You sit down and log into your email account. There’s the usual promotional junk mail and spam, emails from mailing lists you forgot you signed up for five years ago, and maybe something from a friend or relative if you’re lucky.
But then – what’s this? An email from your bank? There’s been some sort of problem with your account! Luckily, all you have to do to fix it is follow a link and provide some of your details.
And just like that, you’ve fallen victim to a phishing scam, which could see your bank accounts being cleaned out and even your identity stolen, by fraudsters who could be on the other side of the world to Sydney.
We see a lot of phishing scams in our private investigators office and in its most recent annual report, the ACCC revealed that it had been contacted 8788 times about phishing scams over the period, with 494 of those cases resulting in a loss of money. Forty of those cases resulted in losses of over ten thousand dollars, and the total lost was over 1.5 million dollars. And that’s just what was reported to the ACCC – the actual total could be much greater.
How do these scams work, and why are they targeting you? Actually, they’re unlikely to be targeting you specifically – the “phishermen” may have sent out millions of emails with automated programs. It’s more of a statistics game – they’re relying on the idea that, even if the vast majority of the emails are deleted or ignored, at least one person won’t be paying enough attention to recognise the scam. Don’t be that person!
So what do these emails look like, and what is their content? They tend to be presented as though they’re from some sort of authority or other trustworthy institution, usually a bank. Sometimes you’ll be able to recognise that an email is fraudulent simply by scrutinising the email address from which it’s being sent; however, this isn’t foolproof, as there are ways to disguise the true sender of an email. The way the text within the body of the email is written can be another hint as to its true nature – despite being technologically sophisticated, online fraudsters often suffer from poor language skills. This can’t be relied upon entirely either though, as you will see the occasional perfectly-crafted scam email (not to mention poorly-written genuine bank emails!)
The email may try to create a sense of urgency (e.g., “Act quickly – there’s a potential security risk to your account!” – even cyber-criminals have a sense of irony, it seems); or, the request may be presented as rather mundane or routine, probably so as not to arouse further suspicion. You may be asked simply to provide personal information, numbers or passwords in a reply email; or alternatively, instructed to follow a link to another website, which can be set up by the scammers to look like a legitimate bank website. As well as collecting your banking details from you directly, these imposter sites can upload malicious software onto your computer, allowing the criminals to record what you type from then on, and remotely access your files.
The Australian Federal Police recommend that you immediately delete suspected phishing emails. It should be noted though that this variety of scam doesn’t have to be restricted purely to the online realm – the Commonwealth Bank sent a (real) message to all its Netbank customers earlier in the year, urging them not to reveal personal or banking information to strangers calling on the phone claiming to be from reputable companies. The bottom line is, banks or other legitimate companies will never contact you in this way and ask you to provide them with information they should already have. If something about it seems like it’s not quite right, don’t do it. If you’re really not sure whether an email is legitimate or not, don’t risk it – call your bank (but not through any phone numbers provided in the email – do your own research!)
Of course, fraudsters of all varieties are endlessly creative, and the exact nature of online scams will continually evolve. What you may fall victim to may not resemble the scams described above in any way. If you feel that you may be on the receiving end of an online deception, you may need the help of a private detective specialising in computer forensic work.