Online scammers and fraudsters are constantly coming up with new tricks and ways to lure people in. We all know that scam about the foreign prince who says he “needs your help to transfer money in exchange for a large inheritance”. Or the classic con about the lottery prize you’ve won where you need to hand over your bank details to collect your winnings. But scams aren’t always plain to see – there are lots of sneaky ways cyber criminals can catch you out. And with the ACCC reporting that COVID-19 related scams are on the rise, it’s good to stay in the know with the cyber dark arts so you’re ready to spot them.
Let’s take a look at the basics of staying secure online, some common scams you should be on the watch for and how we can help if you think you’re the victim of a scam.
Online security 101
Securing your devices
The first place to start is right under your nose. Spyware and malware can snoop on your internet activities on your phone and computer.
Here are some tips to protect your devices:
- Install a reliable internet security program on your computer.
- Cover the camera on your laptop or computer when you’re not using it (as certain spyware allows the scammer to watch you and learn your everyday movements).
- Regularly update your browser and operating system.
- Use multi-factor authentication protection on your programs.
- Disable autorun programs on your computer.
Think cyber-secure – and act cyber-secure
As well as keeping your software up to scratch, there are some habits you should try to adopt. When you’re working or banking online, make sure your network connection is secure. Keep in mind that a lot of people can access the free wi-fi at your local cafe, so it could potentially leave you exposed to threats. Avoid opening emails from unknown sources that you aren’t expecting – especially if they ask you to open an attachment. This is the oldest trick in the book for cyber criminals who are looking to infiltrate your devices and systems. And instead of using USB sticks to transfer files, consider switching to cloud-based software.
Common cyber crimes
Phishing is where criminals attempt to get your personal details – like bank account numbers, credit card numbers and most importantly your passwords – usually by portraying themselves as a trustworthy and genuine source through an email or text. Phishing messages are designed to look genuine and will copy the format used by the organisation that the scammer is pretending to be from. Victims might fall for this scam if they click on any links or attachments within the email or text.
Here are some signs that you might be looking at a phishing scam:
- Claims to be from a bank you don’t have an account with.
- Includes logos, company names or website addresses that look a little off (for example, the company might be Genuine Company with the website genuinecompany.com, but the web address in the email says ‘genuineecompany.com’, with an extra ‘e’).
- Claims to be from a company you have had legitimate dealings with but then asks you strange and suspicious questions which don’t relate to the normal day to day operation of the company.
- Doesn’t address you by your proper name.
- Leads to a site that asks you to enter your bank details.
- Says your personal details are required for security upgrades or to ‘verify’ your account.
- Asks for your username or password to a specific application.
- Contains spelling or grammatical mistakes in the subject line or elsewhere.
- Offers a reward or prize for completing it (if it’s something like a survey or quiz).
- Says you are to receive a refund for a fee you were mistakenly charged; or informs you they have reimbursed too much and asks for you to pay them back.
- Offers a ‘too good to be true’ discount.
- Requests remote access to your computer or offers a security program to be downloaded on your computer.
You should also watch out for pop-up ads on websites and unusual messages from people you don’t know in your social media accounts – these are other common phishing tactics.
Here’s what a phishing email looks like:
This is a scam where your charge card numbers are stolen, often through card processing gadgets by reading the card’s magnetic stripe. For example, a device might be placed over the top of the card reader at an ATM to try and record your account numbers.
You should immediately contact your bank if you suspect there’s something unusual going on, but you can also try to avoid the problem by making it harder for criminals to steal your information. Choose ATMs that look like they’re in a secure location. If an ATM is attached to a bank and if there are security cameras, that’s a fairly safe bet. You can also try to give the card reader a little jiggle before you use it. If it’s loose, there’s a good chance that it’s dodgy. To keep yourself protected, try to do your transactions using the chip on your card when you’re shopping. If you think that you’ve been skimmed, call the ATM’s bank – and your bank – straight away.
This is when someone steals your personal information to transfer your mobile phone number to them without your knowledge or consent. This can happen if the scammer sets up a new account with a different phone company (by pretending to be you) and then ports your number. Or they might contact your existing phone company pretending to be you and request a new SIM card with your number that they’ll then use with their own mobile.
