Maximum security on the cards
Online fraudsters are getting better at what they do, but there are several ways to limit your potential losses, writes Penny Pryor.
Don't answer unsolicited phone calls, don't hit hyperlinks and don't let your credit card be swiped, or taken, out of your sight.
If that sounds a bit draconian or too police-state for you, then start preparing for cybercrime and scams.
The increase in internet-enabled devices is seeing a corresponding increase in the rate of scams and cybertheft by parties who are also taking advantage of the increasing amount of information that we - most often freely - make available online.
The Australian Payments Clearing Association estimates $262.6 million was lost to credit card theft in the 2011-2012 financial year. The Australian Crime Commission, as a result of its Task Force Galilee into Serious and Organised Investment Fraud activity in Australia, estimated losses in "boiler room"-type operations to be in excess of $113 million between January 2007 and April 2012. A boiler room is where someone solicits you to invest in non-existent or worthless shares or investments.
The government has introduced a number of initiatives to try to protect consumers. In late July, for example, the Attorney-General, Mark Dreyfus, and parliamentary secretary to the Attorney-General, Shayne Neumann, announced a key initiative for a national online reporting facility for cyber crime called the Australian Cybercrime Online Reporting Network, or ACORN.
But there is plenty you can do to protect yourself - foremost, understanding the kind of issues that are out there.
Online banking and identity fraud
Online banking fraud and scams usually centre on identity theft. Someone steals your identity through a lure or a "phishing" campaign, and then uses that information to steal your funds. "A lot of the crime that happens is with stolen identity," Moss says. "[There's been] a rapid increase in phishing." Phishing refers to unsolicited requests for personal information via email, text or phone that is then used by criminals to commit fraud.
The Australian Competition and Consumer Commission (ACCC) Targeting Scams report for 2012 found the most prevalent way of delivering the 83,803 reported scams in 2012 was using telephone (42.3 per cent), email (23.2 per cent), text message (14.1 per cent) and internet (11.9 per cent). Others included snail mail (7.1 per cent), in person (0.9 per cent) and fax (0.5 per cent).
Scammers are getting very crafty. Emails increasingly appear to come from people you know and include information that might be relevant to you. Thanks to social media, scammers have a great resource to mine for your personal details, whereabouts, tastes and activities. Scamming can happen in the most innocuous of ways. While researching this article, I had a call from a major charity asking for assistance in an appeal they were conducting. They would not give me their details so I could call them back, but did ask for my first name and date of birth (which I didn't disclose). I then rang the charity to confirm they were conducting such an appeal, which they said they were, but I'm still not sorry I didn't give out my personal information. Daniel Loffi, the executive manager of risk and analytics at Westpac, says demographic information such as date of birth is not something you can change once it's been breached by a scammer. "It's in the interest of the people harvesting your details to try and appear [as close as possible to a legitimate issue]," Loffi says.
As a rule, never respond to unsolicited calls, emails or texts. Never click on a hyperlink if you don't know who it's from, and protect your information at all times - buy a shredder, lock your letterbox.
"A shredder is a good investment," says Rebecca Glenn, the campaign director at MoneySmart Week. "Leaving bills and utilities and statements in your car is also a really bad idea."
Also be careful when making fund transfers to a new party. You will usually get an email or text message confirming the details of the new transfer, and the amount. Make sure you check the amount in that notification matches up with the amount you are transferring. "If you're in the middle of being under attack, that information will not match," Loffi says. "That is a very strong indication you've got malware. You've got to stop and read things carefully."
You should also change passwords regularly. "Customers can help protect themselves by regularly changing their PIN at an ATM or a branch," a spokesperson for ANZ said. "We also encourage customers to regularly check their statements or monitor their accounts online."
Moss says it's always puzzled him how people are more than happy to fill out extensive surveys for the chance to win an iPad but are very reluctant to provide information that could give organisations such as his assistance in stopping cyber crime and protecting people's identities. He also points out the effects of being defrauded or scammed are wide-reaching and quite personal. "[Scammed individuals] don't trust the online environment any more," he says. "After being scammed, they will become wards of the state and reliant on government.
"We've only seen the tip of the iceberg, because people are often too embarrassed [to say anything]." Government website scamwatch.gov.au has good resources on the latest scams and you can also sign up to its newsletter.
A boiler room is an organised investment fraud set up with the aim of luring the unwary into investing in something that doesn't exist. The ACC defines it as the use of "sophisticated techniques to solicit investment in non-existent or essentially worthless shares and other securities". Task Force Galilee, a multi-agency task force (which included the ACC and the Australian Competition and Consumer Commission and federal government agencies) was established in 2011 to broaden the understanding of this space.
More than 2600 Australians were estimated to be victims of the $113 million lost in such frauds. It found boiler room activity extended to green energy investments, new technology shares, loans to fund new investments, selling and misrepresenting products, illicit lotteries and sweepstakes, advanced-fee loan and credit offers, mortgage or real estate "investments", "high-return" schemes, option trading, and foreign currency trading.
