Josh Lemon from the SANS Institute flags risks associated with the growing scam threat, outlining strategies to help stakeholders build their defences.
Over several months of 2021, Australians received various scam text messages about missed calls, voicemails and deliveries – these are known as Flubot scams.
As of early October, a staggering 16,000 people had reported these types of scams to Scamwatch, which doesn’t even scratch the surface of the number of scams Australians are facing on the whole.
According to Scamwatch, there has been an 89 per cent increase of reported scams in the first nine months of the year, with Australians losing upwards of $211 million compared to the $176 million reported to Scamwatch in all of 2020.
As the number of reported scams continues to grow, it emphasises the need for Australians to communicate with family and friends on their methods of tackling scams. As such, it’s time for Australians to take a community-based approach to scams, whereby talking with people about scams, Australians can become more resilient.
Phishing versus vishing
Although phishing, an email attempt to dupe victims into providing access to sensitive information by purporting to be someone trustworthy, remains the top cause of data breach for organisations, phone call attacks, known as vishing, are the leading contact method for individuals.
This can be a result of the two advantages cyber criminals gain when using the phone to scam their victims.
While many people have security software installed on their computers, it can’t defend against a phone call attack.
Another advantage for cyber criminals when using the phone is the ability to convey emotion and build trust over the phone, which makes it easier to trick their victims into giving them money, information or access to their computer.
Like phishing, cyber criminals create a sense of urgency followed by a request when vishing. For example, a scammer may call someone pretending to be from the government and inform the victim “they have unpaid taxes”. The scammer will create a sense of urgency by telling the person on the other end of the line they must pay the fees over the phone with their credit card details.
The fear of getting in trouble from the government can be enough to get people to give up their details.
Forming a community-based approach
With the rapid rise of scams circulating in Australia, talking about scams with family and friends is imperative. In fact, the ACCC’s Targeting scams 2020 report reveals older demographics have had the most losses to scams, which is why talking with and educating those around you is important.
Here are five tips to look out for in defending against scams:
- Caller ID and email domain: Social engineering is allowing cyber criminals to create more realistic scams, so it’s important to always evaluate who is contacting you. Are you waiting for someone to contact you? If not, question the validity of the outreach.
- Request for information: If you receive a call or email requesting information, ask yourself if the information they “require” is relevant. For example, does a courier service need your bank credentials, particularly if you haven’t sent anything recently?
- Take your time: If you’re on the phone, don’t make any rash decisions. Take your time to understand whether the call is legitimate; if they’re pressuring you to take action now, it’s likely a scam. Likewise with email, don’t rush in – take the time to research and understand whether something is trustworthy.
- Talk and listen to family and friends’ experiences: If you receive a scam attempt, it is important to tell people to create awareness
Above all, if you’re ever unsure about a scam attempt, err on the side of caution and take no action!
Josh Lemon is a certified instructor at SANS Institute.