From all of us here in IT, we wanted to say happy holidays, and give you some tips to stay safe over the break.
Have a wonderful time, and if you need IT support, we’re open all business days throughout December and January.
Don’t forget your password
Before you finish work for the year, take a moment to remember your password. In IT we’ll be taking a break too, and we don’t want you to get caught out. If you need some help, we recently published some guidance on how to create easy to remember passwords.
Stay safe! During the pandemic we saw a big spike in the number of scams being attempted, and we expect to see the same over the December holiday.
Below are some of the current common ones to look out for:
What it is: Scammers impersonate someone from the fraud department of your bank to gain access to your account or your identity information.
First, an attacker will send hundreds of SMS messages, claiming to be from the fraud department of a major bank. The message informs the recipient that a transfer for several thousand dollars has been initiated, could the recipient reply with either YES to confirm the transaction, or NO to block it.
If the scammer is lucky, and they guessed the bank correctly, the recipient will respond with NO. At this point the attacker, now knowing the recipient’s bank name, will immediately call the recipient pretending to be from the bank and investigating the fraud the recipient has just highlighted. They will then say they to need to verify the recipient is the real owner of the bank account, which will happen in one of two ways: either the scammer will ask several ‘secret questions’, or the scammer will ask for identity information.
The ‘secret questions’ are just the questions from the bank’s internet banking logon page, which the scammer has open to type in the responses as the recipient provides them over the phone. Once they have logged in to the internet banking website, the scammer will inform the user that the payment has been blocked and will be reverted in a few days—while in fact the scammer has just initiated the payment and sent it to themselves.
If the scammer requests identity information, they use this to apply for credit cards or other buy now–pay later facilities which can be used to buy items and create debt in the recipient’s name.
What we think: This one is concerning because it’s well designed, so be careful!
What you can do to outsmart them: Always be wary of giving out any information to someone who called you. Get their company’s phone number from Google and call them back to verify they do in fact work there.
If you’ve already fallen victim: Call your bank and the police immediately to report the fraud.
What it is: SMS messages or emails that inform you one of the packages you ordered is being held until you pay a small ‘delivery fee’ or ‘customs fee’.
What we think: This one is very common because of how cheap SMS messages are, and the number of packages being ordered at the moment. Due to the small cost of the ‘fee’ many people are falling for it without ever knowing about it.
What you can do to outsmart them: If you do receive a message like this, check if it’s from the correct delivery company. If you’re unsure, use Google to get the delivery company’s phone number and call them to verify. Never use the phone number on the email, SMS or website link you’ve been sent.
If you’ve already fallen victim: If you have fallen victim to this, cancel the payment card immediately so it can’t be stolen, and speak to your bank about recovering the ‘fee’ you paid.
What it is: an SMS message which informs you that you’ve missed a call or received a voice mail and provides a link to retrieve it. Really, the link installs a virus that can steal all the information on your phone.
What we think: An old one, but still in circulation; easy to fall for in a moment of low concentration even if you’re aware of the scam.
What you can do to outsmart them: Know how voicemail on your phone works (it’s unlikely to be via a link), and install apps which attempt to highlight scam calls and messages
If you’ve already fallen victim: If you’ve clicked on the link, a factory reset of the phone is best. Call a professional if you need assistance.
ATO / Amazon Customer Service or Telstra
What it is: In this scam the caller pretends to be from the ATO, Amazon Customer Service or another well-known brand.
They tell the target they have a big fine which can be settled for less if paid immediately (ATO), or they’re about to be charged a high membership price (Amazon).
Sometimes the caller even claims to be investigating fraudulent charges and viruses and will talk you through spotting the ‘hacker errors’ then ask for remote access to your computer (Telstra). Don’t give them access!
What we think: It’s a common social engineering technique to use concern and urgency to get someone to act quickly without thinking it through. This, along with a trusted brand name, is often enough to get the target’s personal information, card details, access to their computer or whatever else the scammer is after.
What you can do to outsmart them: Never rush; always think things through. Be suspicious of anyone who calls you then asks for details, and remember Amazon, Google, Microsoft and the ATO will never ask to access your computer. Only you and your IT support team need access to your computer!
If you’ve already fallen victim: The actions depend on what the scammers took; if money or identity information was taken, contact the police and your bank. If your device was accessed, have it looked at by a professional.
If you get any call that sounds suspicious, or the caller is trying to hurry or scare you, verify them by taking the caller’s name and company, then tell them you’ll call straight back. Use Google to find the real phone number for the company and call back to verify.
Remember – Hang up, look up, call back!