When it comes to these kind of investment scams, Glenn says the first rule of thumb is "If it sounds too good to be true, it probably is." Always take your time and do due diligence on any investment. "Don't let anyone pressure you and take that time to satisfy yourself of certain things, including, do they have a financial services license," Glenn says. "If they are offering investment products in Australia, they need to have a licence. If they can't provide you that, or if they provide you one that doesn't check out - you can do the check on the ASIC website - then run a mile." You can check whether a company has an Australian financial services licence (AFSL) number on the ASIC register of businesses at asicconnect.asic.gov.au.
If they say that the company they work for has an AFSL, ask for the licensee name, contact that licensee to check they work there and then confirm the licensee's AFSL number on the ASIC website as well. Regardless of where they are based, all companies offering investment products in Australia need an AFSL. Also ask to see the product disclosure statement, which has essential information about the investment and which is also a legal requirement.
Companies are required to lodge these with ASIC, so you can also check for them at search.asic.gov.au/offerlist/offerlist _date_received.html. ASIC has a list of companies not to do business with at moneysmart.gov.au/scams/companies-you -should-not-deal-with.
Unlike credit card fraud, where the bank will more than likely refund the amount stolen, in investment fraud it is very hard to recoup stolen money.
Credit card fraud
John Hamer (see case study, above left) had funds stolen from his credit card, but was then subsequently targeted in the "recovery" phase. This is where the criminal organisations that originally defrauded you will then follow up to "help you" recover your funds, and is also common. The most direct theft is when someone steals directly from your credit card, but your identity can also be stolen and new cards applied for in your name.
You need to be diligent wherever your card is used. And this isn't just at ATMs, but anything from small convenience stores to fast-food stores that can take your details.
"Customers should be aware of the practical steps they can take for their personal and business security, including keeping a close eye on all account balances and covering the keypad when entering a PIN number," Kirk Kantzipas, the general manager, financial crime, at NAB, says.
One of the best things you can do is to start using a card with a chip and dip, don't swipe. "We run a lot of really detailed analytic systems to discover when [skimming is] happening," Loffi says.
Another issue that banks find harder to track is ghost terminals, or terminals that exist purely to swipe your details.
"You will never see the charge appear on your statements. That's difficult for us because we don't see data," Loffi says.
It's not that hard to get your hands on a ghost terminal, so check things such as whether the terminal is connected to anything and, if you have any concerns, don't let your card be swiped.
Be diligent in checking statements and online transaction records; if a purchase hasn't shown up, and it should have, that's another reason to get in touch with your credit card provider. Obtaining a copy of your credit report through credit rating agencies such as mycreditfile.com.au (Veda), checkyourcredit.com.au (Dun & Bradstreet) and tascol.com.au (Tasmanian Collection Service) will keep a track of unauthorised credit applications. Most banks will also refund you the amount that is stolen in the case of a legitimate credit card fraud.
Case study John Hamer
John Hamer has worked in the financial services industry for decades. He is smart, savvy and knows a thing or two about investment. But that didn't stop him becoming a victim of credit card fraud.
One Friday he noted a charge of $1109 to his Westpac MasterCard.
The next day Westpac's fraud unit rang to query the charge. When John said he had never dealt with the company in question, Westpac froze his account immediately.
By the Monday, Westpac had reversed the transaction and closed the account and by the following Thursday had issued a new MasterCard. "It's scary how these sorts of frauds are so prevalent," Hamer says.
The same month, John's wife was also hit by an iTunes scam that was taking relatively small amounts from her account. "With this particular scam, using the name of iTunes, they did some small test amounts, of $4.90. If they go through successfully, they hit you with some much bigger ones down the track," he says.
"So my wife and I have had to cancel two cards in the last month."
As soon as his credit card was cancelled, he received an email that claimed to be from the bank asking for feedback on its website for a $60 credit to his MasterCard. But that email survey also asked for details such as a driver licence number. "I rang that number and reported it and, sure enough, it was another common scam."
Dip, don't swipe, your credit card.
Cover your hand when entering a PIN.
Never engage with unsolicited telephone calls/texts/emails/faxes that ask for personal details.
Get virus-protection software.
Check your credit report.
Don't do business with companies on ASIC's moneysmart.gov.au/scams /companies-you-should-not-deal-with.
Check your confirmation email/text when you transfer funds.
Never click on a link that purports to be from a bank or financial institution.
Don't put personal information (children's, or pet's names and birth dates etc) on social-media websites, as they're often the key to your passwords. And pick the highest privacy settings.
Invest only in financial products from a provider with an Australian financial services licence.
When banking on mobile devices, password-protect your phone and SIM card, use only official apps, don't store passwords, always log out and don't do banking on unsecured Wi-Fi networks.