The government projects that scams cost Australians $3.1 billion per year. Given that more of our life is becoming digitalised, especially with banking and financial services, we are more susceptible to scams. It’s critical that you take active steps to protect your money.
Most common scams are…
According to the National Anti-Scam Centre, scams are most commonly perpetrated using phone, email, and/or text messages. Other methods such as social media, the internet, and in-person are less common. Therefore, you need to be vigilant in identifying and dealing with unexpected phone calls and electronic messages (email and text).
More than 77% of scams are committed in five ways being:
- Phishing attacks (44%) – lure you with fake email or text messages purporting to be from a trusted source, then steal your information through deceptive links or malware;
- False billing (16%) – a false billing scam involves issuing deceptive invoices or bills for non-existent goods or services, aiming to trick individuals or businesses into making payments;
- Online shopping scams (9%) – where a website advertises a seemingly amazing online deal and lure you in with a professional website and fake reviews. Rushing through checkout, you get scammed and lose your money when the product never arrives;
- Hacking and remote access (9%) – involves fraudulently gaining access to your computer to steal information or install malware; and
- Identity theft (8%) – is when someone steals your information to impersonate you for fraudulent purposes.
Who is liable?
Many Australian banks and credit card companies provide zero liability policies for unauthorised transactions. In essence, if you’ve taken reasonable measures to safeguard your electronic devices and login details, and promptly inform the bank, they are likely to reimburse any losses incurred.
The National Anti-Scam Centre is actively developing a comprehensive Scams Code Framework that places increased responsibility on banks and institutions to proactively prevent scams and compensate victims. It hasn’t been finalised yet. However, drawing inspiration from the UK’s stringent voluntary code, which obliges banks to reimburse scammed customers in nearly all situations, this initiative aims to enhance protection and restitution measures.
Steps you can take to minimise your risk
(1) Use a password manager
Ensure robust password security by employing a password manager to avoid the practice of recording passwords insecurely. Many people exhibit poor password habits, such as using identical credentials across various websites or jotting down passwords on a nearby piece of paper.
Enhancing security involves maintaining strong passwords, typically consisting of 12 characters encompassing letters, numbers, and symbols. The easiest way to achieve this is by using a password manager, a tool that functions seamlessly across multiple devices. This not only mitigates the inclination to reuse passwords or keep an insecure password list but also facilitates the management of two-factor authentication, enhancing login security.
If you haven’t adopted a password manager yet, prioritise doing so in 2024. Among the popular choices are Bitwarden (with a free account option), 1Password, and Keeper. These tools streamline password management and significantly enhance your online security.
(2) Be vigilant with emails, texts and phone calls
Be suspicious of any unsolicited emails, text messages, or phone calls, especially if they create a sense of urgency or panic. Never give personal information over the phone unless you know the caller. Instead, independently verify the caller’s contact details before providing any information. If you can’t do that, end the call.
Never click on links or open attachments from unknown senders. Hover your mouse over any links to see the real destination URL before clicking. Only enter your personal information on websites that you know are secure.
(3) Log into your banking daily
I’ve developed a routine of logging into online banking daily to review account balances and transactions. This practice proved beneficial when I promptly detected two fraudulent transactions on my credit card last month. The bank refunded these transactions within 2-3 business days. While it may initially seem like a bit of a chore, it becomes automatic once you establish the habit, and does not take much time.
By following these three actions, you significantly diminish the likelihood of becoming a victim of fraud. However, if you do experience fraud, there’s a high probability that the bank will provide compensation, considering you have diligently taken all reasonable measures to protect yourself.
Other things you can do…
Don’t email sensitive information such as ID, tax returns, bank statements and so on, as its not secure. Instead, share information via a secure cloud storage service such as OneDrive or Dropbox.
Keep your software up to date, including your operating system, web browser, and antivirus software.
Many banks offer digital debit and credit cards via their apps. Digital cards provide dynamic CSV numbers which change every 24 hours. This helps reduce the risk of fraud by 40% to 60%.
Consequence of the banks’ wars on scammers
Banks are actively taking substantial measures to protect their customers from falling prey to scams while simultaneously aiming to limit their own liability. Unfortunately, these precautionary measures often result in inconveniences for customers.
For instance, accounts may be locked if the bank detects a potentially suspicious transaction, as I experienced recently when transferring money to a foreign exchange travel card provider. Each time, I had to spend 30 minutes on the phone with the Australian bank to verify the transaction and unlock my account. That’s not a task you want to do whilst on holiday.
People withdrawing significant amounts of cash may find the experience intrusive, as they are likely to be questioned about the purpose of the withdrawal. However, this scrutiny is necessary for banks to fulfill their Anti-money laundering (AML) obligations, ensuring the identification of suspicious transactions and to check you are not being scammed.
If you are in business
If you have staff, it’s crucial to ensure they undergo regular cybersecurity training, ideally monthly. Almost all security breaches stem from human error, like clicking on malicious phishing emails. Therefore, it’s essential for your staff to be well-informed about potential threats. For example, our IT manager conducts phishing campaigns to assess our team members’ susceptibility to such attacks.
Another important consideration is to relocate excess cash from trading entities. While maintaining working capital is essential, any surplus should be stored in a more secure account. One option is an investment Cash Management Account with limited transacting abilities, such as not having a debit card attached, to enhance the overall security of your financial assets.
Please stay vigilant
The incidence of scams is increasing, and they are becoming more sophisticated with each passing year. It’s a challenge that everyone must actively address. By following the three steps detailed in this blog, you can significantly enhance the protection of your assets.
Disclaimer: While we provide the following steps in good faith and believe that adhering to them will significantly decrease your risk of falling victim to scams, we cannot guarantee absolute immunity from potential losses. It is important to acknowledge that complete risk elimination may not be possible. For a comprehensive evaluation of your risk, we recommend seeking independent professional and legal advice.