The latest figures reveal phishing is a practice that is only becoming more and more widespread. Phishing was the most reported scam to Scamwatch in 2022, with the government website recording 74,573 complaints — a 4.6 per cent increase on the previous year. In 2022, the total financial losses from phishing reported to Scamwatch and the Australian Financial Crimes Exchange totalled $157.6 million.

Advances in machine learning and AI have made it harder to detect phishing scams.

The success of a phishing scam hinges on manipulating the emotions and behaviours of a potential victim.

Urgent calls to action requiring a victim to pay off an outstanding tax debt or reactivate a suspended bank account are common techniques used by scammers.  Ofir Turel, professor of information systems management at the University of Melbourne, says scammers appeal to the impulsive part of our brains, using temptation to override restrained, logical thinking.

Read more..

How scammers use phishing attacks to ‘socially engineer’ their way into your savings
By Judd Boaz and Leanne Wong

Welcome to the National Scams Awareness Week 2020! 

(Australia and New Zealand)

Gobbill has been a strong supporter in protecting people from against fraud and scams since 2015. We are proud to be a campaign partner for this year’s National Scams Awareness Week. 

Throughout this week, we will be raising awareness of scams and frauds. We will focus on Phishing and Email Compromise. These are two areas of scams that Gobbill has extensive experience in confronting.  

To kick off the week, we have posted a quiz titled ‘Can you spot a scam?’ on our Instagram page.

If you are here to read the explanations, please keep reading.

If you have not done the quiz, hop off this page and come back to this page for the explanations. 

1. Optus – This is a real email bill from Optus. Optus does send from cloudmails.net and they do personalised the email to the account holder.   
2. ANZ –This is a Scam. The sender anzhost.org is fake and the email is not personalised. 
3. DocuSign – This is a Scam. An email from DocuSign will have the sender’s email and details above the general text. Tricky one!   
4. Xero – This is a real email and invoice. The email is from the correct sender and the email is correctly personalised to the recipient.  As a scammer, this would be one of the easiest to use; to change the link or attachment and have something quite malicious for the victim.

How did you go? Scam emails or texts can look extremely authentic and convincing through replicating legitimate messages from trusted senders. 

These scams often feature official looking logos and emails and a ‘call to action’ to open a malicious link or share personal information. That’s why Gobbill has developed automated checks of domains, links and much more over the last 5 years. Gobbill fetches and/or opens attachments safely so you don’t have to.  

We do this for all Australian billers including telcos, councils, utilities and many more. 

We process payments to over 40,000 billers with over 1m+ Australians already having access to Gobbill’s payment platform.

For more information, contact us at: https://gobbill.com/contact/ 

Right now, the FBI is concerned with business email compromise, or BEC, which involves targeting an employee with access to their company’s financial infrastructure and duping them into moving money to the scammers.

FBI agent Michael Sohn of the Los Angeles Cyber Division told Wired, “[w]hen a small business gets scammed out of $200,000 or $500,00 they’re just done, they’re no longer in business.”

A similar strategy called vendor email compromise, or VEC, is also on the rise. In a typical scenario, a fraudster will create an invoice that looks identical to the real vendor’s, save for the bank account information. When the company issues payment, it once again ends up in the scammer’s account.

Juniper Research, which forecasts trends in digital technology, estimates business losses stemming from cybercrime hit $3 trillion worldwide in 2019 to over $5 trillion in 2024, an average annual growth of 11%. No one is safe from the fallout. 

By the way, the Nigerian prince scam is still fooling people. Here’s why. Also known as the 419 fraud, the Nigerian prince is a variation on the centuries-old Spanish prisoner swindle, an advance-fee scam that emerged after the French Revolution, where people sent handwritten letters soliciting help for a (non-existent) nobleman falsely imprisoned. While it’s closely associated with the early internet, the Nigerian prince first went global in the 1980s when West African fraudsters began snail-mailing scam letters around the world. Today, it seems more like a punchline than a real threat, but the Nigerian prince still gets paid: in 2018, the con brought in more than $700,000 from Americans alone.

That’s why we built Gobbill, to protect businesses from fake invoices and scams. Get protected with our accounts payable fraud protection platform. https://gobbill.com

Gobbill expects to debut and showcase its “Know Your Biller™” fraud detection technology at prestigious UK investment events such as this year’s EIE20 driven by what the UK Financial Conduct Authority calls an “epidemic” of 3.8 million fraud cases reported in 2019.

