Phishing scams were the most reported type of scam in the first half of 2022, with nearly 32,000 reports, up from 28,500 from the same time last year1.
Of these phishing attacks, SMS or SMiShing scams accounted for more than half during the period.
Whether the scammers are trying to fleece you by phone, text or social media, your best defence is to stay one step ahead, which means being aware of the five common types of phishing scams that the cyber crooks are cooking up to separate you from your hard-earned.
1. SMiShing for your money.
Smishing uses mobile phones as the attack platform for con artists. Smishing is implemented through text messages or SMS, giving the attack the name "SMiShing." the swindler executes the scam with the intent to gather personal information, including insurance or credit card numbers.
In smishing texts, scammers often exploit a company logo, combined with a sense of urgency and usually some form of a request for the target to click on a malicious link contained within the text:
The difficulty in containing smishing scams is that many of us are more likely to trust a link in a text message than an email, especially with all of us owning a mobile phone.
Many businesses also using mobile messaging more as a communication channel with their customers. The combination of trusting customers and the widespread use of SMS communications makes the humble text a fertile hunting ground for cybercriminals who send unsuspecting customers malicious links within an SMS message. By innocently clicking these bogus links, the felons can steal personal information and commit crimes such as identity fraud.
If you think a scammer may have contacted you via text, the best thing is to avoid clicking any links and immediately report the scam to the ACCC's Scamwatch service. Also, only communicate with a company through official channels typically listed on their website, and don't provide personal information to an unsolicited source.
Useful resources to help identify these types of scams can be found on the actual websites of organisations that scammers are trying to impersonate.
• Australia Post - https://auspost.com.au/about-us/about-our-site/online-security-scams-fraud/scam-alerts
• Linkt - https://www.linkt.com.au/help/security-and-fraud/current-scams/sydney
• Centrelink - https://www.servicesaustralia.gov.au/examples-scams?context=60271
2. Beware fake online ads on search engines.
Scammers have upped the ante by targeting regular online banking users with fake ads on search engines such as Google, Yahoo and Bing that include a direct link to a sham online banking login page.
Search engine phishing entices individuals with offers or messages that entice them to visit a website.
The search process seems legitimate, but the website is fake and only exists to swipe personal information or cash from unwary targets.
We remind all Defence Bank members that we would never include a link to online banking in a Google or other search engine ad.
3. Even toll roads are an avenue for online phishing.
Even by using a local toll road, you could be putting yourself in the headlights of an online phishing scammer.
Toll road text scams are phishing rip-offs that take advantage of significant toll roads in our biggest cities such as Melbourne and Sydney.
If you have received a communication claiming to represent a toll road provider that appears untrustworthy, delete it, and do not click on any links. Also, please take a screenshot and report the incident to your toll road provider.
If you have supplied your financial information to a bogus toll road provider, including credit card details to a fake toll road provider, contact Defence Bank immediately.
4. Netflix users warned against convincing scam.
When it comes to phishing scams, Netflix is a widely impersonated brand.
In the case of Netflix, the scammers will send an email or text (SMS) asking subscribers to update payment details using a convincing-looking email banner with genuine-looking Netflix branding to add a "sense of authenticity" to the sting.
"Your membership has been cancelled as payment failed. Please update your card details to keep your membership," it adds, followed by a link to a bogus Netflix login page.
Other messages might request your Netflix account, email address, phone number, password, or payment method. Whatever the message, it is dubious that the subscription movie streaming service sent it.
The scam's goal is to trick a user into giving up personal financial details, such as credit card numbers, which the crooks can use for other criminal activities and unlawful purchases.
5. Angling for your money.
Angler phishing is a social media scam where the charlatans pose as a customer service representative to deceive clients and steal sensitive information from them.
This con is especially galling as it preys on a situation where a dissatisfied customer has complained about a service or product on a firm's social media channels, such as Facebook.
Typically, where there is a complaint made on Facebook, a designated member of the business's social media team will respond to try to resolve the issue. During this interaction, a company's representative may ask for contact details, shipping address etc., especially if it's an account-related issue.
The aggrieved customer will typically happily provide this information – however this seemingly harmless sharing of information provides the angler attackers with an opportunity.
The cunning scammers take advantage of this process by creating fake social media accounts for existing businesses - especially for those organisations that rarely respond to customer complaints. The bogus company representatives will offer help and ask the target to click on a hyperlink they've sent. This link generally provides a form for the customer to fill in personal and financial information or malware.
When the customer clicks the hyperlink, they will either be sent a form to fill in their details, including financial information, or malware that will download and infect their device. Malware is software that can disrupt, damage, or gain unauthorised access to a computer system.
Once cybercriminals have the information they need, they typically use it for malicious purposes, mainly identity fraud.
The scammers create profiles that are as authentic as possible using the official logos and even include fake account histories in their profiles. The success rate of this phishing technique is high because aggrieved customers expect to be contacted by the company at the centre of their anger. Moreover, the attackers know precisely what their targets are complaining about.
Angler phishing is on par with romance scams as one of the more popular ways to use social media to fleece the unsuspecting out of large sums of money.
We all need to take responsibility.
Scams are growing in their level of sophistication and reach every day. We want to help you by raising awareness of what the con artists are up to and to protect you and your money from the latest scams.
It only takes one mistake, and the scammers will pounce – so before clicking on a link in a text or email or handing over personal information over the phone, think twice before you act - your financial well-being may depend on it.
If you want to know more about the latest phishing scams or other online cons, a great resource is Scamwatch. Run by the Australian Competition and Consumer Commission (ACCC), it provides information to consumers around common scams.
1 https://itbrief.com.au/story/australians-lose-300-million-to-scams-in-first-half-of-2022
Important note: This information is of a general nature and is not intended to be relied on by you as advice in any particular matter. You should contact us at Defence Bank to discuss how this information may apply to your circumstances.
