Scammers are constantly coming up with new tricks to lure people in.
We all know that scam about the foreign prince who says he ‘needs your help to transfer money in exchange for a large inheritance.’ Or the classic con about the lottery prize you’ve won where you need to hand over your bank details to collect your winnings.
But scams aren’t always plain to see – there are lots of sneaky ways cyber criminals can catch you out. And with the Australian Competition and Consumer Commission (ACCC) reporting that scams are on the rise, it’s good to stay in the know with the cyber dark arts so you’re ready to spot them.
Let’s take a look at the basics of staying secure online, some common scams you should be on the watch for and how we can help if you think you’re the victim of a scam.
Online security 101
Securing your devices
The first place to start is right under your nose. Spyware and malware can snoop on your internet activities on your phone and computer.
Here are some tips to protect your devices:
- Install a reliable internet security program on your computer.
- Cover the camera on your laptop or computer when you’re not using it as certain spyware allows the scammer to watch you and learn your everyday movements.
- Regularly update your browser and operating system.
- Use multifactor authentication protection on your programs.
- Disable auto run programs on your computer.
- Avoid providing remote access to your device unless you’re certain of the identification of the caller and the reason that they require remote access.
Think cyber-secure and act cyber-secure
As well as keeping your software up to scratch, there are some habits you should try to adopt.
When you’re working or banking online, make sure your network connection is secure. Keep in mind that a lot of people can access the free wi-fi at your local cafe, so it could potentially leave you exposed to threats.
Avoid opening emails from unknown sources that you aren’t expecting – especially if they ask you to open an attachment. This is the oldest trick in the book for cyber criminals who are looking to infiltrate your devices and systems.
And instead of using USB sticks to transfer files, consider switching to cloud-based software.
Common cyber crimes
Phishing is where criminals attempt to get your personal details – like bank account numbers, credit card numbers and most importantly your passwords – usually by portraying themselves as a trustworthy and genuine source through an email or text.
Phishing messages are designed to look genuine and will copy the format used by the organisation that the scammer is pretending to be from. Victims might fall for this scam if they click on any links or attachments within the email or text.
Here are some signs that you might be looking at a phishing scam:
- Claims to be from your bank and instructs you to login via a link provided in the SMS. They might also advise your account has been compromised and instruct you to move your funds elsewhere for safekeeping. No bank will ever tell you that your account is under threat and that you need to move money from ING to another financial institution for safekeeping
- Includes logos, company names or website addresses that look a little off. For example, the company might be Genuine Company with the website genuinecompany.com but the web address in the email says ‘genuineecompany.com’ with an extra ‘e’.
- Claims to be from a company you have had legitimate dealings with but then asks you strange and suspicious questions which don’t relate to the normal day-to-day operation of the company.
- Doesn’t address you by your proper name.
- Leads to a site that asks you to enter your bank or card details.
- Says your personal details are required for security upgrades or to ‘verify’ your account.
- Asks for your username or password to a specific application.
- Contains spelling or grammatical mistakes in the subject line or elsewhere.
- Offers a reward or prize for completing it, like a survey or quiz.
- Says you are to receive a refund for a fee you were mistakenly charged or informs you they have reimbursed too much and asks you to pay them back.
- Offers a too-good-to-be-true discount.
- Requests remote access to your computer or offers a security program to be downloaded on your computer.
You should also watch out for pop-up ads on websites and unusual messages from people you don’t know in your social media accounts – these are other common phishing tactics.
ING will never send you an email or SMS asking for your login details.
What a phishing email can look like
How phishing text messages work
Sally* received an SMS saying it was from ING. It advised of a transaction she didn’t recognise and instructed her to click a link to login to online banking using her customer and access codes. She then received a call from someone who said they’re from ING and were calling to verify a fraudulent transaction. Sally then received an SMS code and the caller asked her to confirm the code which is her ‘reference number’ for stopping or replacing her card. Sally was suspicious, hung up and called ING to see if we called. We were able to verify it was a scam.
*Name changed for privacy.
Investment scams are where scammers contact you claiming to be stockbrokers, crypto brokers or portfolio managers with an unbelievable investment opportunity.
Scammers will ask you to hand over money for an investment opportunity that offers a high rate of return usually with the need to act fast so you don’t miss out.
They may even provide prospectus documents that appear to be legitimate or impersonate real financial intuitions.
If you come across an investment opportunity, always seek independent financial advice before investing.
Romance scams are where scammers form a relationship with you to get money or gifts.
They usually develop the relationship over time, often through social media, and may ask you to transfer assets into their name or ask to become a beneficiary of your will.
They may ask for money to assist with a health, travel or family problem. In many instances, they’ll find reasons to only communicate by email to avoid any live video chats.
Most times the person is not who they claim to be and may even be part of an organised crime.
Unsolicited phone calls
Sometimes a scam will start with a phone call you didn’t ask for, from a person or company you don’t know.
Here are some examples of unsolicited phone scams:
- The scammer mentions you need to make a payment or confirm your bank details.
- The scammer mentions a service you didn’t sign up for and needs your details to process it.
- You receive an automated voice call asking for sensitive information.
- The scammer talks to you about an investment opportunity which sounds too good to be true.
- You get a call about a gift card that’s owed to you where they ask you for personal or banking details so they can send it to you.
- The scammer tells you they need to remotely access or install something on your computer – you should never allow third parties to access to your computer or devices.
Tom’s experience of an unsolicited call
Tom* received a call from scammer posing as X Bank. He responded by telling them he didn’t have an account with X Bank but he did have one with ING. The caller then said they’re calling from ING. Tom was suspicious, hung up and called ING to check if we had called. We were able to verify it was a scam.
*Name changed for privacy.
If in doubt, always hang up and call the company’s official phone number – like the one advertised on their website – to confirm they called you. However, be wary if you’ve never heard of the company before because the website may also be fake!
Other things to look out for:
Skimming is where your debit or credit card details are stolen, often using a hidden device that reads – or ‘skims’ – your card’s magnetic stripe and records your PIN entry.
For example, a device might be placed over the top of the card reader at an ATM to try and record your account numbers. We suggest you cover your hand as you enter your PIN to prevent recording of your PIN details.
You can try to avoid the problem by making it harder for criminals to steal your details.
For instance, choose ATMs that are in secure locations, like attached to a bank. Also, look to see if something is attached to the card reader. If it’s loose, there’s a good chance it’s dodgy. And when shopping, try to do your transactions using the chip on your card.
If you think that you’ve been skimmed, call the ATM’s bank – and ING – straight away.
Porting is when someone steals your personal details so they can transfer your mobile phone number to their control and access your accounts.
Scammers can do this by pretending to be you and either setting up a new account with a new phone company or contacting your current provider and requesting a new SIM card.
A scammer can then use your stolen mobile phone number to receive SMS verification codes that allow them to access your services, such as your bank, email and social media accounts.
You’ll know your phone number has been ported if you suddenly can’t make or receive calls or messages and your phone goes to ‘SOS only’ when everyone else has reception.
Here are some tips to prevent porting:
- Phone companies typically send a pre-port verification SMS to make sure a porting request was authorised. If you get a text like this and didn’t request it, decline the request and call your provider to let them know what’s happened.
- Hide your mobile phone number in your social media profiles. You can google your mobile phone number to see where it shows up and request it to be taken down.
- Remove your date of birth from public view – keep in mind that a scammer can also work out your birthday from photos or posts on social media.
- Scammers can get also your personal information from your mail, so consider putting a lock on your letterbox or using a PO Box.
- Keep your PINs, SMS security codes and passwords for phone companies and banks secret.
Quick tips to identify and avoid scams
Want the facts, fast? No problem. For what to avoid and how we can help if you think you’ve been scammed, check out this quick video.
We’re here to help
If you’ve lost your card, you can use the ING mobile banking app or online banking to put your card on hold. This gives you time to find it without worrying if someone else might be trying to use it. Once your card’s been found, you can breathe a sigh of relief – and then take it off hold. If you’re suspicious of someone who’s contacted you, notice unusual account activity on any ING account or think you might have been scammed call our dedicated scams line anytime 24/7 on 1800 052 743.
For more on how we help protect your banking and details of the latest scam threats affecting ING customers, visit ing.com.au/security
The information is current as at publication. Any advice on this website does not take into account your objectives, financial situation or needs and you should consider whether it is appropriate for you. Deposit products, savings products, credit card and home loan products are issued by ING, a business name of ING Bank (Australia) Limited ABN 24 000 893 292, AFSL and Australian Credit Licence 229823. Living Super, a sub-plan of OneSuper ABN 43 905 581 638 is issued by Diversa Trustees Limited ABN 49 006 421 638, AFSL 235153 RSE L0000635. The insurance cover offered by Living Super is provided by Metlife Insurance Limited ABN 75 004 274 882, AFSL 238096. ING Insurance is issued by Auto & General Insurance Company Limited (AGIC) ABN 42 111 586 353 AFSL Licence No 285571 as insurer. It is distributed by Auto & General Services Pty Ltd (AGS) ABN 61 003 617 909 AFSL 241411 and by ING as an Authorised Representative AR 1247634 of AGS. All applications for credit are subject to ING's credit approval criteria, and fees and charges apply. You should consider the relevant Product Disclosure Statement, Terms and Conditions, Fees and Limits Schedule, Financial Services Guide, Key Facts Sheet and Credit Guide available at ing.com.au when deciding whether to acquire, or to continue to hold, a product. Before interacting with us via our social media platforms, please take a minute to familiarise yourself with our Social Media User Terms https://www.ing.com.au/pdf/Social_Media_User_Terms.pdf.