Once transferred, your stolen mobile phone number can be used to receive SMS verification codes, allowing that person to access your personal services, such as your bank, email and social media accounts.
You’ll know your phone number has been ported if you unexpectedly lose phone reception or coverage (you’re unable to make or receive calls or messages) and your phone goes to ‘SOS only’ when everyone else has reception bars.
Here are some tips to prevent porting:
- Phone companies typically send out a ‘pre-port verification’ SMS to make sure a porting request was authorised. If you get a text like this from your phone company and you didn’t request it, decline the request and call your phone company to let them know what’s happened.
- Hide your mobile phone number in your social media profiles. You can google your mobile phone number to see where it shows up and request it to be taken down.
- Remove your birth date from public view – keep in mind that a scammer can work out your birth date from photos or posts on social media.
- Scammers can gain your personal information from your personal mail, so make sure you have a lock on your letterbox or consider using a PO box.
- Keep the PIN numbers, SMS security codes and passwords you use for telephone companies and banks secret.
Unsolicited phone calls
Sometimes a scam will start with a phone call you didn’t ask for from a person or company you don’t know.
Here are some examples of unsolicited phone scams:
- The scammer mentions that you need to make a payment or confirm your bank details.
- The scammer mentions a service you didn’t sign up for and needs your details to process it.
- You receive an automated voice call asking for sensitive information.
- The scammer talks to you about an ‘investment opportunity’ and which usually sounds too good to be true
- You get a call about a ‘gift card’ that is owed to you where they ask you for personal or banking details in order to send it to you
- The scammer tells you they need to remotely access or install something on your computer (you should never allow access to your computer or devices to third parties)
If in doubt, you can call the company’s general phone number (like the one advertised on their official website) to confirm they called you. However, be wary that if you’ve never heard of the company before, the website may be set up to make the scam more credible.
We’re here to help
If you’ve lost your card, you can use the ING mobile banking app or online banking to put your card on hold. This gives you time to find it without worrying if someone else might be trying to use it. Once your card’s been found, you can breathe a sigh of relief – and then take it off hold. If your Visa card is lost or stolen, or used without your permission, or you see an unusual transaction in your statement, contact us immediately on 133 464 (+61 2 9028 4077). We’re here for you 24 hours a day, 7 days a week.
When you sign into ING online banking, make sure you can see the padlock icon in the address bar. Also, the welcome screen will let you know the last time you signed in. If that time doesn’t ring true, contact us immediately on 133 464 (+61 2 9028 4077).
Head to our security page for more info on how to stay protected.
The information is current as at publication. Any advice on this website does not take into account your objectives, financial situation or needs and you should consider whether it is appropriate for you. Deposit products, savings products, credit card and home loan products are issued by ING, a business name of ING Bank (Australia) Limited ABN 24 000 893 292, AFSL and Australian Credit Licence 229823. ING Living Super (which is part of the ING Superannuation Fund ABN 13 355 603 448) is issued by Diversa Trustees Limited ABN 49 006 421 638, AFSL 235153 RSE L0000635. The insurance cover offered by ING Living Super is provided by Metlife Insurance Limited ABN 75 004 274 882, AFSL 238096. ING Insurance is issued by Auto & General Insurance Company Limited (AGIC) ABN 42 111 586 353 AFSL Licence No 285571 as insurer. It is distributed by Auto & General Services Pty Ltd (AGS) ABN 61 003 617 909 AFSL 241411 and by ING as an Authorised Representative AR 1247634 of AGS. All applications for credit are subject to ING's credit approval criteria, and fees and charges apply. You should consider the relevant Product Disclosure Statement, Terms and Conditions, Fees and Limits Schedule, Financial Services Guide, Key Facts Sheet and Credit Guide available at ing.com.au when deciding whether to acquire, or to continue to hold, a product. Before interacting with us via our social media platforms, please take a minute to familiarise yourself with our Social Media User Terms https://www.ing.com.au/pdf/Social_Media_User_Terms.pdf.