It’s a common scenario: you open your inbox and right there is an email congratulating you on your million dollar win. All you have to do is click the link to share all your account details and pay $200 to cover the transfer fee. It can be pretty easy to scoff at examples like this. After all, you’d never fall for it, right?
But losing money to a scam is much easier than you’d think. To prevent it from happening to you, we’ve teamed up with Get Safe Online's fraud expert Tim Mitchell. Follow his tips to keep your money and your identity safe online.
What is the number one type of fraud our users should be aware of?
The biggest issue at the moment is definitely people falling victim to what we call ‘social engineering’ fraud. This is simply manipulating or tricking someone into performing certain actions, such as divulging personal or financial information. A con, in other words.
Unfortunately, financial fraud has always been a massive issue. But as we live more of our lives online, more people are becoming vulnerable to this type of fraud, and more people are losing money to it. But social engineering is an easy one to avoid, if you know the warning signs.
Social engineering scams come in all shapes and sizes, ranging from the ridiculous to the nearly impossible to identify. And people are falling for these every day. Here are the mains ones to be aware of:
- Email scams Scams are very common via email, so make sure you pay attention to what lands in your inbox. Fraudsters often pretend to be someone official such as a bank, online retailer, or a government agency. They’ll then ask you to share confidential private information such as your banking details or login details to your accounts. Some fraudulent emails contain an attachment which, if clicked, can lead to a virus or even spyware being downloaded on to your device.
- Social media scams We’ve seen a big rise in people losing money through social media, and I think we’ll see this one grow over the next few years. For example, catfishing scams - where someone creates a fake identity to forge a relationship with you and trick you into parting with your money or sensitive details - are becoming increasingly popular.
So does this sort of thing only happen online, or should we be keeping watch elsewhere too?
It's certainly not all online. In fact, some of the most convincing scams come via a phone call.
Typically, you’ll get a call from someone claiming to be from your bank, telling you that your account has been hacked or taken over by an unauthorised user, and that the bank needs your permission to move your balance into a new account. In reality, a bank would never ask for your details over the phone.
Another kind of phone call scam is the computer support scam.
I was working at an online safety event and a man told me that his computer had been locked by ransomware, asking me how this might have happened. He swore that, knowing the dangers, he hadn’t clicked on any links or attachments. It was only after probing, that he told me he’d had a call from ‘Microsoft’ a couple of weeks earlier, and the nice operative on the other end had fixed his problem.
What had in fact happened, is that the caller was a scammer who had infected his computer with the malware. Not only that, but he’d been charged for this!
What are the main warning signs of a scam?
Is the email threatening you to take action right now?
Any email that asks you to take action immediately is likely to be suspect. It’s designed to make you flustered in the hope you’ll make a mistake.
Have you been promised a reward, a competition win or a tax refund?
Any email or call claiming to be giving you money should be considered carefully. Especially if they are demanding your details in order to claim it. Reveal your logins, and a fraudster has free rein to access your bank account (and other accounts if you use the same details).
Is the email personalised to you?
Generic greetings like 'Dear Sir or Madam' or 'Dear valued customer' suggest that this email has probably been fired off to as many email addresses as possible, in the hope that at least some people will respond to the scam.
It can sometimes be tricky to identify a dodgy link. The key is to check that the domain name matches the legitimate one (which you can find through a quick google search).
Here’s an example. Let’s say you’ve got an email asking you to follow a link to reactivate your PayPal account.
How can you tell if these links are the real deal or a fake?
The trick here is to look for what’s in between the ‘www.’ and the ‘.com’ part of the URL. This is the true domain name and tells you what site you'll be accessing if you click.
You can see that, actually, none of these have a domain name of paypal.com or paypal.com/au. The first may have PayPal in it, but it’s really taking you to a site ‘paypal-reactivate.com’, the second to ‘reactivate-account.com’ and the third is directing you to the even dodgier sounding ‘11982pypl.com’.
If you’re not sure about a link, copy and paste it into your browser before clicking on it so that you can see the full address.
How can you be sure if an email is a scam?
Unfortunately, a fake email is one of the hardest things to spot as fraudsters can be pretty cunning.
Let’s try out another example. Which of these do you think could be a scam account?
Actually, both of these addresses are probably fake. With the first one, the domain name is ‘accounts.com’ so this could literally be from anyone. Always check that the correct company name comes after the ‘@’ as that will confirm who it's really coming from.
The second one is easy to miss, but the giveaway here is that there are a few spelling mistakes, including in the name of the bank. This is another surefire sign of a scam.