Most of us are managing more of our finances - and many other aspects of life - online since Coronavirus restrictions came into effect. Social media and virtual meeting apps have allowed us to connect with friends, family and work colleagues. While online banking, shopping and government services have enabled us to buy the things we need and keep income and payments flowing.
In fact, so many of the strategies that have allowed us to adapt to this difficult time are related to virtual and mobile technology, it's hard to imagine what the experience would have been like if it had happened ten years ago; before connectivity, apps and smart devices were so prevalent in our lives.
Scams on the rise during the Coronavirus pandemic
While the convenience of technology has been a great benefit during this time; it has also exposed more of us to the risk of data breaches, scams and identify theft, that unfortunately comes with it.
By the end of May 2020, the Government's Scamwatch website had received over 2700 scam reports mentioning the Coronavirus, representing over $1,114,000 in reported losses. Common scams include phishing (see below for definition) for personal information, online shopping and superannuation scams.
Scammers have been cold-calling people claiming to be from organisations that can help them gain access to their super using the early access scheme announced by the Federal Government as part of their economic stimulus package. The Australian Competition and Consumer Commission (ACCC) has been quick to remind consumers that the early access scheme is being administered by the Australian Tax Office (ATO) via the myGov portal and there is no need to involve a third party or pay a fee to access the scheme.
In 2019, Australians lost over $6 million to superannuation scams with people aged 45-54 losing the most money. The early access scheme does not discriminate, with people across all age groups being approached by scammers. The ACCC advises people to type the full name of the myGov website into a browser personally rather than following a link you may be sent in an email or text message as a simple way of protecting yourself.
Also be wary of giving information to someone over the phone who claims to be calling from your super fund. Instead, hang up and call your super fund directly to be certain of the legitimacy of the call. Scammers often have some information about you already, so they can be convincing when they make contact.
A typical red flag is someone trying to get you to take a quick action on the spot. If you receive an approach where you feel pressured to take action by email, text or automated voicemail; it's important to cease any communication and seek advice from a family member or other trusted source before taking the next step.
Government imposters are also a big area of concern with scammers acting as representatives of leading government agencies, from the ATO to Services Australia (myGov). Their approaches often use robo-voicemail or text messages that look and sound official and can give people a real shock when they come out of the blue.
As with the super scam, the best advice is not to click on a hyperlink in a text, social media message or email, even if it appears to come from a trusted source. Instead call the government department or login to your online account securely after typing the full website address into your browser.Examples of recent phishing scams imitating government departments taken from the ACCC Scamwatch website:
Social media and email also a risk
While scams are a big cause of fraud and identity theft online, they are not the only risk. Ensuring you have robust passwords and social media settings are also crucial. Have you checked your Facebook or Instagram privacy settings since you first set-up your account? Do you know who is able to see your personal profile information or read the comments you post? Your profile information or social media comments can reveal a lot about you and are used to facilitate both online fraudsters and offline crimes.
Holiday pics are great give-away that you're not at home and if someone has your address information, it can be enough to see your home targeted for robbery. Making sure none of your personal information or posts are set to 'public' and can only be viewed by your Facebook 'friends' is a good first step in limiting the number of people who could begin to build a digital profile about you.
Buyer beware when shopping online
With more of us avoiding shops and shopping online, it's important to limit the amount of personal information you provide online and use robust passwords (see more on passwords below). When you sign up for an online shopping account, consider leaving fields blank or checking out as a guest where you can. The less comprehensive data you supply online the better in terms of potential data breaches that could later exposure your personal information to fraud or a greater risk of identity theft.
Fake ads on social media are also an increasing source of scams, so look out for offers that seems too good to be true or ask for an unusual payment method like pre-loaded money cards or wire transfer. If a seller instructs you to use PayPal making the payment ‘to friends and family’ rather than ‘payment for goods’ this violates PayPal’s policies and voids the buyer protections.
How FMD helps protect your data
We take our duty of care to protect your personal information seriously. We have strong security measures in place including two factor authentication and password management tools and we use every means possible to make sure the personal information you give us is safe, so it can’t be misused, changed, lost or accessed without authorisation. In addition, we will always contact you via phone if we receive any request that seems suspicious or out of the ordinary.
