The latest figures reveal phishing is a practice that is only becoming more and more widespread. Phishing was the most reported scam to Scamwatch in 2022, with the government website recording 74,573 complaints — a 4.6 per cent increase on the previous year. In 2022, the total financial losses from phishing reported to Scamwatch and the Australian Financial Crimes Exchange totalled $157.6 million.

Advances in machine learning and AI have made it harder to detect phishing scams.

The success of a phishing scam hinges on manipulating the emotions and behaviours of a potential victim.

Urgent calls to action requiring a victim to pay off an outstanding tax debt or reactivate a suspended bank account are common techniques used by scammers.  Ofir Turel, professor of information systems management at the University of Melbourne, says scammers appeal to the impulsive part of our brains, using temptation to override restrained, logical thinking.

Read more..

How scammers use phishing attacks to ‘socially engineer’ their way into your savings
By Judd Boaz and Leanne Wong

Australians lost over $851 million to scams in 2020, a record amount, as scammers took advantage of the pandemic to con unsuspecting people, according to the ACCC’s latest Targeting Scams report released today.

“Unfortunately scammers continue to become more sophisticated and last year used the COVID-19 pandemic to scam and take advantage of people from all walks of life during this crisis.” stated ACCC Deputy Chair. “Victoria, which was significantly impacted by the second wave of the virus, recorded the highest losses nationwide for the first time and Victorians reported $49 million in losses to Scamwatch, more than double those in 2019.”

Health and medical scams increased more than 20 fold compared to 2019, accounting for over $3.9 million in losses.

Phishing activity also thrived during the pandemic, especially through government impersonation scams. There were over 44,000 reports of phishing scams, representing a 75 per cent increase.  

Gobbill continues to protect small businesses and households from scams and fraud throughout Covid. Join Gobbill today to have the confidence that you have cyber protection from fraudsters.

Source ACCC June 2021 https://www.scamwatch.gov.au/news-alerts/scammers-capitalise-on-pandemic-as-australians-lose-record-851-million-to-scams

Gobbill would have STOPPED this invoice fraud and saved Jane $51,000.

Welcome to the National Scams Awareness Week 2020! 

(Australia and New Zealand)

Gobbill has been a strong supporter in protecting people from against fraud and scams since 2015. We are proud to be a campaign partner for this year’s National Scams Awareness Week. 

Throughout this week, we will be raising awareness of scams and frauds. We will focus on Phishing and Email Compromise. These are two areas of scams that Gobbill has extensive experience in confronting.  

To kick off the week, we have posted a quiz titled ‘Can you spot a scam?’ on our Instagram page.

If you are here to read the explanations, please keep reading.

If you have not done the quiz, hop off this page and come back to this page for the explanations. 

1. Optus – This is a real email bill from Optus. Optus does send from cloudmails.net and they do personalised the email to the account holder.   
2. ANZ –This is a Scam. The sender anzhost.org is fake and the email is not personalised. 
3. DocuSign – This is a Scam. An email from DocuSign will have the sender’s email and details above the general text. Tricky one!   
4. Xero – This is a real email and invoice. The email is from the correct sender and the email is correctly personalised to the recipient.  As a scammer, this would be one of the easiest to use; to change the link or attachment and have something quite malicious for the victim.

How did you go? Scam emails or texts can look extremely authentic and convincing through replicating legitimate messages from trusted senders. 

These scams often feature official looking logos and emails and a ‘call to action’ to open a malicious link or share personal information. That’s why Gobbill has developed automated checks of domains, links and much more over the last 5 years. Gobbill fetches and/or opens attachments safely so you don’t have to.  

We do this for all Australian billers including telcos, councils, utilities and many more. 

We process payments to over 40,000 billers with over 1m+ Australians already having access to Gobbill’s payment platform.

For more information, contact us at: https://gobbill.com/contact/ 

The Australia taxation office has received reports that myGov related SMS and email scams are targeting Australians. The increased SMS and email scams coincide with tax time where millions of Australians are accessing and engaging with myGov services. 

What do the scams look like?  

These myGov related scams looks as if they have been sent from a myGov or ATO email address. Scammers utilise technology that allows emails to be sent in a similar way to conversation threads sent by myGov or ATO messaging.  

The call to action in the email is to click a link that asks for your personal details for ‘verification purposes.’ The official advice from ATO is ‘DON’T click any links’ and ‘DON’T provide the information requested.’ 

Example of a scam message from the Australia Cyber Security Centre. Source: https://www.cyber.gov.au/acsc/view-all-content/alerts/increasing-reports-mygov-related-sms-and-email-scams-targeting-australians 

How to protect yourself from myGov related scam: 

If a scam email or SMS is delivered to you, do not open the links or provide any personal details or information requested. 

Remember:

• ATO will never send a message asking you to access their services via a URL.  
• Sign in anytime to your myGov accounts to check updates on tax affairs 
• For extra protection on your myGov account, enable two-factor authentication (2FA). This can be accessed by signing into your myGov account and turning the feature on in ‘Account settings’ 
• If you see a suspicious myGov email or SMS with a URL, email: [email protected]. 
• If you have clicked a link on a myGov email or SMS and entered your details, contact: Services Australia on 1800 941 126. 

