Nick Stanley
Nick Stanley

Head of Advice, Senior Financial Adviser


Talk to us about Money online today

Keeping your personal and financial data safe

Most of us are managing more of our finances - and many other aspects of life - online and enjoy the convenience of using the many digital services and apps that it's now hard to imagine living without.

From Uber, to Netflix and online banking, getting things done at the touch of a button is now an expected part of every day life. Yet the price of this convenience is that so much of our personal data is now stored online, becoming a potential target for cyber criminals.

A string of recent high profile cyber security breaches among trusted Australian brands like Optus and Medibank Private, have shone a light on how widespread the problem is, alarming governments and consumers alike.

According to the Government's Scamwatch website so far in 2022, there have been 166,000 scam reports amounting to losses of over $425M with the most common scams investment scams, dating and romance scams and remote access scams.

Imposter Bond Investment Scams

Losses to imposter bond investment scams have nearly tripled in the first half of this year with consumers losing over $20 million to these sophisticated scams. Imposter bond scams usually impersonate real financial companies or banks and claim to offer government/Treasury bonds or fixed term deposits. The latest Scamwatch data reveals there were 228 reports of imposter bond scams between January and June this year, compared with 82 reports in the first half of last year.

Scammers may also contact people claiming to be from their super fund. If this happens to you, it's important to hang up and call your super fund directly to be certain of the legitimacy of the call, or alternatively, contact your FMD adviser. Scammers often have some information about you already, so they can be convincing when they make contact. A typical red flag is someone trying to get you to take a quick action on the spot. If you receive an approach where you feel pressured to take action by email, text or automated voicemail; it's important to cease any communication and seek advice from a family member or other trusted source before taking the next step.

"Hi Mum" Scams

Scamwatch is also urging the public to be wary of phone messages from a family member or friend claiming they need help, following a significant rise in “Hi Mum” scams in recent months. More than 1,150 Australians fell victim to the so-called “Hi Mum” scam in the first seven months of this year, with total reported losses of $2.6 million. Known as “Hi Mum” or “family impersonation” scams, victims are contacted - most often through WhatsApp or messages - by a scammer posing as a family member or friend.

The scammer will claim they have lost or damaged their phone and are making contact from a new number. Then, once they have developed a rapport with their target, the scammer will ask for personal information such as photos for their social media profile or money to help urgently pay a bill, contractor or replace the phone. These requests continue the ruse of a lost or broken phone with the justification that the funds are needed because they can’t access their online banking temporarily.

These scams ruthlessly target women over 50 as they are often worried mothers or grandmothers and these messages about a family member in trouble can pull at the heart strings.The ACCC is urging people who receive suspicious messages from a number they don’t recognise, to independently verify the contact. If you’re contacted by someone claiming to be your son, daughter, relative or friend, start by calling them on the number already stored in your phone to confirm if it’s no longer in use. If they pick up – you know it’s a scam.

Social media and email also a risk

While scams are a big cause of fraud and identity theft online, they are not the only risk. Ensuring you have robust passwords and social media settings are also crucial. Have you checked your Facebook or Instagram privacy settings since you first set-up your account? Do you know who is able to see your personal profile information or read the comments you post? Your profile information or social media comments can reveal a lot about you and are used to facilitate both online fraudsters and offline crimes.

Holiday pics are great give-away that you're not at home and if someone has your address information, it can be enough to see your home targeted for robbery. Making sure none of your personal information or posts are set to 'public' and can only be viewed by your Facebook 'friends' is a good first step in limiting the number of people who could begin to build a digital profile about you.

Buyer beware when shopping online

With more of us shopping online more often, it's important to limit the amount of personal information you provide online and use robust passwords (see more on passwords below). When you sign up for an online shopping account, consider leaving fields blank or checking out as a guest where you can. The less comprehensive data you supply online the better in terms of potential data breaches that could later exposure your personal information to fraud or a greater risk of identity theft.

Fake ads on social media are also an increasing source of scams, so look out for offers that seems too good to be true or ask for an unusual payment method like pre-loaded money cards or wire transfer. If a seller instructs you to use PayPal making the payment ‘to friends and family’ rather than ‘payment for goods’ this violates PayPal’s policies and voids the buyer protections.

