13 February 2020
Online payments continue to grow, and with Treasury's recent announcement of an inquiry into the Consumer Data Right which includes how open banking could be expanded to include payments initiation, this trend is likely to continue.
Against this backdrop of growing digital payments, it’s important that individuals and organisations are able to transact safely. With the goal of keeping online safety front of mind, we spoke to IDCARE’s Managing Director, David Lacey, about the top 6 issues that were reported to his organisation in 2019. Being aware of these issues will help us all stay safe online.
- Identity theft involves the theft of someone’s personal information. Individuals are deceived into disclosing their personal information and identification documents such as driver licence, passport, Medicare card information and bank account details. Most individuals only become aware of the theft once they experience things like an unexplained transaction on their account or the blocking of access to online accounts. Others may know how the compromise occurred, which is usually as a result of a telephone scam, phishing email, malware / computer virus, or the physical theft of documents.
- Remote access scams typically result in individuals providing fraudsters with remote access to their device. Scammers will use deceptive techniques that include showing customers directories, CPU usage and other basic device information which points to convince customers that they have an issue. Common scams include a fraudster claiming to have detected a virus on an individual’s device or with their account, “technical support” scams, and scams that impersonate financial institutions and telecommunications companies. Initial engagement with individuals includes online “pop-ups” warning about a virus, telephone calls, and phishing emails.
- Relationship scams involve an individual developing a relationship with a person they believe is real and genuine, but who’s actual motivation is to steal money or acquire identity credentials to commit other crimes. While the majority of relationship scams start and develop online, physical meetings or engagements might also occur. Common platforms used by scammers include social media platforms, relationship or dating websites and apps, and even via email.
- There are three common types of investment frauds:
- A scammer presents a fraudulent investment opportunity
- A scammer presents a legitimate investment opportunity, but the customer’s funds do not actually go into the investment;
- A scammer contacts an individual on behalf of a legitimate financial or investment firm, but the scammer is not actually an employee of the firm.
Most investment fraud originates online, in response to advertisements via social media platforms. Almost two-thirds of investment frauds reported to IDCARE in 2018 and 2019 involved crypto-currency and/or binary option commodities.
- There are three common types of employment scams:
- An individual is recruited to launder money, for which the individual is promised a commission
- An individual provides their personal information, such as their passport, or bank account details in applying for, or accepting, a fraudulent employment opportunity.
- An individual makes an upfront payment to the scammer towards a ‘starter kit’ or for other materials in applying for, or accepting, a fraudulent employment opportunity.
The channels used to engage individuals include legitimate employment seeking websites, social media, and even direct phishing emails.
- Business email compromise (BEC) is the costliest scam currently impacting businesses. BEC events are complex, and involve multiple victim parties, with the following fraud types some of the more common:
- Invoicing fraud: The fraudster impersonates a supplier, and requests payment of a legitimate invoice, having substituted the supplier’s banking details with their own.
- Payroll fraud: The fraudster impersonates an employee and seeks to divert a salary to an alternative bank account that’s been established in the employee’s name.
- CEO or executive fraud: The fraudster impersonates the CEO by email, and directs a member of staff to transfer funds to the scammer’s account.
- Legal impersonation: The fraudster passes themselves off as a lawyer or legal representative of the business and requests sensitive information urgently.
- Data theft: The criminal impersonates a senior person to obtain access to sensitive and valuable information about employees, customers or suppliers, which is used for future attacks. Data theft often targets individuals working in human resources.
If you would like more information on any of the above, or would like to talk to someone and one of the issues, please contact IDCARE on (AU) 1300 432 273. For more information, visit the IDCARE website.