Rss

Archives for : ID THEFT

Do not open this text message from the Commonwealth bank ‘supposedly’

THE Commonwealth Bank is warning customers not to respond to a text message which instructs them to log into their accounts via a link provided as part of a phishing scam.

The messages have reportedly been delivered to hundreds of the bank’s customers in a series of hoax emails and SMS’ circulating throughout Australia.

Recipients were advised to “log into your account center (sic) for verifiacation (sic)” by using a link included in the hoax messages.

**These clowns scamming an Australian banks customers using the American spelling of ‘CENTRE’

commonwealth-bank-phishing-scam-request-images-www-scamsfakes-com

CommBank responded to online queries regarding the text messages.

“Yes this is a phishing text, where the sender is trying to get information on your banking,” a CommBank statement read.

“Please forward this text to hoax@cba.com.au the Security team can take it from there.

“So long as you have not entered your information then your accounts will be safe.”

deceptive-site-ahead-warning-sign-image-www-scamsfakes-com

Protected computers will display this warning message when recipients of the CommBank scam text message try to follow the link provided in a text message.

Earlier, the bank issued another statement which revealed it was “aware of a number of hoax emails and SMSs currently in circulation”.

“Remember, we’ll never send you anything that asks you to provide your NetBank client number, password, NetCode SMS, credit card details or send you an unexpected attachment,” it read.

“Hoaxes are becoming more sophisticated and can look very convincing.

“Please be sure to share this with any friends or relatives so they stay safe online.”

The fake CommBank text comes after ANZ customers were being advised to take extra caution after the discovery of a very convincing scam.

The fake ANZ Bank email advised recipients that their ‘last payment was unsuccessful’ and prompts them to login, where cyber criminals can steal their credentials.

Cyber security company MailGuard believed the scam email from August had already been sent to a very large number of inboxes.

“The email, from a display name of ANZ internet Banking and sender email address of customer.data@anz.com, claims that ANZ have been unable to contact you, and asks customers to click to update their phone number,” MailGuard warned in a blog post.

“When recipients click through they arrive on a well-crafted ANZ internet Banking landing page where they are prompted to login, so doing handing over their Customer Registration Number (CRN) and Password.”

ANZ said customers should delete the email immediately and contact the helpdesk immediately if they have clicked on any links or downloaded any attachments, responded to the hoax email, SMS or phone call with your banking details or noticed any unusual payments.

to8t756

Henry Sapiecha

Losses from reported Australian hacking victims quadrupled in 2016: ACCC

skull-crossbones-numbers-red-image-www-scamsfakes-com

The Australian Competition and Consumer Commission (ACCC) has reported a four-fold increase in hacking scams, with AU$2.9 million lost to such activity in 2016, up from AU$700,000 in 2015.

According to Targeting scams: Report of the ACCC on scams activity 2016, businesses bore the brunt of these scams, with over half — AU$1.7 million — being attributed to businesses.

“While the digital economy presents many opportunities and efficiencies for businesses, it also presents significant risks,” ACCC deputy chair Delia Rickard says in the report’s foreword.

“Scams targeting businesses are becoming increasingly sophisticated using modern technology to make fake emails, invoices and websites appear legitimate to even the astute business person.”

While the digital age is hitting businesses in Australia, the report [PDF] highlights that consumers are also being affected by scammers, with digitisation providing the opportunity for scammers to try new tricks.

Online scams — those executed via the internet, email, social networks, and mobile apps — outnumbered phone-based scams in 2016, with an increase of 130 percent over 2015.

Elsewhere in the report, losses to online scams accounted for 58 percent — AU$48.4 million — of total losses, while social media was a particularly busy platform used by scammers to lure victims, netting losses of AU$9.5 million in 2016 compared with AU$3.8 million in 2015.

Of the social media scams, the most prevalent were related to online dating and sextortion, a form of blackmail in which compromising images of the victim are used to extort money.

Residents warned as scammers rip off $60k in telephone scam

Police are warning people to be aware of a sophisticated telephone scam.

scam-signs-multiples-image-www-scamfakes-com

QUEENSLAND AUSTRALIA SUNSHINE Coast residents have been warned about a sophisticated scam which has been resurrected to great effect, ripping victims off to the tune of tens of thousands of dollars.

Police are warning people to be wary of the scam, which involves a call to a home phone from a telecommunications provider.

The demanding caller tells the residents their computer has been hacked and insists they press specific keys on the keyboard (windows key and the letter ‘r’).

A second person then comes on the line and tells the resident they need money to catch the scammer and asks for a credit card number and PIN, before ringing on the mobile phone and asks to stay on the line.

The victim is then told to withdraw money from the bank and then asked to attend certain retail shops and buy gift cards.

Still on the line, the scammer tells the victim to display the PIN and gift card details to the computer camera, which has been taken over by scammers.

This goes on for several days and can include a number of requests for purchases to be made, including plane tickets.

Acting Detective Superintendent Terry Lawrence of the Financial and Cyber Crimes Group said one victim had lost $20,000 through the scam.

“The actions of these criminals targeting the vulnerable members of our community is deplorable, they don’t care who they hurt, they just want your money,” he said.

“This scam is very specific however I urgently warn all members to be vigilant when it comes to unsolicited calls and a request or demand to make payment by gift cards of any type.

“Businesses and government organisations will not seek payment in this way, nor will they request remote access to your computer. The callers are criminals who are stealing your money. Please, I urge you to not comply and hang up immediately. Report the call to Scamwatch or ACORN.”

Coast IT guru and owner of ID Care, Dr David Lacey, said they’d seen a spike in both telephone and remote-access scams in the past few months.

He said his company was doing about 200 engagements a week with victims of cyber crime and about one-third were calls from victims of telephone scams.

Dr Lacey said scammers were often using telephone calls to gain remote access to computers, then installing ransomware to further extort their victims.

“It’s certainly ratcheting up,” Dr Lacey said.

He estimated about a million calls a month were being made to victims in Australia.

Victims that had contacted him were suffering significant financial losses, with one victim even having up to $60,000 withdrawn from their superannuation account by scammers.

He said victims often blamed themselves, but added it had nothing to do with intelligence, as the scammers were highly manipulative.

“It’s not just about the technology, it’s mostly about the emotional and confidence (damage caused by scammers),” Dr Lacey said.

Victims can report scams to www.scamwatch.gov.au or www.acorn.gov.au

jfg7ouig6

www.crimefiles.net

www.intelagencies.com

6rf7i6f5iu7

Henry Sapiecha

ID theft in three steps: ‘Adequate’ Telstra and telco identity checks questioned

Sue King was holidaying in the US when she received an odd email from Uber on her Wi-Fi connected phone saying she had just taken a short ride to the Sydney suburb of Canterbury

That day in late May became stranger when her Facebook friends began asking her why she was requesting a reference for a loan. One pointed out her account may have been hacked.

Alarmed, she contacted her broadband provider Telstra, which told her an impersonator had passed all identity checks and gained access to her account, changing her Bigpond email password.

Sue King had her identity stolen image www.scamsfakes.com

Sue King had her identity stolen.  Photo: Katherine Griffiths

“All that person needed was my full name, date of birth and home address to get into my inbox and I’m concerned it’s just too easy,” said Ms King, a teacher from Lilyfield.

“I also have a feeling they stole my mail, because they gave Telstra my account billing number.”

The use of such simple identity verification processes is widespread, with information security experts saying big organisations are struggling to strike a balance between solid security and seamless customer experience.

Ms King managed to change her email password but the worst was yet to come. When she returned home, she couldn’t use her mobile phone because her Optus number had been transferred to another SIM.

telstra logo on cage image www.scamsfakes.com

A fraudster gained access to Sue King’s Telstra account. 

She found out the fraudster had tried to mess with her details at Teachers Mutual Bank and enter her PayPal account.

Her Commonwealth Bank card was swallowed by an ATM because of irregularities. And she discovered $3800 was transferred over 10 days to a Surry Hills-based online merchant using her St George credit card.

A Telstra spokesman confirmed that as a minimum it verified a customer’s identity using their full name, date of birth and home address.

He said the telco considered its identification process as “adequate” and similar to that used by other business across many industries. It was constantly under review.

“In this instance, it appears the customer’s identity was obtained fraudulently as the scammer provided the necessary verification information … also providing the account billing number,” he said.

Ms King has since swapped from paper bills to email and changed her passwords. She said the police were also investigating her case.

Mail theft and identity fraud has been on the rise, with organised crime syndicates taking advantage of Sydney’s apartment boom and targeting the clusters of letter boxes.

Identity crime costs governments, private industry and individuals upwards of $1.6 billion each year, according to Attorney-General’s Department.

James Turner, an advisor at Intelligent Business Research Services, which counts Telstra as a client, said security teams at companies were working hard to strengthen identity verification procedures, but this had to be balanced with customer experience.

He said while identity checks, such as that used by Telstra, were common, it was important to note signatures – “the weakest biometric ever” – were still being used.

“We’re dealing with the area of risk. It’s not a binary situation of ‘They must have done more’,” he said.

“I know the heads of security of all these large organisations and they are genuinely concerned and constantly trying to raise their capabilities so the easy way is the secure way. That’s the end game,” he said.

“It’s like turning an oil tanker, when you’ve got marketing people saying: ‘No, no, we need to make this as fast and friction-less as possible’.”

David Lacey, founder of Australia’s only free helpline for victims of identity fraud IDCARE, said companies should place greater focus on the way they help victims who in some cases feel like they’re treated as criminals.

“If you’re not harmed by the crime itself, you almost certainly will be by the response [of the telcos and other service providers],” he said.

He said the number of calls to the hotline has been doubling every three months. He said a criminal begins abusing a person’s identity within 48 hours of it being stolen.

“You don’t ever get your identity back once it’s stolen. They have a life sentence, because the problem can re-appear in the future,” he said.

An Optus spokesman said it verifies identity using security questions, including personal details and account information.

“Optus also provides customers the opportunity to add a PIN to their account which can be used to help verify identify,” he said.

A Vodafone spokeswoman said if a customer can’t provide account details and a PIN, they proceed to a set of questions.

“If we are not satisfied, we may ask the caller to provide further evidence to authenticate their identity and their claim to the account or direct them to a retail store with appropriate identification,” she said.

Protect your identity (credit: IDCARE)

  • Ensure all devices have the newest available security updates and run weekly anti-virus and malware protection software.
  • Never open or click on links from emails you don’t know.
  • Never provide your personal or security details in response to any email, even if it looks legitimate.
  • Where available use two-step authentication – such as SMS codes to your mobile.
  • Regularly change your passwords and PINs and be careful about selecting your passwords.
  • Never communicate personal details on social media sites.
  • Ensure you have a secure letterbox for postal deliveries.
  • www.crimefiles.net
  • www.intelagencies.com
  • www.ispysite.com

3r5g6yu

Henry Sapiecha

Telstra clients scammed with fake refund email

shady-hacker-on-keyboard image www.scamsfakes.com

More than just chasing your credit card details, scammers are looking to steal the identity of Telstra customers.

Saying to you that you’ve paid your bill twice, scammers are tricking Telstra customers into handing over their credit card details.

These days most of us are savvy enough not to fall for promises that look too good to be true, whether it’s a win in the British Lottery or an inheritance from a long-lost uncle in deepest, darkest Peru.

Scammers have moved with the times and their new promises are a lot more boring and realistic, such as a small tax refund, unexpected parcel delivery or billing error in your favour

fake letter emailed toTelstra customers image www.scamsfakes.com

A copy of the fake letter emailed toTelstra customers. Photo: MailGuard

The latest wave of convincing-looking scam emails, identified by MailGuard, claim you’ve somehow paid your Telstra bill twice so you’re entitled to a refund. Rather than take a shotgun approach the scammers have only sent it to Telstra customers – more than 20,000 of them – who probably won’t find it too hard to believe that the telco has managed to stuff up their bill.

This isn’t a cryptolocker attack like many fake emails that have probably arrived in your inbox lately – there isn’t an infected malware attachment or dodgy link designed to encrypt all your documents and demand a ransom. Instead the official-looking letter, supposedly signed by Telstra executive Gerd Schenkel, points you to Telstra’s My Account online portal where you can log into your Telstra account and claim your refund.

Of course the link doesn’t send you to Telstra’s real My Account page, just a very convincing-looking forgery as part of a “phishing” attack hoping to trick you into handing over sensitive information. Along with your Telstra login and password you’re asked to provide all your credit card and billing address details along with your date of birth.

