Cybercrime rose sharply in 2020, as more people worked, shopped and socialised online due to the COVID-19 pandemic. Anyone can be a target, so it’s essential to be proactive when it comes to protecting your finances and identity online.
Our digital tools and technology were a welcome relief last year, allowing us to stay connected through successive lockdowns and social distancing measures. But with the sudden and rapid shift online came a nasty side effect – a bonanza for cyber criminals.
2020 saw a rise in all types of cybercrime, especially online shopping scams, phishing scams and identity theft, which rose by 55 per cent alone.
ScamWatch says hackers are even using the COVID-19 pandemic to take advantage of people, by posing as trustworthy institutions or individuals offering new information on outbreaks and vaccines. So far, more than six million dollars has been reported lost from COVID-19 related scams.
The true cost of scams
In total, more than $634 million was lost to scams in 2019, according to the Australian Competition and Consumer Commission (ACCC).
That includes $126 million lost to investment scams, and another $83 million in dating and romance scams.
Since COVID-19 hit, online shopping scams have actually increased by 42 per cent, as more people stay home and shop online.
ACCC Deputy Chair Delia Rickard says puppies and pets, phones, computers and toys were among the most scammed goods last year.
“Scammers create fake websites that look like genuine online stores, offering products at very low prices and victims will either receive a fake item or nothing at all,” Ms Rickard says.
“They also post fake ads on classified websites, often claiming they are travelling and someone else will deliver the goods, but the item never arrives and the victim can no longer contact the seller.”
Losses on classified websites, such as Facebook Marketplace and Gumtree, rose by 60 per cent in 2020, to $4.5 million.
In truth, it’s hard to know how many people have been taken in by online scams, as around one third go unreported. Victims often feel too embarrassed or ashamed to own up to their losses.
Reports of phishing scams, the most common type of scam, rose 44 per cent in 2020. This is where a scammer will contact you via email, text message, phone call or social media, pretending to be a legitimate business or even a government organisation. The scammer will seek personal information, bank account details or any other information they can use to impersonate you.
“Personal information, such as bank and superannuation details or passwords, are extremely valuable and scammers will try to steal them for their own financial gain. Our increased use of technology has created more opportunities for them to do so,” Ms Rickard says.
Unfortunately, scam victims who lose personal information “are vulnerable to further scams, fraud or identity theft.”
Perhaps the most serious cybercrime of all, identity theft can cause victims years of anguish as they fight to clear their name and undo the damage.
Like other forms of cybercrime, reports of stolen personal information rose sharply in 2020, up 55 per cent over the year. Scamwatch says people aged 25-34 reported the highest losses of personal information.
Security software provider Trend Micro says identity theft, “can be a messy business, potentially taking months for banks and businesses to investigate, before you get your money and credit rating back. At a time of extreme financial hardship, this is the last thing anyone needs.”
How to protect yourself online
Understanding the risks and being aware of your behavior online is the best defence for cybercrime. Here’s what you can do to stay safe online:
- Use strong passwords
Create long passwords (14 characters +) using a phrase of at least four words. Try to include upper and lowercase letters, numbers and special characters. For example “h0rsecupStarsho3”.
Use a password manager to store and encrypt your passwords, so that you can make them as strong as possible.
- Don’t share personal information online
Never allow yourself to be pressured into giving out your personal information online to anyone you don’t know, even if they claim to be from the government or a bank.
Be aware that government and financial organisations will never send emails asking you to provide personal data, visit their site for authorisation or enter information in pop-up windows. If you’re unsure about whether the communication is legitimate, look up the vendor’s phone number for yourself and call them. Don’t call the number given in the correspondence.
- Be aware of scams
Scamwatch is a great resource for learning about the new scams circulating in the community, so take some time to educate yourself. Becoming more aware of scammer’s tactics will make it easier to avoid falling victim.
- Turn on multi-factor authentication
Don’t be put off by the name, multi-factor authentication is one of the most effective tools we have for halting cyber criminals in their tracks, according to the Australian Cyber Security Centre. It’s a really simple process that refers to using two or more ways to verify your identity. For example, a pin number or password, together with a code sent to your mobile phone.
The majority of banks, many financial and software vendors and government websites now offer multi-factor authentication, so make sure to turn it on everywhere you can.
- Practice email etiquette
Avoid opening emails if you don’t know the sender, and, never click on the links or attachments in emails coming from an unknown source. If an email looks suspicious, read the subject line carefully and check the sender’s email address before opening it. Spam email often comes from odd looking or spoofed addresses.
The Australian Cyber Security Centre also recommends setting up a separate email for shopping, newsletters and social media or other non-essentials. Only give out your primary email address to people you know.
- Take care with social media
Social media offers a treasure trove of personal information for cyber criminals, who can find out where you live, work, visit and much more. Be aware of what you post online and set your accounts to ‘private’. Use the privacy settings to control what you share with those inside and outside of your network. Hackers can use publically available information from a variety of sources to build up a profile and impersonate you online.
- Verify that websites are legitimate
Before making an online purchase, do your research. Look up the seller, read reviews and always check that the URL is legitimate. If the URL looks suspicious, don’t enter any information.
Security software provider Kaspersky recommends manually typing in the URL when you need to visit an online bank, retailer or payment website – instead of clicking on a link. Don’t click on links in emails, chat rooms, banner ads or messages from anyone you don’t know.
- Update your operating system and apps
It’s a good habit to make sure your operating systems and applications have the latest updates installed. That goes for both PCs and smartphones, which are essentially handheld computers. Software vendors regularly issue updates, because new vulnerabilities are being discovered all the time.
- Install anti-virus software
Despite improvements in operating systems, it’s still considered essential to have anti-virus software installed on your PC and phone. There are reputable free versions available like Sophos and McAfee, however the premium versions have more security and safety features.
- Avoid using public computers and public WiFi
Public computers, for example in airport lounges, internet cafes or hotels, can have a variety of malicious spyware programs running on them, primed to record everything you type (including your passwords).
So don’t use public devices to access your email, online banking or retailers, or in any transaction where you need to enter personal information.
The same goes for public Wi-Fi, where traffic can easily be intercepted by the network administrator or hackers. It’s best to use your own devices and your own internet connection, especially for online transactions.
Finally, make sure you keep a close eye on your account statements and look out for any unusual activity. You should also check your credit report from time to time, to make sure it’s still clear and accurate.
What to do if you’re a victim
If you’re the victim of a scam, contact your bank or financial provider straight away to inform them of the scam. Also report it to the platform on which you were scammed, so they can close the user’s account/s and blacklist them.
You should also report the scam to Scamwatch, who keep a database of active scams in Australia.
If you’re a victim of identity theft, contact IDCARE. It’s a free, government funded service providing expert support to help you develop a response plan to your situation.
The information, including tax, provided in this document is general information only and does not constitute personal advice. It has been prepared without taking into account any of your individual objectives, financial solutions or needs. Before acting on this information you should consider its appropriateness, having regard to your own objectives, financial situation and needs. You should read the relevant Product Disclosure Statements and seek personal advice from a qualified financial adviser. From time to time we may send you informative updates and details of the range of services we can provide. If you no longer want to receive this information please contact our office to opt out. The views expressed in this publication are solely those of the author; they are not reflective or indicative of Licensee’s position, and are not to be attributed to the Licensee. They cannot be reproduced in any form without the express written consent of the author.