Financial fraudsters and scam artists have become increasingly sophisticated in their tactics, posing significant threats to individuals and businesses worldwide, costing billions of dollars. To protect ourselves and stay one step ahead of these fraudsters, it’s crucial to understand their tactics and implement effective countermeasures to safeguard against cybercrime and digital theft.
Phishing
Phishing scams are one of the most common tactics employed by fraudsters to steal sensitive information, such as login credentials and financial data. These scams often involve sending deceptive emails, messages, or websites that appear to be from legitimate sources such as banks or government agencies. The ACCC stated that some fraudsters actually used new technology to mask their fraud calls under a bank’s actual hotline to set up their con, which resulted in over 14,000 bank impersonation scams being reported in 2022, with over $20m in losses.
The ABS noted, however, a drop in phishing scams for 2022-2023, at 134,700, down from close to 204,000 in 2020-21. It has yet to be determined if the activation of the National AntiScam Centre and its enforcement regime helped in the reductions.
Exercise caution when clicking on links or providing sensitive information online. Verify the sender’s identity, look for signs of suspicious communication, and enable two-factor authentication whenever possible to add an extra layer of security. You may need to report the incidents to agencies such as the ACCC’s Scamwatch.
Social Engineering
Social engineering involves manipulating individuals into divulging confidential information or performing actions that could compromise their digital security. Fraudsters often use psychological tactics to gain victims’ trust and exploit their vulnerabilities. In some cases, these deceptions involve posing as authority figures, co-workers, or friends; fraudsters trick individuals into revealing sensitive data or granting unauthorised access to accounts and systems.
According to Interpol, social engineering scams may not necessarily include social media as a vector.
Be cautious when receiving unsolicited requests for personal information or money. Verify the identity of the person making the request through separate communication channels before taking any action.
Digital Currency Scams
The rise of digital currencies also gave birth to various cryptocurrency scams. These scams may involve fake investment opportunities, pyramid schemes, or fraudulent initial coin offerings (ICOs). Fraudsters entice victims with promises of huge returns on digital currency investments, luring them into investing in fake or non-existent projects.
Exercise due diligence before investing in any digital currency venture. Research the project, its team, and check for any regulatory approvals or endorsements from reputable sources. The government’s MoneySmart site also recommends questioning and avoiding any social media ads for crypto investments. Some QUICKLE users with Facebook accounts may recall innocuous people replying to their own comments on certain posts pitching how their lives supposedly “improved” by investing in a crypto project, encouraging people to click on the link of the Facebook account of a person running the project.
Online Shopping Fraud
With the increasing popularity of online shopping, fraudsters have capitalised on creating fake shopping websites to steal payment information and personal details from unsuspecting customers. These websites mimic legitimate online stores, offering attractive deals and discounts to lure customers into making purchases. However, once the payment is made, the goods are never delivered.
Only shop from reputable websites with secure payment gateways. Look for https:// and a locked padlock in the website address and check for customer reviews and ratings before making a purchase. The address itself should contain proper page names and headings for specific pages. If you are looking the official website of Aussie fashion brand The Iconic, for example, the main URL is https://www.theiconic.com.au/ and it branches out into other parts like:
- https://www.theiconic.com.au/men/ (men’s fashion)
- https://www.theiconic.com.au/women (women’s fashion)
- https://www.theiconic.com.au/kids (children’s clothing)
Cyber Extortion
Cyber extortion involves threats of releasing sensitive information or disrupting services unless a ransom is paid. Ransomware attacks, where fraudsters encrypt victims’ data and demand payment for its release, have become increasingly prevalent. IT company Sophos revealed in its State of Ransomware 2024 report that Australia suffered a ransomware attack rate of 54 per cent this year down from 70 per cent in 2023. However, Australian companies did not fully report the attacks to the authorities, with a reporting rate of just 90 per cent. Worse, they paid the most ransom – the mean amount of Australian ransomware payments, Sophos revealed, was tagged at the US-dollar equivalent of $8.96 million, against US$3,960,917 global average.
Regularly back up essential data to secure locations and maintain robust cybersecurity measures, including antivirus software and firewalls, to prevent malware attacks.
Account Takeover
Account takeover occurs when fraudsters gain unauthorised access to individuals’ or businesses’ accounts, such as email, social media, or banking accounts. They will often get the access credentials through phishing, brute-force attacks, or by exploiting weak passwords and security questions.
The theft of access credentials as a vehicle for identity theft is impossible to ignore when they can compromise your finances. The ABS’ Personal Fraud report for 2022-2023 listed which types of accounts were fraudulently accessed. Twenty-nine point six per cent of the access incidents – the most listed in the report – were found to be used for tapping bank accounts, supers and investment shares.
Use strong, unique passwords for each account and enable multi-factor authentication to protect against unauthorised access. Regularly monitor account activity for any suspicious behaviour. If the accounts you use are in a platform that was confirmed to have had a data breach, you will have to change your passwords. Troy Hunt’s Have I Been Pwned? service and the ACSC Alert Service are also workable tools to aid you in protecting your digital presence after an account compromise.
Conclusion
As financial fraudsters and cybercriminals continue to evolve their tactics, it’s essential to stay vigilant and be aware of the potential threats they pose. Employing cybersecurity best practices, such as using strong passwords, enabling multi-factor authentication, and verifying the authenticity of communication, can go a long way in safeguarding against cybercrime. Additionally, staying informed about the latest scams and sharing this knowledge with friends, family, and colleagues can help create a safer digital environment for everyone.
DISCLAIMER: This article is for informational purposes only and should not constitute official financial advice. QUICKLE has no working relationships with any company or organisation mentioned.
