DOES THIS SOUNDS FAMILIAR?
Veronica was expecting a new credit card when she received a call from a man saying he was from her bank. The man apologised for the delay in sending her credit card but said he needed her to confirm the details so the card could be sent.
She thought the request was a little strange but didn’t question it. The man also asked her for her address and date of birth and she gave this information to him. She started to get suspicious when he hung up on her after she asked him why he was after those details.
Veronica immediately called her bank, who told her that the limit on her credit card had been spent that day and her phone banking had been activated. She had never used phone banking before and had not used the
card that day.
The information she had given the man on the phone was enough for him to answer the bank’s security questions and activate phone banking. Using phone banking, the scammer had transferred money from her savings account to her credit card so that a further cash withdrawal could be taken from her credit card. Veronica later realised that mail had been stolen from her letter box, including documents which had her full name and date of birth. (from moneysmart.gov.au)
There is nothing more heart-breaking than watching your life savings evaporate through fraud. At a time when the fruits of literally years of work, savings and investment can be stolen in seconds, it is critical that all investors be especially vigilant about their financial security. In this edition of Investor Insight, we take a look at two of the common online frauds and scams affecting Australian investors today and explain how investors can protect themselves against online fraud.
Online Fraud – a risk you must manage
The proliferation of online banking and investments in recent years has been an extraordinary boon for Australian investors. Remember the days when withdrawing money meant a trip to the bank (during business hours, of course!) and waiting in line to speak to a teller? These days we have the convenience of 24/7 access to our funds from the comfort of our own living room.
On the other hand, these changes have also ushered in a new age of tech-savvy fraudsters. These fraudsters spend considerable time and expertise looking for ‘chinks in the armour’ – ways that they can obtain and profit from investors’ personal information.
Most of these fraudsters don’t want to steal your identity in the traditional sense. They don’t want to get a credit card or a mortgage or a bank account in your name and live their life off of your good credit history. They simply want to take your money and move on to their next prey.
The good news is that there is a lot you can do to protect yourself against these scams. Whilst banks and financial institutions work very hard at protecting your details, your first and best defence continues to be the sound and prudent management of your online banking, payments and investment.
Fraud 1: Keystroke Logging or Keylogging
A particularly potent form of online fraud is “keystroke logging” or “keylogging”. This involves the surreptitious installation (via a ‘virus’) of a specially designed program that records your keystrokes and reports them to the fraudster.
These programs can be particularly dangerous because they allow the fraudster to capture your user ID and password, account numbers, security questions and answers and anything else you have typed. If you are like most other users and have the same ID and PIN/Password for many different online accounts, you’ve essentially granted the hacker access to any organisation with whom you conduct business.
For these reasons, it is critical that you keep your computer protected against keylogging. In particular, you must:
• Use a strong (and current) anti-virus software. This software works to block viruses from entering your system and is the single most important step you can take. Importantly, make sure you keep this software up to date – the relatively small amount you spend is worth it for the peace of mind.
• Keep your operating system up-to-date with the latest security patches: these patches are designed to block-off vulnerabilities in your system and often are generated in reaction to actual frauds and securities breaches.
Fraud 2: Phishing
Phishing is a scam where Internet hackers request personal information from users online. These requests are most commonly in the form of an email from an organisation with which you may or may not do business. In many cases, the email has been made to look exactly like a legitimate organisation’s email would appear complete with company logos and other convincing information.
The email usually states that the organisation needs you to update your personal information or that your account is about to become inactive. Of course, this is really just attempt to have you enter your information. If you do, the fraudsters will have just captured all the necessary information to access your accounts online.
No reputable organisation will ever email you requesting that you update your personal information, including account numbers, or system passwords via a link to their site.
Follow these guidelines to protect yourself from phishing scams:
• Never click on a link from an organisation requesting that you provide them with personal information.
• Scrutinise the URL (internet address) behind the link. Often in phishing attempts, if you hover the cursor over the link the hackers want you to click on, it has nothing to do with the actual company they claim to be.
• Report any phishing attempts to your financial institution.
If you are unsure that the request is valid, open a new Internet session and manually key in the organisation’s web address. If the organisation genuinely needs information from you, they will have you log in to your online account to see the request. In most cases, you’ll just be greeted with a message indicating that the organisation will never email you requesting personal information.
There is no security system available that will stop fraud if the perpetrator has your login credentials, so it is vital to take the necessary steps to prevent them from getting the information in the first instance!
What else can I do to protect myself from online fraud?
Besides following the tips mentioned in the previous examples, there are other things you should do to safeguard your personal and financial information:
• Change your passwords often. Even if your financial institution doesn’t require it, it is a good practice to change your passwords at least every six months. An easy way to remember is to change them when you change your clocks to adjust for Daylight Savings Time (or – if there is no Daylight Savings where you live – perhaps at the start and end of the football season!).
• Don’t use the same ID and PIN/Password for every online account you have.
• Never disclose your login credentials to other people or organisations.
• Do not store your ID and Password information where others could gain access to it. It is best not to write the information down at all.
• If offered by your financial institution, take advantage of tokens, which provide a unique one-time-use password each time you access your account. This is especially important for business accounts with multiple users.
• Set up an oral password on your bank account where this is offered.
• Set up SMS and/or email alerts on your bank account which provides balances alerts and notifies you when withdrawals are made from your account.
• If accessing information via a wireless network, ensure that the network is secure. Accessing sensitive information (or any website) over a non-secure network simply leaves the door open for hackers. Even if you aren’t visiting a site where you enter an ID and password, you are still leaving your computer exposed to possible threats.
It’s true that there is no such thing as a foolproof system. New scams and viruses are being developed every day and fraudsters never sleep! On the other hand, if you keep a healthy vigilance about your personal information, you can do business online with more peace of mind.
For more information about online frauds, check out the Australian Competition and Consumer Commission’s excellent website: scamwatch.gov.au or ask us about software and password styles that may assist.