scams that ask for control of your devices to fix a problem you don’t have. Most identity theft scams will come from fraudsters pretending to be a legitimate agency like a bank, internet provider or telco company, or a government department like the Australian Taxation Office (ATO). Please remember that banks, utility companies and government departments never ask for account information through email.
3. Prize & lottery wins
Everyone likes a surprise win, right? Don’t be lured by unexpected winnings. These scams try to trick you into giving money upfront or your personal information to ‘verify’ your identity and claim a prize from a lottery or competition you never entered. Remember that if you didn’t enter a competition, you can’t win a prize. If you think you may have inadvertently entered a competition or sweepstake, look up the company online, quiz their customer care team and ask for a letter of confirmation. In any case, you should never have to spend money to receive a prize.
4. Investment scams & pyramid schemes
News flash – there’s no quick way to make money or we’d all be filthy rich. Any investment opportunity offering you a big payday or ‘guaranteed returns’ is likely to be a scam. Steer clear from get-rich-quick schemes altogether, because the only thing you’re guaranteed is to lose money. Some common ones include cryptocurrencies, phony job listings, multi-level marketing (MLM) schemes, mystery shopper scams, etc. Investment scams were the highest loss category ($701 million) in 2021, according to the ACCC. Any investment opportunity that promises a high return with little or no risk is likely to be a scam. This includes sporting and betting scams too.
5. Fake charities
Fake charity scams prey on your goodwill to make bank. They usually involve scammers impersonating genuine charities to ask for donations or your bank details to make a donation ‘pledge’. Charity scammers often set up fake websites which look similar to those operated by real charities. Some scammers will call or email you requesting a donation. These types of fraud are often more prevalent after natural disasters or major events when people are more willing to help others.
6. Inheritance scams
This type of scam is usually an e-mail advising that you have won or inherited a large sum of money (usually from overseas) and will ask you to provide banking details or other information to access or receive the money. Some scammers have even used details from banks, including the Reserve Bank of Australia (RBA) to seem more legitimate. Please remember that no bank will ever ask you to allow the transfer of personal funds into or out of Australia. Additionally, only an executor of the estate would be notifying you of any inheritance and they wouldn’t be asking for your details via email.
7. Romance/online dating scams
Romance scams were the third highest loss category ($142 million) in 2021, according to the ACCC’s Targeting Scam report. This type of fraud plays on emotional triggers to get you to provide money, gifts, or personal details. Online dating scammers often pose as prospective companions to take advantage of people looking for romantic partners, often via dating websites, apps, or social media. They (the scammers) often claim to be in love (often quite early in the relationship) and show their victims lots of attention until they begin asking for ‘favours’. Scammers typically create fake online profiles to lure you in and may even take on the identities of people traditionally seen as trustworthy like medical or military personnel.
8. Payment redirections
Payment redirection scams, also known as business email compromise scams − involve scammers impersonating a business or its employees via email and requesting an upcoming payment be redirected to a fraudulent account. Scammers will often target new or junior employees who may be less familiar with finance approvals and processes. They may also intercept business emails with invoices attached and change the BSB and account number before onforwarding to the intended recipient. Payment redirection scams caused the highest losses to businesses with combined losses of $227 million in 2021, according to the ACCC’s Targeting Scam report.
9. Jobs & employment scams
Employment scams are false job opportunities or fake job ads on classified ad websites. Some job scammers may even contact you via email or phone (usually via encrypted messaging platforms like WhatsApp) offering you ‘an exciting’ or ‘high-paying’ employment opportunity you can secure with a small fee. They will typically ask for the payment to be made via PayPal so that the transaction is untraceable from your bank account.
10. Medical & ‘miracle cures’
Online scammers set up fake online pharmacies or dodgy healthcare products websites to sell you medicines and drugs at low prices that you’ll never receive or may try to sell you ‘cure-all’ products, medicines, and treatments for a hefty fee. Only buy medication recommended by your doctor and from a reputable pharmacy chain.
Tips to prevent being scammed online
Here are some easy preventative steps you can take to avoid being scammed online:
Always be on the lookout for scams: Always consider the possibility of a scam when dealing with uninvited communications or requests for personal information or funds, whether that’s from people or businesses. This applies to emails, social media sites, and even phone calls. Never send money or give your credit card details, or copies of personal documents to anyone you don’t know. Lastly, never agree to transfer money or goods on behalf of someone else – this could be a money laundering attempt which is a criminal offence and ignorance is not a legal defence.
Don’t share your personal or financial information online: This includes passwords, PIN numbers, or bank account details. Legitimate companies and banks will never ask you for these details by email or over the phone. Remember that you put yourself at greater risk of identity theft anytime you share any personal information like your phone number, address, birth date, and so on.
Read more: 8 easy tips on how to stay anonymous online
Never open suspicious texts, pop-up windows, or malicious links: As a rule of thumb, don’t open or click on anything you receive from an unknown source before you verify their identity/legitimacy. A quick online search should turn up some answers. It’s also important not to click on attachments in emails you receive from someone you know before confirming, as you may be dealing with a phishing attempt.
Don’t invest your money willy-nilly: Any plans to invest money should be thoroughly researched before making any decision. As a rule of thumb, don’t give your money to companies that don’t have an Australian Financial Services (AFS) licence which is a mandatory requirement to provide financial services in Australia. If they say they don’t need an AFS licence, they’re lying and probably dodgy. It’s also advised to avoid companies not registered with ASIC.
Always use secure sites: This goes without saying but always use sites that have 'https' in the web address which indicates that a site is using a Secure Sockets Layer (SSL) Certificate and that the connection between your web browser and the website server is encrypted. This is particularly important if you’re making payments online.
Read more: HTTP vs HTTPS: Which is more secure?
Review your privacy and security settings online. Start with reviewing your privacy settings on social media sites like Facebook and Instagram, then move on to your app permissions and cookie policies. Changing your privacy settings gives you control over what and with whom your online information is shared.
Read more: 8 easy tips on how to stay anonymous online
Use a virtual private network (VPN): Hackers and cyber criminals often target public Wi-Fi networks to sniff out any sensitive information to exploit. Always use a VPN to mask your traffic and data and disguise your IP (Internet Protocol) address.
Don’t give anyone remote access to your computer or devices: If you get a call or an email from a company or internet service provider asking for remote access to your computer – run for the hills. It’s likely a scam and scammers often pretend to represent well-known internet service providers like Telstra or TPG.
Protect yourself from online scams
When it comes to protecting yourself from online scams, knowledge is power. For more information on all the ways cyber criminals can target you or your business, contact us via email: enquiries@xiphcyber.com.
Posted in: Security