You might think you know all there is to know about online scams, and that you’re safe from online criminals. That’s dangerous thinking because the world of online scams is evolving in new and dangerous ways.
According to the ACCC’s most recent report, Targeting Scams in 2022 Australians lost at least $3 billion to online scams and fraudsters.
That’s a staggering quantity of money, but it’s not as though online scams are a new phenomenon.
You’ve probably heard at least a little about online scams, and you might figure that you’re not going to fall for those pesky emails from overseas royalty claiming that you’re going to inherit billions.
But frankly, if that is what you’re thinking, you’re way out of date, and possibly just a little too overconfident. That overconfidence could cost you a lot, just like it did the unfortunate Australians who lost that $3 billion.
That’s because what the ACCC highlights is how online scams are changing, and what we need to look out for.
Text Message scams are on the rise
You may have hit headlines last year talking about the “Hi Mum” scam and how it was fooling Australians into sending money to relatives to help them out of a tight spot.
It turns out that Mum was far more prevalent than anyone realised, with the ACCC’s report pushing SMS-based scams to the number one slot on the scammer chart for the most common way to target Australians. Some 79,835 people reported SMS scams, comprising 33% of all reported scam problems in 2022.
That number is undeniably the tip of the iceberg. I can say that with confidence because I got dozens of scammy SMS messages pretending to be from (variously) Australia Post, the ATO, most of the major banks and many online retailers to boot.
I didn’t report those ones to the ACCC – I feel confident they’ve seen them before – but the problem is undeniably quite widespread.
How to protect yourself from SMS scams
Treat every SMS as potentially suspect. Yes, even those ones from your family members are sending you pictures of how cute the new dog is. Who knows what the dog gets up to in its spare time?
More seriously, if you do get an SMS alert from any business, government department or retailer, never click on any of the supplied links in any way at all.
Go to your computer, or open up a fresh web browser on your smartphone, head to the relevant site and sign in with your existing account credentials. If there’s a genuine problem or matter requiring your attention, you’ll have a message there making it clear. If there isn’t, it was a scam SMS in the first place.
Thankfully there are measures being proposed that may significantly cut down on SMS impersonation scams from big businesses. The Federal Government proposing an SMS Sender ID register that would make it harder for scammers to impersonate big businesses and see their dodgy texts actually get delivered.
If you’re an older Australian, you’re more likely to be scammed
The online world is often positioned as a young person’s playground, with older Australians often not seen as being on top of the latest trends in significant numbers. If you’re talking TikTok subscribers, you may have a point, but there’s one area where older Aussies absolutely outrank the youthful brigade.
Unfortunately that area is in losses to scammers, with the ACCC noting that Australians aged 65 or more lost at least $120 million to scams in 2022 alone. Comparatively, the 18-24 age bracket saw losses of $16 million. Neither figure is good of course, but that’s quite the difference.
Again, both figures are probably higher, as some who were fooled may not have chosen to report it at all. The ACCC estimates that could be as high as 30% of the total figure. Or in other words… yikes.
Why target older Australians? It’s largely believed to be a mix of two factors. For a start, many older Australians may have a lifetime’s worth of savings to be plundered, and that’s a compelling target for criminals.
Secondly, there’s the belief that older folks are less likely to be tech-savvy and may have lessened cognitive abilities.
A tad rude, but it means that scammers will often try to bamboozle older tech users, whether it’s with jargon designed to fool them into installing malware, or scams that want gift cards, cryptocurrencies or other non-reversible money transfer methods to pay fake “fines” as quickly as possible.
How older Australians can protect themselves against scams
The measures you need to protect yourself as an older Australian are no different to the ways that any other age bracket can protect itself. Educate yourself, ask questions and above all take time to consider messages, proposals or anything else that could lead you down a scammer’s path.
