An ideal moment for a scammer is when you’re ready to part with a large amount of money and they can impersonate the person or institution you want to send it to.
“They will come up with a believable story and convince you to take action,” according to Scamwatch. “They may also ask you to make an immediate payment, or transfer money to another account.”
Dr Sushmita Ruj, engineering faculty lead at the UNSW Institute for Cybersecurity, says Australians need to be wary of “triggers” for this kind of activity.
“To keep your money safe, you really have to be very cautious with messages and emails asking for credentials — a valid bank representative would never ask for your credentials in that way,” she says.
You can verify if a communication is legitimate by either using contact details you have independently verified or using the institution’s secure app or portal.
Say no to public Wi-Fi
Dr Ruj also cautions against using free public Wi-Fi, especially for important transactions.
“Most of the Wi-Fi networks that are open, which you find with free public Wi-Fi or in shopping malls, are unsecured networks,” she explains.
“There could be various ways scammers or fraudsters could get your credentials and launch attacks or misuse them.”
For example, a NSW man was a victim of identity theft after using a Wi-Fi hotspot that was set up by a cybercriminal. While using that hotspot, the man had sent identification documents to his parents, and they were intercepted.
“There are risks involved when using public Wi-Fi hotspots,” according to the Australian Cyber Security Centre.
“They can be accessed by anyone, and are often free and unsecured. These hotspots can be an attractive target for cybercriminals, who may try to use them to steal your passwords or sensitive information.”
Second-guess SMS
The ACCC’s latest targeting scams report found text messages were the most reported contact method for scammers in 2023.
Criminals can plant fraudulent messages within the same texting thread as genuine bank communications.
“We are incredibly concerned about bank impersonation scams because they can be so convincing, they are very hard to detect,” ACCC deputy chair Catriona Lowe warned last year.
So, if you’re in the midst of communicating with your bank and trusted advisers, and you receive SMS communications with instructions to transfer money or hand over your details — don’t. There’s a chance a cybercriminal is being opportunistic and hoping you’ll confuse genuine communication with your bank with a fake one.
Double down on your defences
Multi-factor authentication (MFA) gives Australians significantly more powerful security against cybercriminals than a standard one-step login process, and the Australian Cyber Security Centre encourages individuals to enable it wherever possible.
Having MFA enabled on your banking means a criminal has to crack more than one layer of defence to access your money. MFA also gives you a moment to pause and consider what you’re verifying and if you’re comfortable proceeding.
There are a range of options when it comes to MFA, including apps that don’t rely on SMS to verify your activity.
“Apps like Macquarie Authenticator are secure and purpose-built to avoid reliance on SMS, and to help keep your money and bank accounts secure,” explains McArdle.
“The app gives you a chance to pause, review and authorise important account activity — like a payment or a login. But you don’t need to flick between SMS and another app or browser, or question if the SMS you received is legitimate,” she says.
Like many people, Max, a Macquarie Bank customer, uses SMS for two-factor authentication outside his banking in his everyday life.
When Max switched to Macquarie, he used Authenticator while setting up his home loan. He felt more secure using technology designed to protect his money, instead of a text to verify important transactions.
Since then, he has thought twice about using SMS in relation to his banking.
“The first home loan I got was with another bank. And the authentication process was via SMS. It was very scary, I was reading the numbers a million times,” Max says.
“The second time with Macquarie was much more seamless and simple.”
Macquarie Authenticator is a multi-factor authentication app designed to maximise your security and provide a beautiful banking experience. To learn more, visit Macquarie.com.au/Authenticator.