Three ways to keep your personal and financial data safe during COVID-19
1. Be aware of cyber-crime tactics in addition to those detailed above
- Online scams – you may receive a cheap/free offer that turns out to be dishonest or non-existent.
- Phishing – an email or text pretending to be from a trusted source that ask you to complete a form with personal information or computer login credentials.
- Identity fraud – criminals may use your personal information including email to steal your money or other benefits.
- Malware and ransomware – software designed to gain unauthorised access to your computer to steal data or prevent you from accessing your files until a ‘ransom’ is paid.
2. Stay secure while using email
According to the Office of the Australian Information Commissioner (OAIC) many cyber data breaches involved malicious actors gaining access to personal information stored in email accounts. Unfortunately, 31% of reported scams to the ACCC target people through their personal email. The good news is there are some easy steps you can take to keep yourself and your family safe online.
- FMD or your bank will never send you an email asking for your login details, so don’t respond to this type of request.
- Criminals often use a company’s name and logo — so contact us or the relevant company by phone if you suspect a scam.
- Phishing emails often contain bad spelling and grammar or come from a peculiar email address – so look out for these clues and delete.
- Don’t open an attachment if you can’t verify who sent it.
- Only click on links if you recognise and trust the sender.
- Ensure spam filtering is activated on your email account.
- Consider using a separate email for email lists, online shopping etc.
- Regularly update software and anti-virus protection.
- Delete old emails that may contain personal details
- Check whether your email account has been exposed to a data breach here
3. Manage your passwords carefully
- Don’t write your passwords down or store them on your computer. If you must record it, make sure it’s disguised.
- Never share your password with anyone, even family.
- Don’t click ‘remember this password’ on your browser, and make sure you log off when you’re finished.
- If you have trouble memorising complex passwords, use a password manager like ‘KeePass’, ‘LastPass’, ‘Dashlane’ or ‘1Password’. We do at FMD and it makes life much easier and more secure.
For some inspiration in generating your safe passwords, avoid these!
Image source: SafetyDetectives analysis of 18 million passwords to find the most used and hackable passwords all over the world.
Remember, if you have been impacted by a scam or ransomware attack, the most important actions to take are:
- Inform the organisation: Whether it's your bank, the ATO, or any other organisation you interact with, go directly to their website and look for an email address where you can report scams. Include a screenshot of phishing message or, in case of a suspected scam call, make a note of the caller's name, time of the call, and any other details you take note of.
- Alert your financial institutions: Get in touch with your bank and financial advisers to alert them about the possible scam. Provide details about what happened, what link you clicked on, and whether you input username and password details. If you see any unauthorised transactions or password resets attempted, make a not of the time and share that information with your bank and advisers.
- Report the scam via the Australian Cyber Security Centre
- Don't fight this alone: Many people who have been targeted may feel embarassed that they fell for a scam or think it unnecessary to enlist help from others. It's important to understand that these attacks come via organised and professional scammers, and anyone could fall prey. Don't isolate yourself. Access help and support from trusted family and friends, and reach out to ID Care, Australia's identity theft and cyber crime charity counselling service. They can assist you with the recovery process across the organisations and institutions you deal with.
For more practical tips on how to reboot your privacy and protect your personal information online visit the Office of the Australian Information Commissioner (OAIC)
General advice disclaimer: This article has been prepared by FMD Financial and is intended to be a general overview of the subject matter. The information in this article is not intended to be comprehensive and should not be relied upon as such. In preparing this article we have not taken into account the individual objectives or circumstances of any person. Legal, financial and other professional advice should be sought prior to applying the information contained on this article to particular circumstances. FMD Financial, its officers and employees will not be liable for any loss or damage sustained by any person acting in reliance on the information contained on this article. FMD Group Pty Ltd ABN 99 103 115 591 trading as FMD Financial is a Corporate Authorised Representative of FMD Advisory Services Pty Ltd AFSL 232977. The FMD advisers are Authorised Representatives of FMD Advisory Services Pty Ltd AFSL 232977.