If that investment opportunity for your golden years seems too good to be true, it almost certainly is – even if a TV personality “appears” to be endorsing it. If someone you’ve never met online is professing true love almost immediately, it’s probably dodgy. If you’re being pressured to install an app that will “protect” your computer because someone from “Microsoft” rang you, that’s a red-alert-scam-alarm right there.
What the scammers want is for you to act rapidly without thinking, so try hard to avoid falling for those traps.
Book a Digital Security Check for your devices
It’s not enough to just know about scam messages
Just recently, prominent Instagram influencer Jacque Felgate shared a tale of impersonation fraud, specifically schemes that take over a user’s MyGov account for illicit purposes.
Felgates’ post got hundreds of mostly similar responses, all sharing much the same tale of woe. As per each report, scammers got into MyGov accounts, changed address and bank details and claimed tax returns, Medicare refunds and government relief payments on their behalf, leaving a large-scale mess for the respondents to deal with.
So what’s the story here? Is MyGov horribly compromised in a significant way? Did the hackers find a code back door that busted the Government’s systems wide open?
Almost certainly not, because if there’s one area where general security precautions are taken very seriously, it’s at the state level. Bear in mind that many of the same systems have to deal with nation-based cybersecurity from potentially hostile foreign governments, and you’ll start to appreciate how seriously that kind of security is taken in the halls of power.
So what’s actually happened here?
The most likely scenario is one relating to wider security breaches combined with some potentially lax security on the part of the respondents. No, they didn’t deserve it, but what it highlights is that it’s not enough to simply think that you’re scam-immune because you don’t respond to SMS or email entreaties.
Over the past few years, we’ve seen numerous large-scale data breaches from the likes of Optus and Medibank for example.
Those breaches exposed a lot of identifying information to scammers, including dates of birth, addresses, driver’s licences and the like – all rich pickings if you want to impersonate somebody.
Combine that with other breaches where passwords may have been leaked, and the all-too-sadly-true-fact that many people do re-use passwords, and you’ve got a fairly easy way to brute-force code a database that’ll run through common combinations to try to get into these kinds of services.
Or to put it more simply, if the scammers have your name and email and your password was “password”, it was never that secure in the first place.
How to protect yourself from identity theft scams
The first step is to be as careful with your personal data as you possibly can be. That means considering where you absolutely need to share that data, and where you can do without.
If you post a lot of photos of how beautiful the front of your house looks on Facebook after the renovations, for example, you’re also telling much of the wider world where you live, by way of example.
Next, strengthen your own defences. Firstly, do a password audit. Are you using the same password twice anywhere?
Stop it.
Right now.
You can’t control every leak, but even if your password is, say, “YarVEEvfVztigG8nNB42Pznya]WvRe[z*EAtVoQZ” – great length, lots of random characters and so on, if a little tricky to type in – if it’s across multiple services, then you’re risking a breach of just one of them exposing every service you use.
A good password management app can be a godsend in this regard.
Next, consider two-factor authentication for every account that can take it. A secondary step in the login process does slow you down, but it can absolutely lock thieves out if they can’t bypass it. Here SMS can be a weak factor if criminals are intercepting your calls or have outright switched out a SIM card or similar, so consider using an authenticator app or a separate 2FA fob or USB device instead.
Then it’s a question of digital data hygiene and regular checking. Part of the way that these scams work is by playing on the fact that few of us check these details all that frequently. As such, if a scammer gets into your account and changes up the address details or banking details, you don’t know because you rarely look outside of, say, tax time.
Changing that behaviour can’t stop data breaches from big companies, but it can lessen or even stop the fraud from hitting you personally.
If you go to log into your account from the legitimate MyGov site and you can’t, that’s a big red flag that something is up. Contact via other means and be ready to properly verify your identity when you do, because early prevention is far better than late regrets.
Naturally, that’s advice that works well for plenty of other services, whether you’re talking online stock trading, banking, or even social media accounts. You might not care about your Facebook account anymore, but what if it’s been breached and your identity is being used to convince your friends and family to hand over details or money?