Money

4 sneaky cyberscams to know about before it’s too late

From fake job ads to romance scams, there is no end to the ways cybercriminals will trick you into stealing your money. Citro explains the sophisticated scams you need to know about so you don’t fall victim.

By Alex Brooks

Nearly all of us store data about our nearest and dearest – as well as our bank accounts – on our smartphone, so it’s wise to protect your digital treasure trove from cybercriminals.

Financial crime and fraud is getting ever-more sophisticated, with a big increase in ‘social engineering’ tactics that gaslight or trick you into transferring money.

Scammers use credible stories of great investment offers, exciting work-from-home jobs or even romance to lure you into their traps.

And it works. Australians reported losing $2.74 billion last year to Scamwatch.

‍BioCatch – a fraud technology company that helps banks – says there are even underground ‘fraud universities’ where older retiring fraudsters share their malware, phishing and other skills to a younger generation.

“It’s pretty despicable, but it happens,” says Richard Booth, Asia Pacific vice-president at BioCatch.

Your super is on the hit list: secure it to check

Did you know there’s been a big leap in people’s superannuation stash being targeted for theft?

Super Consumers Australia warned people earlier this year and recommends you stay alert to 2 common scams:

Get your super early scams: these frauds prey on people wanting to access their superannuation before their official preservation age (usually 60). They might just trick you into sharing all your fund logins or personal details or they could also charge you high fees to do it.
Invest your super with us scams: When you move your super from accumulation phase into a pension, or try to transfer it into a self-managed super scheme, criminals could be circling. Many have fake websites and may even speak to you over the phone for months to groom you into transferring all your money.

You should check your super fund has multi-factor authentication for security and regularly login to check your account to look for scam warning signs like:

Transactions you don’t recognise
Notifications from your super fund that there have been repeated attempts to access your account
Changes to your personal information that you didn’t make – for example, your address or name
Being suddenly locked out of your super account
Warnings from your super fund that your account may be at risk

If you’re concerned someone is trying to break into your super account, contact your super fund immediately. If you notice any money missing, contact state police as well.

Investment trading scams - crypto could be a no-no

Investment scams that appear legitimate or use social media ads with photos of famous people – like Citro’s Nicole Pedersen-McKinnon – are rife.

Many of these ‘investment opportunities’ trick you by giving you a specialist account manager to talk with over the phone and convince you to add more and more money over time. Some promise tax-free returns, others promise lucrative property windfalls.

Once you’ve handed over money, your ‘account manager’ demands you pay more money or fees. They may even lock you out of your account.

Many companies spruiking investments online or through social media ads and emails are designed only to steal your money – always check the Australian Securities and Investments Commission (ASIC) alert list and the international list.

ASIC specifically warns about online investment trading platforms ‘Quantum AI’, ‘Immediate Edge’, ‘Immediate Connect’, ‘Immediate X3’, and ‘Quantum Trade Wave’.

Fraud investigator Dan Halpin – formerly from ASIO and NSW Police – says cryptocurrency trading is always high risk.

“Scammers are increasingly sophisticated, and even established exchanges aren’t without their issues, as we've seen with FTX's collapse and recent legal troubles at Binance. It’s safest to stick with trusted platforms like CoinSpot, Coinbase and Independent Reserve, but even then, only invest what you can afford to lose,” he says.

There are more than 3 million known illicit wallet addresses and Dan has an online tool to help identify criminals.

ASIC’s Moneysmart website also has information to help people spot the signs of a crypto scam.

Job and romance scams: beware of becoming a mule

Remember those ‘work from home and earn a thousand dollars a week’ ads that we once saw on telegraph poles or supermarket notice boards? Well now they are on digital job boards like LinkedIn, Seek and Facebook Marketplace.

Sometimes you get a text or even a direct message on WhatsApp, Signal or Telegram. Usually, the ‘recruiter’ demands some form of your identity or even a payment to get this lucrative job (that likely does not even exist).

When these jobs do exist, employees are tricked into believing they work for a payroll or accounting firm and asked to transfer money through their own bank accounts. In reality, they are transferring scammed and stolen funds on behalf of criminals.

Romance scams work in the same way. The love interest usually needs money and the unwitting victim begins transferring funds. Once the victim is well and truly in love, the scammer tricks them into regularly making online transfers from their other victims to ‘place and layer’ the money, which is also known as money laundering.

These are classic ‘social engineering’ scams that hoodwink victims into helping hide the proceeds of bigger and bolder frauds, which the big fish further up the criminal chain profit from but remain legally and financially distant from.

Scam recovery scams: the lowest of the low

If you’ve been a scam victim once, the evil criminals circle back and try to tell you they can recover your money, only to steal from you again.

“We have victims that are 4-5 years later being contacted by different types of scammers,” says Dan, whose own mother has been scammed 3 times.

Australians aged 65 and older were the largest group experiencing recovery scams, according to ACCC Deputy Chair Catriona Lowe.

Another variation of the recovery scam is someone receiving a phone call from ‘their bank’ – who is actually a scammer – telling them their account has been compromised and they need to login and secure their account together.

This is all a trick to get your account details and withdraw all your money. Watch this video by Jim Browning – a tech security expert who hacks the scammers – to learn techniques to disrupt this type of scammer.

Tougher legislation is coming soon

There are endless different types of scams, but those targeting superannuation and property sales are the highest value that can wipe people out financially. The Australian Government is promising tougher new legislation to obligate mobile phone companies, social media companies, banks and super funds to do more and to spell out how they will reimburse and treat scam complaints. Unfortunately it won’t be introduced until 2025.

Until then, here’s what you can do to help protect yourself.

Protect your identity and privacy

Keep your personal and health information secure. Regularly change passwords or use a paid-for service like LastPass or OnePassword. Never give out usernames, PINs, security questions or one-time codes to anyone.

Take your time

Don’t trust anyone rushing or hurrying you to transfer money or take a job. You can also double check people’s identity by asking them to connect with you on LinkedIn or pasting their number into WhatsApp to check they have a legitimate profile. Most scammers hang up if you ask for their details!

Stay informed

Read your bank’s latest fraud, scam and security alerts regularly:

See CommBank scam warnings
See NAB scam warnings
See Westpac scam warnings
See ANZ scam warnings

Read the ACCC’s Little Book of Scams, which is available in different languages, too.

Stay up to date with Services Australia and the Australian Tax Office scam warnings.

Always pause and assess. If you’re not sure, hang up, don’t open, don’t engage.

Feature image: iStock/Prostock-Studio

You might also like: