Archives for : October2017

Be aware of scammers claiming you have to pay a police infringement notice

An email has been received saying you have been issued an infringement notice.



The email would say you are required to pay $180.78 and if you did not act within 28 days you may be prosecuted in a Magistrates Court.

In this case one Kaylene Ridgely said she immediately recognised the email as illegitimate and contacted SPER.

“I wondered who the people were and how they had my email address,” she said.

“It worries me because I’m sure there a lot of older people who don’t recognise it’s a scam and give out their details.


Henry Sapiecha

Suspected money laundering scheme via phone

A WOMAN in her 70s has fallen victim to a suspected money laundering scheme.

Acting Sergeant John Donaldson [Police] said the woman reported the incident with concerns.

He said the suspected scheme involved a person calling the unsuspecting person and claiming to be an internet security company representative.


Acting Sgt Donaldson said the fraudsters request remote access to their victim’s computer.

The scammer then asks for bank details in order to transfer up to $10,000 into the person’s account.

Next the victim is asked to bring their account up on their computer screen so the scammer can check the money has gone into the account.

Police said $10,000 was transferred into the woman’s account.


Due to the large amount, the woman told the scammer she was unable to complete the request.

The woman told police the “company” transferred a smaller amount into her account to assist with the withdrawal.

After depositing the money into the new bank account details supplied to her, the woman was asked to take photos of the deposit slip and receipts as proof.

“It sounded like the person she spoke to was a very slick operator,” Sgt Donaldson said.

“We just want to make people aware because this may not be just in Hervey Bay but nationwide.”

Anyone who feels they have been scammed or believes they have been groomed can report the matter to the Australian Cybercrime Online Reporting Network (ACORN) at


Henry Sapiecha


Hoax alert

From time to time, we send emails and text messages (SMS) to our customers to update them with important information. Sometimes, fraudsters may send you “hoax” messages that appear to come from us, in order to trick you into revealing sensitive information. That’s why it’s important to remember that we will never send you a message asking you to confirm, update or disclose your personal or banking information. To help keep your account and personal information safe, here are some examples of hoax email/SMS, and what you should do if you receive one.


How to spot a scam



Pronounced ‘smishing’, they are SMS messages that attempt to direct you (via a link) to a fraudulent website and request you to input your personal information. These messages typically include an urgent call to action – such as to re-verify or unfreeze an account that is ‘suspended’ or set to ‘expire’ or to claim a tax refund. SMiShing campaigns targeted at our customers would typically link to a site that asks for your client number, NetBank password, card number or PIN. The hoax SMS may try to pass itself off as a legitimate message from the bank by including our contact number, and may also spoof (fake) our sender label/ID so that the ‘from’ field reads ‘CommBank’ or ‘NetBank’.

Tips to avoid SMS scams:

  • Commonwealth Bank will never send an SMS that asks you to confirm, update or disclose personal or banking information, and most financial institutions follow the same practice. Never click on a link provided in such an SMS.
  • Instructions on how to send these messages to Commonwealth Bank for further investigation is listed below.




Pronounced ‘fishing’, emails are used by fraudsters to trick people into entering their personal information, such as bank account details, on a website controlled or monitored by the attacker. The fraudster can then use this information for illegal purposes, such as transferring funds or purchasing goods. Phishing emails are often designed to imitate your most trusted service providers – a bank, cloud service provider or other financial institution, and may include links to a convincing replica home page.

Tips to avoid email scams:

  • We will never send messages via email that ask you to confirm, update or disclose personal or banking information, and most financial institutions follow the same practice.
  • Hard as they might try, these emails don’t always get the branding and design of your service provider quite right. If you’re in any way unsure about a message that purports to be from an organisation you transact with, compare it to previous correspondence from the same organisation.
  • If you’re still unsure, contact the organisation directly using a phone number from their website (not from the email) before you reply.
  • Never open an attachment that you’re unsure about as it may contain malicious software designed to infect your computer.
  • You can typically check that links in emails are legitimate by ‘hovering’ your mouse over the link to view the destination URL (web address), without risking having to click it. On your smartphone, you need to tap and hold on the link and wait for the URL to appear.


Do not open this text message from the Commonwealth bank ‘supposedly’

THE Commonwealth Bank is warning customers not to respond to a text message which instructs them to log into their accounts via a link provided as part of a phishing scam.

The messages have reportedly been delivered to hundreds of the bank’s customers in a series of hoax emails and SMS’ circulating throughout Australia.

Recipients were advised to “log into your account center (sic) for verifiacation (sic)” by using a link included in the hoax messages.

**These clowns scamming an Australian banks customers using the American spelling of ‘CENTRE’


CommBank responded to online queries regarding the text messages.

“Yes this is a phishing text, where the sender is trying to get information on your banking,” a CommBank statement read.

“Please forward this text to the Security team can take it from there.

“So long as you have not entered your information then your accounts will be safe.”


Protected computers will display this warning message when recipients of the CommBank scam text message try to follow the link provided in a text message.

Earlier, the bank issued another statement which revealed it was “aware of a number of hoax emails and SMSs currently in circulation”.

“Remember, we’ll never send you anything that asks you to provide your NetBank client number, password, NetCode SMS, credit card details or send you an unexpected attachment,” it read.

“Hoaxes are becoming more sophisticated and can look very convincing.

“Please be sure to share this with any friends or relatives so they stay safe online.”

The fake CommBank text comes after ANZ customers were being advised to take extra caution after the discovery of a very convincing scam.

The fake ANZ Bank email advised recipients that their ‘last payment was unsuccessful’ and prompts them to login, where cyber criminals can steal their credentials.

Cyber security company MailGuard believed the scam email from August had already been sent to a very large number of inboxes.

“The email, from a display name of ANZ internet Banking and sender email address of, claims that ANZ have been unable to contact you, and asks customers to click to update their phone number,” MailGuard warned in a blog post.

“When recipients click through they arrive on a well-crafted ANZ internet Banking landing page where they are prompted to login, so doing handing over their Customer Registration Number (CRN) and Password.”

ANZ said customers should delete the email immediately and contact the helpdesk immediately if they have clicked on any links or downloaded any attachments, responded to the hoax email, SMS or phone call with your banking details or noticed any unusual payments.


Henry Sapiecha

This Android ransomware threatens to expose your browsing history to all your contacts

This Android ransomware threatens to expose your browsing history to all your contacts


A form of Android ransomware which threatens to send the victim’s private information and web history to all of their contacts has been discovered in the official Google Play app store.

Uncovered by researchers at McAfee, LeakerLocker doesn’t actually encrypt the victims’ files, but instead claims to have made a backup of data stored on the device and threatens to share it with all of the user’s phone and email contacts.

Those behind the malware demand $50 in exchange for not leaking personal data including photos, Facebook messages, web history, emails, location history and more, playing on fears of potential embarrassment rather than any form of cryptography.

Two applications in the Google Play Store contained the malware, Wallpapers Blur HD, which has been downloaded between 5,000 and 10,000 times, and Booster & Cleaner Pro, which has been downloaded between 1,000 and 5,000 times.

The combined number of downloads means that up to 15,000 people have fallen victim to this ransomware, which has been in the Google Play Store since at least April. Both apps have good review scores, suggesting that those behind the scheme have been giving them fake reviews.

Once downloaded, LeakerLocker asks for vast swathes of permissions, including the ability to manage calls, read and send messages, and have access to contacts — overreaching for the apps the malware is claiming to be — before communicating with a receiver, initiating the malicious activity and locking the homescreen of the device with the extortion threat.


LeakerLocker attempts to extort victims into paying a ransom by threatening to release their personal data.

Image: McAfee

It’s true that the malware can gain access to private information — thanks to its victims granting permissions at installation time — but not all the private data LeakerLocker claims to have access to can be seen or leaked.

However, analysis of the code shows it’s capable of at least accessing an email address, some contact information, Chrome browser history, text messages and calls, and photos from the camera.

Snippets of this data are chosen at random to convince the victim that all their data has been copied — although at this point the information hasn’t actually been copied, but it could happen if the control server issues relevant instructions.

This basic form of ransomware demands the ransom via credit card, although researchers advise infected victims not to pay because there’s is no guarantee that the information will be released or not used to blackmail victims again.

McAfee researchers have reported LeakerLocker to Google, which says it’s “investigating” — and it appears that the two apps including the malware have been removed from the Google Play store.

It’s far from the first time malware has infiltrated Android’s official app marketplace and is indicative of Google’s continuing battle against cybercriminals sneaking malware into the store.


Henry Sapiecha

Lottery officials confirm $70m scam Hervey Bay Qld Australia

Too good to be true – An instagram scam, claiming to be an account of a Hervey Bay winner of 70 million dollars, is hooking followers into sharing their bank and paypal account information.


A SCAM warning is in place after a fraudster masquerading as a $70million Hervey Bay lottery winner began targeting locals online.

The Chronicle understands the scammer is attempting to capitalise on the region’s recent lucky streak where locals have taken out two major jackpots.

On Tuesday, an Instagram user by the name of Susan Croper posted a photo of a woman holding a cheque for $70 million addressed to ‘Hervey Bay grandparents’.

The photo caption read “Just about 1 year ago I walked in and collected my $70million cheque. To mark this day we would like to give something a little back to the hard workers of this lovely world”.

The fraudster continued by announcing the next 50,000 people to like, comment, share and tag Susan Croper in the picture would receive $1000 via Paypal or bank transfer.

A link was also provided in the account description which claimed to provide “proof”.

Last year, a retired Hervey Bay Couple was in fact lucky enough to take out a $70m lotto jackpot.

A Hervey Bay man won $30million last month.

But Golden Casket spokesperson, Elissa Lewis, confirmed the post was a hoax and not linked to any actual winners.

“(The grandparents) still hold the record for the largest single ticket lottery win in Australian lotto history,” Ms Lewis said.

“Unfortunately someone is trying to take credit for their profit.”

Ms Lewis said Golden Casket was working closely with Instagram, Google and Facebook to have the hoax shut down.

In the meantime, readers are being urged to remember never to pass on their personal details online.

“If anyone suspects a lottery scam they should report them to Scam Watch,” she said.

“If they think they’ve handed over personal details but aren’t sure if the party is legitimate, it becomes a legal matter and they should contact their local police.

“We just caution customers to be aware of these sorts of requests because if it seems like easy money, it is not.”


Henry Sapiecha