Scammers posing as businesses we trust keep tricking Australians into paying bogus bills.
"Phishing" scams have become by far the most common tricks reported to Australia's consumer watchdog. They're called such because the scammers cast their net wide, sending bogus emails to thousands of people in the hope that a few of us won't spot them as fakes.
In the past six months alone the ACCC has received 11,000 reports of phishing, with nearly $260,000 lost to scammers, and that's obviously not including those Australians who don't even realise they've been duped.
The details of the scams vary widely but the basic idea is always the same: tricking people into handing over money or sensitive information.
Rather than offering deals which sound too good to be true, like winning the lottery, scammers send emails that seem far more boring. Often they'll pose as your bank, energy retailer or courier company. Other times they'll pretend to be the tax office or Centrelink chasing an unpaid debt, or perhaps the police issuing a speeding fine.
Instead of cleaning you out, the idea is to fool you into paying what seems like a reasonable amount of money. Sometimes they might be angling for information such as account details and passwords, as the first step in a multi-stage scam.
Scammers use the same tricks to sneak malware onto computers, hoping that people will open innocent-looking attachments or click on links. With the end of the financial year having just passed, you can expect for a spike in tax refund scams. The aim here is to quietly infect your computer with spyware sniffing for passwords, or perhaps ransomware which encrypts your precious files and demands payment for their release.
Anti-virus will sometimes pick up these threats, but phishing scams are more sinister because there's no virus to detect or technical flaw to exploit – scammers are simply targeting people's trusting nature.
Phishing attacks don't just arrive via email; scammers are also known to pick up the phone. You could receive an automated call supposedly from the tax office asking you to enter your financial details, or a call from real live crook. They might ask for payment or simply claim to be "verifying customer records" in the hope you'll reveal your online password and the answers to your security questions.
Never trust someone who calls you and then expects you to prove who you are or hand over sensitive information. No legitimate service provider should ever ask for your online password or demand that you hand over money on the spot. Tax office scammers are even known to ask for payment in the form of iTunes Gift cards.
When in doubt, tell the caller you'll hang up and call them back via the business's main switchboard. They might give you a number to call, or include one in their email, but don't trust it. Look up the number for yourself in the phone book.
If the caller is legit they'll understand your security concerns. The more persistent, irate and threatening they become, they more likely you're dealing with a scammer trying to catch you in their net.