For more information visit: https://www.cyber.gov.au/

New research from the Take Five to Stop Fraud campaign by UK Finance has revealed eight in ten (80 per cent) people in UK would feel embarrassed if they fell for a financial scam.

Right now, the FBI is concerned with business email compromise, or BEC, which involves targeting an employee with access to their company’s financial infrastructure and duping them into moving money to the scammers.

FBI agent Michael Sohn of the Los Angeles Cyber Division told Wired, “[w]hen a small business gets scammed out of $200,000 or $500,00 they’re just done, they’re no longer in business.”

A similar strategy called vendor email compromise, or VEC, is also on the rise. In a typical scenario, a fraudster will create an invoice that looks identical to the real vendor’s, save for the bank account information. When the company issues payment, it once again ends up in the scammer’s account.

Juniper Research, which forecasts trends in digital technology, estimates business losses stemming from cybercrime hit $3 trillion worldwide in 2019 to over $5 trillion in 2024, an average annual growth of 11%. No one is safe from the fallout. 

By the way, the Nigerian prince scam is still fooling people. Here’s why. Also known as the 419 fraud, the Nigerian prince is a variation on the centuries-old Spanish prisoner swindle, an advance-fee scam that emerged after the French Revolution, where people sent handwritten letters soliciting help for a (non-existent) nobleman falsely imprisoned. While it’s closely associated with the early internet, the Nigerian prince first went global in the 1980s when West African fraudsters began snail-mailing scam letters around the world. Today, it seems more like a punchline than a real threat, but the Nigerian prince still gets paid: in 2018, the con brought in more than $700,000 from Americans alone.

That’s why we built Gobbill, to protect businesses from fake invoices and scams. Get protected with our accounts payable fraud protection platform. https://gobbill.com

Gobbill expects to debut and showcase its “Know Your Biller™” fraud detection technology at prestigious UK investment events such as this year’s EIE20 driven by what the UK Financial Conduct Authority calls an “epidemic” of 3.8 million fraud cases reported in 2019.

Sources:

Popular Science – The Nigerian prince scam is still fooling people. Here’s why. 5th March 2020

https://www.popsci.com/story/technology/nigerian-prince-scam-social-engineering/

Juniper Research Hampshire, UK – 27th August 2019

https://www.juniperresearch.com/press/press-releases/business-losses-cybercrime-data-breaches

Former fraud investigator for the National Disability Insurance Scheme says too few people are dealing with fraud in the system. $2B could be in fraud per annum in the $22B per annum scheme.

Beware of scammers impersonating energy and telecommunications companies

Source: ACCC Swamwatch 24 April 2018

The ACCC is warning consumers to beware of scammers impersonating energy and telecommunications providers and demanding payments.

Scamwatch has received 5000 reports of fake billing scams in the last 12 months, with reported losses of close to $8000.

“The scammers typically impersonate well known companies such as Origin, AGL, Telstra and Optus via email, to fool people into assuming the bills are real,” ACCC Deputy Chair Delia Rickard said.

“They send bulk emails or letters which include a logo and design features closely copied from the genuine provider. The bill states the account is overdue and if not paid immediately the customer will incur late charges or be disconnected.”

“Alternatively, the bill may claim that the customer has overpaid and is owed a refund or it may simply say the bill is due and ready to pay,” Ms Rickard said.

New South Wales residents reported the highest number of incidents of the fake billing scam, with 1779 households reporting being victims, compared to 1275 in Queensland and 1245 in Victoria, 485 in Western Australia, 462 in South Australia, 132 in the ACT, 117 in Tasmania and 38 in the Northern Territory.

“Older Australians should particularly be wary of emails pretending to be from utility companies, with people over 65 reporting the most fake utility billing scam incidents,” Ms Rickard said.

“I advise consumers to contact their communications or energy provider directly via the company’s official channels to verify that the email or letter is actually from them.”

“Customers should never use the contact details provided on the suspicious email or letter but instead use an independent source to locate contact details such as a past bill or the phone book.”

In one case reported to the ACCC, a customer received a fake Telstra bill in the mail. The bill stated the customer’s account was overdue and immediate payment was needed. The customer dialled the phone number provided and was asked for his date of birth and driver’s licence number to confirm his identity.

“If customers are duped into phoning scammers they will then attempt to steal as much personal information as they can,” Ms Rickard said.

Other tips on how consumers can protect themselves:

If you receive a bill outside of your normal billing cycle, or don’t expect to receive an overdue notice, call your provider to check whether it is legitimate.
If you are not a customer of the company simply delete the email.
Never click on links or open attachments in an email from an unverified sender – they may contain a malicious virus.
Never send money or give credit card details, online account details or personal information to anyone you don’t know or trust and never by email or over the phone.
Keep your computer secure – always update your firewall, anti-virus and anti-spyware software, and only buy from a verified source.

— End —