We had a frustrating incident this week. Our good business name was used by someone, somewhere in the world to try and fleece 45,000 people across the world of their hard-earned money. It is a common scenario that scamsters use – try and impersonate a reputable company and ask people for details or money. There are many examples we are seeing of this at the moment. I am sure most people have had a phone call from a ‘Telstra technician’ telling them they have a virus and they will fix it for free. If anyone falls for this tactic, the friendly ‘Telstra’ technician directs the person through the process of installing a virus on their computer that will send every keystroke to the scamster. This will include their bank passwords and every other piece of information typed into their computer. The calls seem legitimate enough but it isn’t so legitimate when the money in your bank account disappears.
The scamsters keep changing their game so, just like a medical virus that constantly morphs, any standard scam that people become familiar with is constantly changed so that people may be tricked.
And don’t feel bad if you are tricked. The scamsters are VERY clever. I sometimes bemoan the fact they are pursuing a life of crime instead of trying to improve the world.
The Nigerian e-mail scam was one that was used years ago to try and trick people into believing there was money on offer from an inheritance or sometimes money in a lottery. All you had to do to secure the huge sum of money was to pay a small amount into an account with some spurious reason attached to why a deposit was required. After one or two deposits and then an expectation of money coming anytime soon, the communication became strangely silent… That is when the person realised they have lost their money.
The latest round seems to involve an e-mail using the details of a well-established company (think of Telstra; Qantas; CBA etc.) and dressing up the e-mail to look like it comes from that company. They are very good at it. The pull the logos from the company Web site and use legitimate names of people from the organisation. Some of the links will even go directly to that legitimate company. They will then have a link that asks for additional details or to pay an invoice. Trusting the company that has supposedly sent the e-mail, many people will click on the link not realising that it will either infect them with a virus or keylogger or take them to a site asking for more details (or money). It might even be setup to look like the online shopping store of the legitimate company. Think of someone impersonating Qantas and sending a fake e-mail to people that offered a $99 special for flights that would normally cost $300. If you click on the link then it takes you to a site that looks just like the actual Qantas Web site. When people want to take advantage of the sale, they quickly put their details in and the scamster takes your money and you never see any tickets. It is a lot of work for someone to make illegitimate gains but there are people out there doing it.
How do you stop it? It seems that law enforcement struggles. For every scammer that they catch another hundred pop up. The real solution is for their scams to be ineffective such that scamsters give up. In much the same was as thieves will stop stealing goods if people in pubs stop buying stolen goods, vigilance by all of us will make the difference.
How do you spot a scam? That is the $340 million question (the amount lost to scammers in Australia last year). If you receive a phishing e-mail asking for invoice payment, firstly ask yourself if you were expecting an invoice from this company. When our name was used to send a phishing scam to people across the world, we received phone calls from New Zealand and America and across Australia asking who we were and what we supplied to that person. If you have to ring and ask, it probably means you can ignore the e-mail. The second red flag is to hover over the links – but do not click. Look at the domain name. If it is the domain name of the actual company it may be safe. Typically, scammers have random domain names that are not linked to the legitimate company. The next one I check is if the company is asking for information that they should already have. If they e-mail or call and ask for your date of birth and your home address and other such details, they probably want your identity. Last, if I am not sure, I will access the normal phone number or e-mail address of the company in question via a method not included in the e-mail and ask for separate, independent and verifiable information.
After all this, don’t be scared. The online world offers us a huge number of advantages but you just have to be vigilant in your approach.
Mathew Dickerson