Sources:

Popular Science – The Nigerian prince scam is still fooling people. Here’s why. 5th March 2020

https://www.popsci.com/story/technology/nigerian-prince-scam-social-engineering/

Juniper Research Hampshire, UK – 27th August 2019

https://www.juniperresearch.com/press/press-releases/business-losses-cybercrime-data-breaches

This Stay Smart Online Week (9-13 October), the ACCC is warning the community to watch out for common online scams they might encounter.

The online sphere – email, the internet, social media and mobile apps – has overtaken telephones as scammers’ preferred tool of the trade to contact potential victims. In 2017, the ACCC’s Scamwatch site has received more than 51,000 reports of scammers trying to con people online. Online scam losses total nearly $37 million so far in 2017, with people aged 45 to 54 most likely to lose money.

Video transcript.

“It’s difficult to spot a scammer online these days as they  go to great lengths  to trick the public and steal personal information and money,” ACCC Deputy Chair Delia Rickard said.

The top three scams that people are most likely to encounter online are:

• Phishing – often delivered via email, scammers will pretend to be from well-known businesses and government departments to con unsuspecting victims out of their personal information and money. For example they might say they’re from Apple and you need to reset your password for security reasons, or they may offer you a gift voucher to a major supermarket for completing a ‘survey’.
• False billing – scammers will pretend to be from a utility provider such as your phone or energy company and send you a fake bill. These scams can be very hard to pick as the fake bills scammers send look authentic.
• Buying and selling – scammers will trick people who are looking to buy or sell goods online. For example, they may set up a fake online store that sells well-known brands at seemingly too-good-to-be-true prices; or they may set up a fake listing on a classifieds website.

Ms Rickard said there are some simple techniques members of the public can employ to avoid being stung by a scammer online.

“While scammers are often after your money, they’re also trying to steal your personal information, which is just as valuable. It’s important to safeguard your personal details online the same way you would your wallet,” Ms Rickard said.

“If you’re ever contacted out of the blue, particularly via email, by someone asking you to pay a bill, complete a survey or update your passwords, it pays to be sceptical. If it seems too good to be true, it probably is.”

“If you’re unsure about the legitimacy of something online like a store, classified listing or email you receive, do you own research as others who have been stung by scammers will often post warnings for others. There are also plenty of very useful tips and advice at www.scamwatch.gov.au to avoid being stung by online scams,” Ms Rickard said.

Source and to see more information about Stay Smart Online Week.

Gobbill processes 3 times more bills in the last month of each quarter, with installments such as council rates and some electricity bills coming up for payment. This makes this period the ideal time for scammers to target individuals with fraudulent bills.

It’s always good to keep a close eye on your email inbox. Statistics show that online scams are a growing issue, with huge losses to scams over August this year. Australians lost $12.5M in scams last month (August 2017), which is almost double compared to the same time last year. Email fraud makes up an estimated 27% of all scams, with an estimated total of $3.4M lost last month. The hardest hit by scams are older women. Apart from being aware and cautious of scams, keep yourself protected with Gobbill to help check and pay email bills.

August 2017 – Number of reports by Age and Gender

Source: Scamwatch

Gobbill is a partner of the Commonwealth Government Stay Smart Online program. In recent months, the Government Cyber program has issued a number of alerts of new phishing emails carrying malware. The emails pretend to come from a number of Australian institutions including Telstra, Origin Energy and AGL.

Find out more about Gobbill. It’s free to use service that protects you from email bill scams.

Australian Cybercrime Online Reporting Network (ACORN) has today issued a high priority alert to beware of the same ransomware disrupting organisations globally, including the UK’s National Health Service.

What can you do? Keep safe by applying software updates and backing up your data regularly. Use Gobbill to check and pay your email bills. You don’t need to know if it’s a fake bill and you don’t need to click on any links. Simply forward the email to your own @gobbill.com email address and it’s taken care for you. Read more gobbill.com.au

Last week, hackers used tools believed to have been developed by the US National Security Agency which has infected tens of thousands of computers in nearly 100 countries, disrupting Britain’s health system and global shipper FedEx. Australian Cyber Security Centre is tracking the attack campaign which goes by various names including WannaCry. It leverages known vulnerabilities in Microsoft Windows patched since March 2017 making this disruption and impact preventable.

ACORN reports that they are continuing to monitor the situation closely.

——–

New Gobbill users can sign up for a FREE account at gobbill.com.au.

Follow us on Facebook/gobbill to receive further alerts.

 
What is Ransomware?

Ransomware is malicious software that makes data or systems unusable until the victim makes a payment. In this case, cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files reports The Sydney Morning Herald. 

About ACORN.

ACORN provides information on how to recognise and avoid common forms of cybercrime, such as hacking, online scams, online fraud, identity theft, attacks on computer systems and illegal or prohibited content, as well as offering advice to those who have fallen victim.