Australians lost more than $2 billion in scams in the last year according to Scam Watch.  And New Zealanders have lost over $69.8m over the last 5 years according to Stuff. It is important that you follow these three key steps to protecting yourself online; 1. use strong passwords, 2. be alert, and 3. report attacks, scams and fraud.

Be alert

If it sounds too good to be true or if something seems little off, it probably is. Don't let anyone pressure you. Ask questions and do research - use reputable websites you trust to check the validity of the company or person.  Check out the resources below for more information.

Types of scams to look out for

Online scams have proliferated with the growth of the internet and its associated technologies. While the tactics of scammers continue to evolve, here are some of the main types of online scams that have been consistently observed:

• Job and Employment Scams: Fake job offers, often for "work-from-home" positions, where the victim may be asked to pay for training, materials, or even the fake job itself.
• Phishing Scams: These involve sending fake emails or messages that appear to be from legitimate sources, like banks or popular online services. The aim is to trick recipients into providing sensitive information such as usernames, passwords, and credit card details.
• Tech Support Scams: Scammers claim to be from reputed tech companies, warning victims about a fake virus or technical issue on their computer. They either trick the victim into paying for unnecessary tech support services or install malicious software.
• Lottery or Prize Scams: Victims receive messages claiming they've won a large sum of money or a prize, but must first send a fee or provide personal details to claim it.
• Online Shopping and Auction Scams: Scammers set up fake online stores or auction listings to either not deliver the purchased items or deliver items that are counterfeit or of poor quality.
• Investment Scams: These promise high returns for low-risk investments. Ponzi schemes and pyramid schemes are two common types.
• Romance Scams: Scammers create fake profiles on dating sites or social networks to form a relationship with the victim, eventually convincing them to send money, often with a sob story or fake emergency.
• Rental Scams: Fake rental listings are created where the scammer tries to get a deposit or rent payment before the prospective renter realises the property isn’t available or doesn’t exist.
• Fake Antivirus Software: Pop-ups warn users that their computer is infected and offers to sell them antivirus software, which is itself malware.
• Cryptocurrency Scams: These might include Ponzi schemes in the guise of investment opportunities, fake ICOs (initial coin offerings), and phishing attempts to steal cryptocurrency.
• Gift Card Scams: Scammers convince victims to purchase gift cards and then provide the codes as a form of payment.
• Social Media Scams: This might involve "clickbait" links leading to malicious sites, fake celebrity endorsements, or impersonating friends or family to request money.
• Tax-Related Scams: Pretending to be tax agencies, scammers claim the victim owes money and threatens legal action unless payment is made immediately.
• Ransomware: Malicious software that encrypts the victim's data, with the scammer demanding payment (usually in cryptocurrency) to unlock it.

It's important to remember that scammers are always coming up with new tactics. Staying informed and exercising caution online, especially when dealing with unsolicited communications or too-good-to-be-true offers, is essential to avoid falling victim.

What do phishing attacks look like?

• They may reach out on WhatsApp, social media, email, or a text message
• They may be an advertised link that comes up in your search results and leads you to a fraudulent website that looks like a real site
• They may use the name, logo and/or artwork of a major brand to make you think they are legitimate
• They may redirect you to unusual pages that use colours, fonts, or images that you wouldn't normally see on the real website
• They may come from a suspicious email address or have a misleading domain name (URL) that looks similar to the real one
• They may claim there is a problem with your account and ask you to visit a fraudulent website designed to look like a real website

If you are ever unsure of a link you're shown in an email or in internet search results, don’t click on it. Instead, browse by typing it into the URL bar of your browser, rather than clicking links or advertisements.

Use strong passwords

• Use a password generator - G2 ranks the best password generators here
• Never use the same password - this is easy when you use a password generator
• Never share passwords - goes without saying, never email, text or write down passwords
• Use hard to guess passwords - upper and lower case, numbers and symbols
• Always use 2 factor authentication - Google and Microsoft both have options

Report attacks, scams and fraud

When you see, or are a victim of, an attack, scam or fraud, report it.  We have included links in the resource list below that can help you. 

Have you been hacked?

The ACSC has launched the ‘Have you been hacked?’ tool. This tool will help you assess if you’ve been hacked by guiding you through a range of scenarios that will advise you on how to best respond to the situation.

Scenarios include ransomware attacks, malware threats, email compromise and identify theft, as well as phishing and fake website scams.

The tool is simple to use and includes typical warning signs, scenario explanations and easy-to-follow steps on how to remediate the situation.

• Tool: Have you been hacked?
• Quiz: How secure are you?

Now is the perfect time to protect yourself online.

If you are interested in receiving cyber alerts, join the ACSC Partnership Program and help others stay secure too.

Resources

Global Resources

• Multi-factor authentication
• Secure your Google account
• Secure your Microsoft account
• Protect your business from email fraud & compromise
• Phishing - Scam Emails

Australian Resources

• ACCC Scamwatch to report or find out more about scams- https://www.scamwatch.gov.au/report-a-scam 
• ATO - ATO’s dedicated scam line 1800 008 540 to check legitimacy of a call, text, or email. You can also verify or report a scam online at ato.gov.au/scams

New Zealand Resources

• NetSafe for information on staying safe online https://netsafe.org.nz/ 
• New Zealand Police https://www.police.govt.nz/advice/email-and-internet-safety/internet-scams-spam-and-fraud