Every day, the internet opens up new opportunities for enhancing the way we connect, shop, bank, research, work and socialize.
But the more we do online, the greater the opportunities for criminals to steal money, information or identities: in 2015, Australians lost $229 million to scams.
Protecting yourself online has never been more important, and AARNet’s Director, Security, Louise Schuster says awareness should be the first line of defence.
Knowing about which threats are out there – and then implementing a few simple practices – is the best way to avoid online scams, theft, phishing, bullying and more.
Here, we share some of the advice the AARNet Security team produced for Stay Smart Online week, a national event to raise awareness about the ways people can protect themselves online.
Scams are direct attempts to relieve you of your money. All scams follow a similar pattern: someone will issue you a payment via one method, and ask you to make a payment via a different one.
Often this will look good, and the buyer will tell you that you have the money as soon as you see the funds available in your account.
Once you have access to the funds, they will ask you to transfer an amount of money; this could be via a wire transfer service, in cash, via a gift card or prepaid credit card, bitcoin, or another anonymous transfer.
In the days or weeks that follow, they will reverse their original transaction, leaving you without the cash and possibly owing additional fees to your bank for overdraft or fraudulent activity.
The primary defence against scams and extortion is awareness. Please share this information with those close to you, especially if they are isolated or vulnerable.
If you believe that you or someone you know has been the victim of a scam, or to learn more about these and other types of scams, please visit SCAMwatch.
You can also report the crime via the Australian Cybercrime Online Reporting Network, ACORN.
Australia’s losses from identify theft are estimated to be in the range of $2.2 billion for 2014-2015, and 4-5% of Australians incurring an average $3k in direct out-of-pocket expenses as a result of identity theft.
Tax file and driver’s license numbers are currently preferred by criminals. These allow fraudulent tax file returns, or the opening of bank accounts and lines of credit in your name.
But with as little information as your name, date of birth, and postcode, an identity thief can convince many companies to reveal more information about you, or allow access to your account.
The simple act of posting “today I turned 40!” on Facebook or Twitter, combined with your name, can be enough.
As with all cyber crimes, your primary defence against identity theft is awareness.
Be aware of the information banks, service providers and government agencies ask for in order to authenticate you. Don’t distribute these details without knowing who will have access to them and why.
Think about how you handle your personal information. Shred documents with personal information, avoid emailing personal details, and check whether websites are secure (https and a lock displayed in the browser) before submitting any personal data.
Check how locked down your social media is. Settings can change, exposing your details. Have an anonymous account, or a friend of a friend, check to see what details leak beyond the scope of those you explicitly authorize to view your details.
If you think you are a victim of identity theft, it is important that you act quickly to limit the fraudulent use of your identity:
Phishing is a tool used by cybercriminals to look to steal personal information and trick people into entering personal or confidential information.
This commonly happens with legitimate-looking emails from a trusted source, such as an energy company or a bank. These usually contain false links that ask for personal information, and they can be used in identity theft, credit card fraud, or stolen banking information.
Common sense is the best method. Double check website name and links. When providing personal information to a website, make sure the site is secure (using ‘https’ and with a lock displayed in the browser).
If you receive an email requesting personal information, stop and ask yourself: who is asking? Why would they ask for this? Why would they need it?
If it seems phishy … don’t trust it!
145 million US citizens have been impacted by the credit agency Equifax data breach, revealed in September 2017. The personal information of up to 44 million British citizens and 8,000 Canadian Citizens may also have been impacted…
Equifax set up a website to let users check whether their records were part of the data breach.
You can contact Equifax to set up credit monitoring, which will alert you when new credit is opened or changed under your name.
A number of class action lawsuits have been filed. You may wish to investigate participating.
Be extra vigilant of emails you receive regarding changes or opening of accounts. If you receive such a notification, be wary of the possibility of opportunistic phishing, do not trust contact details within the email.
The Australian Government’s Stay Smart Online service has a helpful free alert service that explains recent threats online and how they can be managed. Sign up to the service on the Stay Smart Online website.