Don’t take the bait from a fresh wave of COVID-19 scams as fraudsters try old and new tricks to steal your hard-earned money.
Life in lockdown has given scammers more time on their hands – and Aussie consumers are paying the price.
There has been a surge in scam reporting, prompting warnings for people to be extra-vigilant about guarding personal data – especially when online.
From hacked Spotify accounts to impersonating the World Health Organisation, a wide variety of new attacks have emerged during the pandemic, scam specialists say.
In recent weeks we have seen:
- Consumer watchdog the ACCC warning of scammers purporting to be from government agencies and schemes including MyGov, JobKeeper and Medicare.
- The government’s early release superannuation scheme was temporarily suspended this month after the Australian Taxation Office detected “fraudulent activity” and there were reports of scammers stealing fund members’ money.
Phishing attacks by scammers are on the rise. Illustration: John Tiedemann. Source:Supplied
• NBN Co warned that scammers were using people’s reliance on being connected online to mislead people into thinking their NBN service would be disconnected if they did not give a “technician” online access to their computer.
• There has even been a five-fold increase in puppy scams, where fraudsters prey on lockdown loneliness by claiming to sell puppies that don’t exist and demanding payment online and upfront.
Cybersecurity firm Proofpoint’s Australia country manager, Crispin Kerr, said scammers had been carefully following the COVID-19 news cycle, “tying their attacks to updates on public health developments as well as government help for people in financial hardship”.
“Attackers have effectively been using social engineering to play into the fear, concerns, and interest this pandemic has caused,” he said.
Mr Kerr said cybercriminals had tried conspiracy theories, false claims of a virus cure, fraudulent promises of financial aid, and fake notifications indicating positive coronavirus cases nearby.
The Australian Securities and Investments Commission (ASIC) has been working with several government agencies and says all have experienced rising reports of people’s details being compromised.
ASIC’s Moneysmart.gov.au senior executive leader of financial capability, Laura Higgins, said COVID-19 had not only resulted in more people being online more often, but many were also feeling vulnerable or panicked.
“It’s more important than ever that people double check and triple check who it is they might be dealing with,” she said.
“If there’s a sense of urgency with a message – saying ‘you must decide now’ – that is a red flag, absolutely.”
Ms Higgins said there had also been a rise in cold callers offering bogus advice about investments or helping people withdraw their super.
“The scammers are very professional about it – this is their job,” she said.
“If someone’s calling to offer advice, hang up the phone and don’t engage.
“Understand that the government does not contact people to ask if they need help to manage the early release of their super.”
Online shopping is booming and is another area where customers need to be extra careful.
The ACCC says scammers have created fake online stores claiming to sell products that don’t exist. It suggests people try to detect fake traders by searching for reviews before purchasing.
Many scam shopping sites are “phishing” expeditions – where fraudsters try to steal your personal details and credit card data.
Global online fraud protection platform ClearSale’s executive vice president and partner, Rafael Lourenco, said criminals were using public interest in the coronavirus to “build more phishing sites than ever”.
He said the riskiest items for online shopping fraud included mobile phones, electronics, watches and jewels.
New research by ClearSale has found that Australians are unforgiving when victims of online fraud, and more than three quarters would never revisit a website where they were targeted.
“The loss of trust from a damaged reputation is potentially more harmful to a business than the monetary costs incurred from the act of fraud itself,” Mr Lourenco said.
WHAT TO DO
Proofpoint’s Mr Kerr said be wary of any phone calls or messages promising COVID-19 payments or information.
People can verify the authenticity of all requests by calling the government department or business directly or visiting their website – and not use the link or number provided by a possible scammer.
“Don’t provide your bank account number, usernames or passwords, social security number, or other personal information in response to any online requests,” Mr Kerr said.
“Verify websites are legitimate by clicking the padlock image on the left of the browser address and checking the name of the server is your desired destination.”
Mr Kerr said a majority of scammers’ attacks targeted individuals through their
email accounts “as it provides a direct line to potential victims”.
“Passwords truly are a critical line of defence between your data and finances, and a cybercriminal,” he said.
“We recommend the use of multi-factor authentication (MFA) if available for as many accounts as possible. If MFA is not an option for the account, a password manager is a good alternative.
“Change all personal passwords twice a year, never reuse passwords across accounts, and change business passwords every three months.”
The ACCC says during COVID-19 scammers have been pretending to be from banks, insurance providers, supermarkets, travel agents and telecommunications companies.
It says consumers should never provide a stranger remote access to their computer, even if the person claims to be from a telco company such as Telstra or the NBN Co.
And never click on hyperlinks in emails, texts or social media messages, even if they appear to be from a trusted source.