Keep your guard up: how to spot a scam online
Fraudsters are getting better and better at separating marks from their money online. But while scammer tactics may evolve, the foundations of scams are largely unchanged. Here’s how to see through the spin to spot a scam online.
We’re very aware that scammers impersonate our brand to dupe our customers. That’s why we’re always on the lookout for scams and work closely with our cyber security team to monitor and minimise the impact of these campaigns.
When we spot a new scam, we update our CrowdSupport page on known scams with the relevant details so everyone can stay informed.
Always stay vigilant online with the following tips on how to spot a scam, and report what you find to us if you’re ever unsure. Here’s what to look for.
Phishing is one of the most common scams online, and scammers are getting better and better at pretending to be your bank, your telco or your energy company in order to extort money and personal details out of you.
As part of a phishing campaign, a scammer will often create an email designed to appear like a legitimate piece of communication from a trusted institution. These emails use legitimate logos, colour schemes and fonts to appear trustworthy. Targets will usually be encouraged to click on a button or link to change their login details, personal information or to confirm a transaction.
Once the button is clicked, the target is redirected to a webpage designed to mimic an online banking or service login page in order to capture login details. Once a target is tricked into entering those details, a scammer can use them, login for themselves to steal funds or transfer services, or sell the details for other parties to use.
Phishing scams can also take the form of an SMS where the scammer impersonates a bank or telco before again transferring the target to a fake webpage to steal their information.
As scammers improve their phishing materials, it can be hard to determine what’s legitimate, but several key tells will always give the bad guys away.
Scammers will often create a fake email address that doesn’t look quite right, such as @telstranet.co.biz. Furthermore, these phishing scams will direct you to a website that won’t look quite right, such as www.telstrabillsupdate.xyz. Always check the email address in the ‘from section’ of a message when checking for authenticity and browse the company’s webpage from Google or your bookmarks, rather than clicking on a link in an email.
Fraudulent emails and SMS messages will also often impose a time pressure or urgent call to action. This way, scammers can take advantage of their targets before they have time to think about whether or not it’s a scam. The emails and SMS phishing messages might falsely claim that your login details are vulnerable or need to be changed (e.g.: “your account is locked!”), or claim that a large transaction is being made without your knowledge, prompting you to login quickly in order to stop it. Keep an eye out for a false sense of urgency when reading your emails.
Pay close attention, as many – but not all – of these messages might look legitimate in their graphics but may contain poor spelling and grammar or unusual language, serving to tip you off that it’s not from the real company. Make sure you read all correspondence carefully, ensuring that you have your guard up at all times.
Remember, if you receive an email or SMS message you’re unsure about, contact your institution to confirm the legitimacy of the communications before interacting.
Exploiting fear and goodwill
It’s important to remember that these scammers looking to separate you from your money and private details have no shame. That’s why you can be sure they’ll exploit charitable causes or exploit public fear in order to make bank.
In the wake of a tragedy, such as the Australian bushfires or natural catastrophes, or a global health scare such as COVID-19, scammers will pose as a relief charity or organisation that will give money to people in need.
Scammers contact targets posing as charity agents online or over the phone. This scam may even see perpetrators visit you face to-face via doorknocking or on the street.
Targets will be pressured by scammers to donate, often using guilt as a means to separate you from your money. They may also employ phishing style emails (discussed above) to pose as legitimate charities like the Red Cross or Salvation Army, with only the details of where to donate changed.
To keep on top of these scams, ensure you only donate to organisations you know, trust and can verify. If you’re contacted directly by a charity agent, ensure they have appropriate identification (remembering even that could sometimes be fraudulent). Some fake charity agents can be given away by how they pressure targets to donate only in cash or a cheque made out directly to the agent. And remember that if you do donate, you should receive a tax-deductible receipt with the charity’s information on it, which scammers often won’t provide.
Fake sales and discounts
This one plays on an old rule: if it seems too good to be true, it probably is!
Scammers will set up fake websites that are pushed to targets either via social media or scam emails, directing them to a store offering truly unbelievable discounts. $1000 items marked down to more than 50% off to entice targets to give up their credit card details, email, home address and maybe even a password.
Needless to say, if you make a purchase on a fake store, you’ll never receive your items, and the fraudsters might make a few more purchases of their own with your details!
These scams are similar to old get-rich-quick schemes that promise high returns from a purchase. They also add time pressure by making the fake deal a limited time offer.
The best way to avoid these scams is to use your head, and only buy from reputable stores. Remember: if a deal seems too good to be true, it usually is!