How to protect your money and assets from cyber security risks in Australia
As technology advances, so do the methods of cyber criminals – with Australians losing millions annually.
Online scams are becoming increasingly sophisticated and realistic. A reported $295 million was lost in scams in the first half of 2022 alone, and 2023 seems to be no different.
As the Director of Argus Investigations, I hear countless horror stories where families have lost their hard-earned money and other assets to scammers.
So, it's essential to be aware of the latest scam trends in Australia and how to avoid them. In this article, I will look at recent examples and common red flags for 5 types of scams in Australia:
- Phishing emails and texts that appear to be from legitimate sources, such as banks or government agencies.
- Ransomware attacks lock you out of your computer or files until you pay a ransom.
- Remote access scams are where scammers gain access to your computer and steal personal information or money.
- Phone scams where scammers pretend to be from legitimate organisations, such as the Australian Taxation Office or Telstra and;
- Investment scams such as cryptocurrency and share trading scams.
Phishing scams are very common and trick people into divulging sensitive information such as passwords, account numbers or credit card details. Some recent themes for phishing scams have included:
- Hi Mum scams: Scammers create a fake social media account and contact people pretending to be their children. Then they say their phone has been stolen, lost or have another reason for asking the person for money or credit card details.
- COVID-19-related scams: Scammers have been using the pandemic to trick people into divulging personal information or making payments for fake products such as vaccines or cures.
- Job offer scams: Scammers have been posing as recruiters and offering job opportunities that require personal details or even payments for upfront training or equipment.
- Suspicious senders: Check if the sender's email address, WhatsApp account or social media profile matches the company they claim to represent.
- Urgent requests: Be wary of messages that demand immediate action and threaten consequences for not complying.
- Suspicious links: Hover over links before clicking on them and check if they lead to a legitimate website.
- Poor grammar and spelling: Legitimate companies usually proofread their messages before sending them out.
Ransomware attacks are a type of cyber-attack where hackers gain access to a victim's computer system or network and copy data or make it inaccessible. The hackers then demand payment, usually in a cryptocurrency, in exchange for the data..
According to recent reports from the Australian Cyber Security Centre (ACSC), there has been a significant increase in ransomware attacks targeting Australian businesses and government agencies, including:
- Medibank ransomware attack in November 2022: This led to a significant data leak of medical and personal information.
- Optus data breach in September 2022: While more a data breach than ransomware attack, the hacker did initially demand a ransom and threaten to release personal information if it was not provided.
- JBS Foods ransomware attack in June 2021: An attack that disrupted meat production across Australia and other countries.
- Accellion data breach in January 2021: This affected multiple Australian universities and government agencies.
- Unusual network activity: For example, slow performance or evidence of malicious software on your system..
- Suspicious emails: Watch out for messages with attachments or links.
- Pop-up windows: Which may include links or messages requesting payment.
- Encrypted communications: These may come from services such as TOR (The Onion Router) or unidentified web portals.
If you notice these red flags, take immediate action.This may include disconnecting from the internet, contacting IT support or law enforcement, and backing up your files.
Future protection for ransomware
Ransomware has become a massive issue in Australia following the recent Optus and Medibank attacks. As it is a major national security threat, the Australian government has considered making paying ransom fees illegal to attackers and mandating that the Australian Defence Signals Directorate (ASD) intervene with private sector, high-level ransomware attacks.
Remote access scams
Remote access scams trick people into giving scammers control over their computers or devices. Scammers can then steal personal information, install malware, or demand payment for "fixing" non-existent problems.
These scams often start with a phone call or email from someone claiming to be a tech support agent or from a legitimate company, with recent themes including:
- Fake tech support calls: Scammers pose as tech support agents and tell victims that their computer has a virus or other problem. They then ask for remote access to fix the issue but instead install malware or steal personal information.
- Phishing emails: Scammers send emails that appear to be from legitimate companies like Microsoft or Apple, warning the recipient of a security issue and asking them to click on a link to fix it. The link leads to a fake website that asks for personal information or installs malware.
- Social engineering: Scammers use social media platforms like Facebook or LinkedIn to gather information about their targets and then use it in phishing emails or phone calls.
- Unsolicited phone calls or emails claiming there is an issue with your computer.
- Requests for remote access to your computer
- Demands for payment in exchange for "fixing" non-existent problems.
- Suspicious links in emails or pop-ups
Phone scams can take many forms, from fake charity donations to investment opportunities. These scammers aim to trick people into giving them money or personal information.
Some recent phone scams in Australia include:
- The "ATO" Scam: Scammers impersonate the Australian Taxation Office (ATO) and demand immediate payment for unpaid taxes.
- The "NBN" Scam: Scammers impersonate the National Broadband Network (NBN) and claim that there is a problem with your internet connection that needs fixing.
- The "Banking" Scam: Scammers impersonate banks and ask for personal information such as account numbers and passwords.
Investment scams can take many forms, including cryptocurrency scams, fake share scams, superannuation scams, and boiler room or fake share scams.
These are the primary category of scams that we deal with at Argus Investigations and seem to have the most significant financial impact on hardworking Australians.
In 2023, scammers have used various tactics to lure unsuspecting victims into investing in fake schemes and companies. Some of the most recent scams include:
- Fake IPO and pre-IPO investment scams: These scammers often impersonate legitimate companies or use the names of well-known private companies to lure investors into buying shares that do not exist. For example, recently, scammers have been impersonating Australian companies to promote fake investments for Porsche's IPO.
- Impostor bond investment scams: These scams often involve fake, professional-looking scammers that use high-pressure tactics to convince people to invest. The scammers may also use social media platforms to promote their fraudulent schemes and exploit investors' fear of missing out.
- Cryptocurrency pump and dump schemes: These schemes often involve social media influencers or groups coordinating their efforts to manipulate the cryptocurrency market. They do this by spreading false information and hype to artificially inflate a particular cryptocurrency.Once the price has been pumped up, the group sells off their holdings, causing the price to plummet and leaving unsuspecting investors with worthless coins.
- Fake ICO's: This is a fraudulent scheme where scammers create a fake cryptocurrency or token and offer it to investors in exchange for real money or other cryptocurrencies. Recently, these scams have involved fake news stories related to celebrities as a way of getting attention from unsuspecting investors.
- Promises of guaranteed returns: If something seems too good to be true, it probably is.
- Unsolicited messages: Be wary of phone calls or social media messages from strangers or unfamiliar accounts, even if they appear to be from people you know.
- Superannuation requests: If a person or scheme suggests you invest your superannuation funds, you should always check the legitimacy of the opportunity and be careful about what you do with your super.
- Limited legal details: A lack of clear licence or lending information on investment platforms or specific schemes you've been contacted about investing in.
What to do if you're a victim of fraud
Prevention is always the best scenario, however, if you have fallen victim to fraud, you should:
- Make a report with the Australian Cyber Security Centre (ACSC).
- Contact and advise your financial institution immediately.
- If you have sustained significant financial losses and police have been unable to assist you, contact us at Argus Investigations.
Your report to the ACSC will be directly referred to the appropriate state or territory law enforcement agency.
George Andreopoulos is a former detective sergeant with the NSW Police Force and served as an inspector with the Australian Criminal Intelligence Commission and the Department of Home Affairs. Throughout his 18-year law enforcement career, he specialised in investigating transnational organised crime, human source management, financial crime, surveillance, covert investigations and intelligence operations. He is presently the director of Argus Investigations and collaborates with IFW Global through a strategic alliance targeting and investigating fraud syndicates worldwide.