Six online scams to avoid
Online scams are one of the most common cybersecurity threats. Here are six scams to spot and avoid.
In Brief
- Online scams are becoming increasingly common and more sophisticated.
- Six scams doing the rounds are: phishing, investment scams, recruitment scams, tech support scams, debt collection scams and business email compromise scams.
- For your own cybersecurity, be wary of emails or callers who request any personal and financial details, and if a deal seems too good to be true, it probably is.
By John Burfitt
Sadly, there’s no shortage of tales of woe of people getting caught by the increasing spate of email, text messages, phone calls and social media scams. Take the story of the Queenstown woman who received a fake text she thought was from her bank and lost NZ$42,000 in the process. Or the Australian businessman who lost A$1.8 million in an elaborate investment scam.
It’s estimated online scams cost Australians more than A$3 billion in 2022 and the figure in New Zealand is close to NZ$200 million.
The NZ Banking Ombudsman Scheme experienced a 63% increase in scam complaints in 2022. “That figure is likely to be a conservative one because of underreporting due to the embarrassment or shame of being scammed,” Jon Duffy, Consumer NZ chief executive officer, tells Acuity. “Being the victim of a scam is highly stressful and uncertain, even if you’re eventually reimbursed.”
The particulars and intricacies of these scams are now seeing many accountants and financial advisors called upon for advice from clients on what to look out for, and how to beat them. Below are six scams doing the rounds. Knowing what to look for and how to avoid them remains the best way to improve your cybersecurity and beat cybercriminals.
1. Phishing
As the name suggests, phishing scams are fishing for victims, often through official-looking emails. Click on the link included in the email or reply with the requested information, and you may unwittingly provide cybercriminals with sensitive information such as account numbers, passwords and credit card numbers.
A common ploy is when the scammer claims your account has been compromised and the issue can be fixed by clicking on the link they emailed you.
The best way to avoid getting caught on the phishing hook is to not click on any suspicious email links. Instead, delete the message, block the sender and contact the bank or service provider through their official website or call centre to report it.
In the case of a phone call, ask more questions than you answer. “If they claim to be a bank or service provider, ask for a case number and name [of the caller], then check for the real number and call that agency back,” says James Eling of Melbourne IT business Extreme Networks. “That way, you have some reassurance if the matter is legit or not.”
2. Investment scams
Investment scams are big on the promise to grow wealth through real estate or cryptocurrency opportunities, but are even bigger in delivering deceit.
Australian woman Doris McAllister found an online site purporting to be the Singapore-based bank DBS offering high returns on deposits, so she transferred A$260,000 into what she thought was a bank account, only to discover she had been conned. “I lost the lot,” she told the ABC.
These scams often use fake celebrity endorsements, or scammers will track a person’s social media accounts and pretend to be a friend endorsing the deal.
The golden rule with this scam is that if the promise seems too good to be true, avoid it.
3. Recruitment scams
The job posting con offering brilliant career prospects or high-paying work-from-home opportunities last year cost Australians A$8.7 million, according to Scamwatch. While these scam ads may look legitimate, the warning signs are being asked for upfront payments or excessive personal details as part of the application process. Recruitment scams can take the form of submitting product reviews with the promise of payment.
Step away from the initial excitement of a job opportunity and instead conduct independent research into the company through your own avenues of inquiry. “Trust no one in this space,” Eling says. “If you start with that as a baseline, you are a lot safer.”
4. Tech support scams
Putting fear into a person about their cyber safety is at the base of this scam. Someone posing as a technical support representative from a reputable company calls or sends a pop-up message with the claim your computer has a dangerous virus or technical issue and requires urgent attention. The scammers offer to come to the rescue by fixing the problem but will either charge an exorbitant fee or gain remote access to the computer and steal personal information.
When encountering such a call or message, hang up or delete the message immediately. Almost all legitimate IT companies never make contact without being solicited first. To check on the technical wellbeing of a computer, seek out your own trusted IT support advisor as the first step.
5. Debt collection scams
Text scams about debt collection have run rampant over the past 12 months from agencies pretending to be from the Waka Kotahi NZ Transport Agency and ATO. These scams threaten that if a fictitious fee is not paid, it will become a legal matter. The victim then pays off this fake fee, either by sharing their bank and credit card details, or even buying gift cards and disclosing the special codes in order to clear the ‘debt’.
“The more frequent use of technology might play a part in why we’re seeing more scams, but that’s not the only reason,” Duffy says. “Scams are getting unbelievably sophisticated and anyone can be a victim.”
Any such debt collection text messages should be blocked immediately and reported to the organisation they supposedly represent, as well as to an agency like Scamwatch.
“The more frequent use of technology might play a part in why we’re seeing more scams, but that’s not the only reason. Scams are getting unbelievably sophisticated and anyone can be a victim.”
6. The online scam firms should watch out for
An online scam that emerged as a significant issue over the past 12 months is the business email compromise scam. A fraudster hacks into an email system, reads emails from a business to its customers, alters the bank details on the invoices and sends new emails to suppliers, often with the changed email invoices looking identical to the original.
“This made up 60% of the issues we dealt with over the past year, with each attempt costing between A$5000 and A$15,000,” Eling says. “This is why improving your online security systems and staying on top of them is essential.”
“[Business email compromise scams] made up 60% of the issues we dealt with over the past year, with each attempt costing between A$5000 and A$15,000.”
Will the bank reimburse scam losses?
New laws coming into effect in the UK in 2024 will force banks to compensate scam victims, with the intention that tough initiatives will force the banks to invest in higher-end detection and prevention tactics.
There is talk of similar laws in Australia, but the move faces resistance from the banking sector that has been slow to compensate, with the big four banks reimbursing less than 5% of scam victims, according to a recent ASIC report.
While the NZ Code of Banking Practice provides that banks will reimburse customers for fraud losses resulting from unauthorised use of their cards or internet banking, Consumer NZ’s Jon Duffy believes New Zealand is “out of step” with other countries and has called for a better approach.
“We would like to see a similar scam protection and ecosystem approach in Aotearoa, where a dedicated task force can share intelligence with banking, social media, telcos and government agencies to better detect and prevent scams,” Duffy says.