Phishing, investment scams, and invoice are all among the key cyber threats that continue to plague consumers and small business in the latter part of 2021.
A crazy year may be drawing slowly to a close, but the actions of cyber threat actors certainly are not. A myriad of threats, scams and new tricks are being deployed to keep consumers vulnerable and small businesses equally so.
Phishing, account hijacking, crypto scams, malware; there are more cyber threats out there than almost ever before.
And it’s a bumper year for scams; Scamwatch says Australians reported a record $211 million in losses to scams so far this year, up 89 percent on 2020.
So, as we prepare to wrap up another annual Scams Awareness Week, which scams are the biggest risks to you?
Phishing continues to be a top cyber threat impacting consumers, small businesses
You pick up your phone to see yet another spam text.
We’ve all had them, but in recent months the trickle has become a flood. FluBot, as it’s known, is an SMS phishing campaign that attempts to trick people into installing a malicious app on their phone.
The messages change constantly – an unusual trait for a phishing campaign – but are generally about missed packages or new voicemails and contain a link for you to click.
That link leads to a webpage that offers you details on your delivery or mail, along with another link that downloads the malicious FluBot Android app (iPhone isn’t affected).
If installed, the app can do things like steal data and passwords and spread to more people over SMS using your phone number.
Your Android phone’s SMS spamshu feature (available on the default SMS app) will normally catch these messages before they hit your inbox. Telstra protects its customers by blocking the links contained within the messages and notifying people who infect their phones with FluBot.
Most other SMS and email phishing scams are similar to FluBot. Missed packages, outstanding fines, and fake security alerts are a staple of phishing because they trick some of us all of the time.
We click and tap their scams about a missed package when it comes as we’re expecting a delivery. Or maybe we’re a bit too tired and busy to notice a convincing email sent from a dodgy address.
So it’s important to remain skeptical of all unexpected communications, regardless of who the communicator claims to be or the platform used to reach you.
Investment scams impacting consumers and small business
Australians reported more than $70 million in losses to investment scams like bogus cryptocurrency and bond schemes in the first half of this year, more than the total lost in 2020. It’s on track to hit $140 million by year’s end.
Due diligence is key to avoid the lure of high returns and promises of special high-tech algorithms.
But these scams are so lucrative than even romance scammers are getting in on the act. These scammers are known to cultivate long relationships to eventually fleece a victim of money under the pretence of an airline ticket for a face-to-face meeting or a bill for a pressing medical need.
Now they are using those relationships to convince victims to invest in scams.
A trusted confidant like a friend or family member is key to avoiding romance scams. They should be someone brought in at the start of an online relationship and told all the details so that they can be the litmus test of whether a relationship is exploitative.
Remember – victims are far from stupid: the average is a typically “middle-aged, well-educated woman”, according to research.
Business email compromise continues to threat everyday consumers and small business owners
It’s difficult to overstate how vulnerable many of Australia’s 2.3 million small businesses are to cyber security threats. They have websites with unknown vulnerabilities, exposed remote services, and insecure online accounts.
But of all threats, business email compromise (BEC) and invoice fraud are the worst.
These attacks are far from the advanced and state-sponsored hacking that captures headlines. At most, they involve hacking insecure email accounts, setting up mail rules, and possibly registering a website.
These scams take different forms, all of which criminals deploy to devastating effect. In one example known as whaling, criminals will impersonate a company director in an email to a subordinate financial controller ordering them to pay money to their bank account.
In another, known as doctored invoicing, scammers will break into a business’ email inbox or simply buy that access, and alter the payable bank accounts on invoices.
Victims wire money into the hands of criminals where it can remain unnoticed for days, weeks, or months, giving crims ample time to make off with the cash.
Defence against business email compromise, whaling, and other forms of invoice fraud is simple in theory and harder in practice: before wiring money, make a phone call and verify the bank details.
Check out more about scams facing you and how you can defend yourself, friends, and family at Scamwatch.