How FMD helps protect your data

We take our duty of care to protect your personal information seriously. We have strong security measures in place including two factor authentication, DocuSign and password management tools. We use every means possible to make sure the personal information you give us is safe, so it can’t be misused, changed, lost or accessed without authorisation. In addition, we will always contact you via phone if we receive any request that seems suspicious or out of the ordinary.

Three ways to keep your personal and financial data safe

1. Be aware of cyber-crime tactics in addition to those detailed above

  • Online scams – you may receive a cheap/free offer that turns out to be dishonest or non-existent.
  • Phishing – an email or text pretending to be from a trusted source that ask you to complete a form with personal information or computer login credentials.
  • Identity fraud – criminals may use your personal information including email to steal your money or other benefits.
  • Malware and ransomware – software designed to gain unauthorised access to your computer to steal data or prevent you from accessing your files until a ‘ransom’ is paid.

2. Stay secure while using email

According to the Office of the Australian Information Commissioner (OAIC) many cyber data breaches involved malicious actors gaining access to personal information stored in email accounts. Unfortunately, 31% of reported scams to the ACCC target people through their personal email. The good news is there are some easy steps you can take to keep yourself and your family safe online.

  • FMD or your bank will never send you an email asking for your login details, so don’t respond to this type of request.
  • Criminals often use a company’s name and logo — so contact us or the relevant company by phone if you suspect a scam.
  • Phishing emails often contain bad spelling and grammar or come from a peculiar email address – so look out for these clues and delete.
  • Don’t open an attachment if you can’t verify who sent it.
  • Only click on links if you recognise and trust the sender.
  • Ensure spam filtering is activated on your email account.
  • Consider using a separate email for email lists, online shopping etc.
  • Regularly update software and anti-virus protection.
  • Delete old emails that may contain personal details
  • Check whether your email account has been exposed to a data breach here

3. Manage your passwords carefully

  • Don’t write your passwords down or store them on your computer. If you must record it, make sure it’s disguised.
  • Never share your password with anyone, even family.
  • Don’t click ‘remember this password’ on your browser, and make sure you log off when you’re finished.
  • If you have trouble memorising complex passwords, use a password manager like ‘KeePass’, ‘LastPass’, ‘Dashlane’ or ‘1Password’. We do at FMD and it makes life much easier and more secure.

For some inspiration in generating your safe passwords, avoid these!

Image source: SafetyDetectives analysis of 18 million passwords to find the most used and hackable passwords all over the world.

Remember, if you have been impacted by a scam or ransomware attack, the most important actions to take are:

  1. Inform the organisation: Whether it's your bank, the ATO, or any other organisation you interact with, go directly to their website and look for an email address where you can report scams. Include a screenshot of phishing message or, in case of a suspected scam call, make a note of the caller's name, time of the call, and any other details you take note of.
  2. Alert your financial institutions: Get in touch with your bank and financial advisers to alert them about the possible scam. Provide details about what happened, what link you clicked on, and whether you input username and password details. If you see any unauthorised transactions or password resets attempted, make a not of the time and share that information with your bank and advisers.
  3. Report the scam via the Australian Cyber Security Centre
  4. Don't fight this alone: Many people who have been targeted may feel embarassed that they fell for a scam or think it unnecessary to enlist help from others. It's important to understand that these attacks come via organised and professional scammers, and anyone could fall prey. Don't isolate yourself. Access help and support from trusted family and friends, and reach out to ID Care, Australia's identity theft and cyber crime charity counselling service. They can assist you with the recovery process across the organisations and institutions you deal with.

For more practical tips on how to reboot your privacy and protect your personal information online visit the Office of the Australian Information Commissioner (OAIC)

General advice disclaimer: This article has been prepared by FMD Financial and is intended to be a general overview of the subject matter. The information in this article is not intended to be comprehensive and should not be relied upon as such. In preparing this article we have not taken into account the individual objectives or circumstances of any person. Legal, financial and other professional advice should be sought prior to applying the information contained on this article to particular circumstances. FMD Financial, its officers and employees will not be liable for any loss or damage sustained by any person acting in reliance on the information contained on this article. FMD Group Pty Ltd ABN 99 103 115 591 trading as FMD Financial is a Corporate Authorised Representative of FMD Advisory Services Pty Ltd AFSL 232977. The FMD advisers are Authorised Representatives of FMD Advisory Services Pty Ltd AFSL 232977. Rev Invest Pty Ltd is a Corporate Authorised Representative of FMD Advisory Services Pty Ltd AFSL 232977.