Cyber risk - protecting yourself online from scams

Cyber scams are a pervasive threat in the digital world and their impact can be devastating.

The average amount of money lost to cyber-crime is $20,000.¹ For some, scams can even mean the loss of an entire life’s savings. Cyber-crime can be hard to identify and difficult to stop once it is underway.

From deceptive emails and texts to fake websites and advertisements, our online world is awash with attempts at fraud aiming to trick us into divulging sensitive information or sending money.

But by understanding the nature of these kinds of threats, staying alert to attempts at fraud, and adopting best practices for online safety, it is possible to protect yourself and your loved ones from loss.

This guide explains the main types of online scams you may come across and offers the latest best practice thinking on how to keep yourself safe.
 

What is a scam?

A scam is when someone tricks you out of your money².

Scams can take many forms – from something as simple as being tricked into making a payment to something as complex as someone gaining control of your personal information and passwords.

One of the common types of fraud in wealth management is identity fraud,³ which involves stealing personal information to impersonate someone for financial gain.

This can be achieved offline through stealing a handbag or wallet or using telemarketing cold calls purporting to be from a bank, the ATO, or an internet service provider.

More commonly, theft of personal identification information occurs online through fraudulent emails and text messages pretending to be from a familiar organisation, fake banking and payment websites, or malicious software code that takes information from computers. And increasingly, personal information exposed in a data breach can lead to identity theft and fraud.

Compromising a person’s identification information is just the start for criminals.

Once a criminal has access to an identity, they can use it for accessing and operating accounts, withdrawing money, or making requests for early releases of superannuation. This can have serious consequences, including financial loss and emotional harm.
 

Summary of the main types of scams⁴

• Identity theft and fraud: stealing personal information to impersonate someone for financial gain, like credit card fraud.
  
  
• Phishing and social engineering: deceptive practices to trick individuals into revealing sensitive information, often through emails, text messages, or fake websites. This can include romance scams where individuals are tricked into believing they are in a relationship, or extortion threats aiming to frighten people into giving away money or information.
  
  
• Remote access: allowing a malicious actor to get unauthorised access to a computer, often by inadvertently clicking on links or downloading software. This can happen after being tricked into clicking on a link that looks legitimate or from someone claiming to be a tech specialist and requesting access to a system.
  
  
• Investment scams: trickery aimed at encouraging investing in a fraudulent scheme, often through promising high and quick returns.
   

How to protect yourself

The first step in protecting yourself from a scam is staying alert and learning what you need to look for to spot a fraudster coming.

Scams succeed because they look real – and noticing the warning signs is an important step to protecting yourself.⁵

The Australian government’s ScamWatch service offers a three-step process: stop, think, protect.

• Stop: Do not give money or information unless you are sure. Scammers will ask you to verify who you are and pretend to be from an organisation you trust.
  
  
• Think: Ask yourself if the message or call could be fake. Do not click links in messages. Contact organisations through their official website or app instead.
  
  
• Protect: Act quickly if something feels wrong. Contact your bank if you notice unusual activity.

So, what are some of the warning signs to look for?

In emails and messages, there is a chance something may be a scam if it asks you to take immediate action, transfer money, click a link or call a number, or log in to an online account. Other signs might be a sense of urgency in the communication, suggesting something is wrong or threatening to stop a service, charge a fine, or delay delivery of a package.⁶

For phone calls, tell-tale signs are asking for personal information, suggesting you install software, promising easy money, or threatening you in any way.  Scammers are also known to ask for one-time security codes which can lead to problems accessing devices. A newer scam involves asking for payments to be made through the widely available but poorly understood PayID payments system.
 

Cyber security

Keeping your phone, computer, and online accounts secure is an important way to avoid being scammed.

Here are some tips for things you can do to ensure criminals do not get access to your accounts:

• Use multi-factor authentication:
  A critical weapon against fraud, using separate forms of identification to access an online service is a clever way to protect yourself. Usually, multi-factor authentication takes the form of a password and a separate code sent by text message, but increasingly many providers also use authentication apps that can be downloaded and set up on your phone.
  
  
• Use biometrics: 
  Most phones and many computers come with the ability to set a biometric login that requires your fingerprint or a scan of your face to log in.
  
  
• Never share usernames or passwords:
  Keep your passwords to yourself and make sure they are hard to guess combinations of letters, numbers, and symbols. Use different passwords for different systems and applications.
  
  
• Be careful online:
  Never click on links in unexpected emails or text messages. Do not open attachments to emails unless you are sure of the source. Never connect to free public Wi-Fi networks.
  
  
• Be cautious on social media:
  Do not give out personal information unless you are sure it is secure and limit social media connections to people you know in real life.
  
  
• Use virus protection software:
  Running high-quality software on your computer to scan, detect and prevent viruses, spyware and malware can help protect you. It is important to keep the software up to date.

1. ACCC, https://www.accc.gov.au/system/files/Targeting%20scams%202022.pdf
2. https://moneysmart.gov.au/publications-and-resources/money-tips-in-other-languages/beware-of-scams
3. https://www.bt.com.au/professional/knowledge-centre/business-resources/cyber-and-financial-crime/protect-you-and-your-clients-from-cyber-crime.html
4. https://www.cyber.gov.au/learn-basics/watch-out-threats/types-scams
5. https://www.scamwatch.gov.au/protect-yourself/ways-to-spot-and-avoid-scams 
6. https://www.scamwatch.gov.au/types-of-scams/text-or-sms-scams

This document has been prepared by BT, a part of Westpac Banking Corporation ABN 33 007 457 141 AFSL and Australian Credit Licence 233714 (Westpac) and is current as at 20 March 2024. The information in this document regarding taxation and legislative change is based on policy announcements which are yet to be passed as legislation and may be subject to future change. This information does not take into account your personal objectives, financial situation or needs and so you should consider its appropriateness, having regard to these factors before acting on it.