Not only can scammers use these details to go on a shopping spree with your credit card, it’s also enough information for them to pretend to be you and start racking up other debts in your name.

The best defence against these attacks is a healthy sense of paranoia. Often they’ll be riddled with grammatical errors, come from a suspicious-looking email address or rely on a suspicious-looking website name. This latest Telstra attack does look very convincing, but if nothing else the fact that it asks for so much information should ring alarm bells.

Always assume that any unexpected email you received from a service provider is a fake. Never open attachments, click on links in the email or trust the supplied phone number. If in doubt, contact the provider directly to clarify.

If you’ve been caught by this scam the best thing to do is notify Telstra, change your My Account password and notify your bank so it can cancel your credit card.

Have you been caught out by these kinds of scams? How do you spot the fakes?

Tell us your story HERE

SDR

www.intelagencies.com

Henry Sapiecha

TAX REFUND MONIES STOLEN FROM THE ATO

SCAMMERS & ON LINE THIEVES STEALING YOUR TAX REFUND AFTER ID THEFT

The Australian Taxation Office has been targeted more than 11,000 times by identity fraudsters attempting to steal tax refunds in the 2014-2015 financial year.

And a help-service for victims of identity crime says it is being inundated with taxpayers whose IDs have been hijacked and their tax returns robbed.

ato sign on building image www.scamsfakes.com

The ATO recorded 91,000 “revenue fraud incidents” in 2014-15. Photo: Louie Douvis

The 11,000 attempts at ID fraud are part of the wider picture of 91,000 “revenue fraud incidents” recorded on the ATO’s systems in 2014-2015.

Only the efforts that were detected and foiled are recorded, according to the agency, with the full extent of successful frauds unclear.

But iDcare, a service that helps victims rebuild their identities after they have been stolen, says the volume of calls for help it is currently receiving indicates that criminals are reaping a tax-time bonanza from unsuspecting taxpayers.

Managing director Dave Lacey said his staff had dealt with at least 400 cases this financial year involving tax refund theft.

He said taxpayer money was being lost as the ATO’s process was typically to determine an initial refund was fraudulent and then reissue the funds to the victim.

“We’re in tax fraud season at the moment. It’s organised crime. It’s big business. This has been going on for months now,” he said.

Mr Lacey said the biggest impact on victims was often not the initial financial loss but the effect identity theft had on their mental health, with one in five – almost one in four – requiring ongoing mental health support.

He said this was largely because of how victims were treated by government agencies and organisations when they tried to follow up on the fraud, seek answers for how it occurred and re-establish themselves.

“We test these things continuously and regrettably the standards are very low,” Mr Lacey said.

Fairfax Media revealed last week that sophisticated cyber-crims had managed to penetrate employers’ payroll systems, making off with detailed information on unsuspecting workers and using the data to lodge bogus tax returns.

Other victims have told how their legitimate tax refunds had been siphoned off into bank accounts operated by the fraudsters after fake MyGov profiles had been built by the thieves.

The ATO says it stopped about $9 million in refunds going out in 2014-2015 after finding they had been fraudulently claimed and the previous year the figure was even higher, with $17 million prevented from being paid amid 18,000 attempts at ID fraud.

Victims have complained about a lack of police follow-up, but an ATO spokeswoman said the agency had its own investigators who teamed up with the Australian Federal Police when frontline police powers were needed.

“The ATO maintains a criminal investigation capability that investigates significant tax crime matters, which includes identity crime enabled refund fraud and refers briefs of evidence to the Commonwealth Director of Public Prosecutions for consideration and prosecution,” the spokeswoman said.

“The AFP executes search warrants in support of ATO investigations and the ATO refers matters to the AFP for investigation when AFP capabilities are required.”

tax fraud victim image www.scamsfakes.com

ATO tax fraud scam

Paul Francisco has had his tax refund stolen by fraudsters two years in a row. The ATO have been unable to address the problem and to make matters worse they have sent him a request for payment of tax debt.

Do you know more? Email lisa.cox@fairfaxmedia.com.au.

10-4-15-HCUK-INTL-email

Henry Sapiecha