The bots are getting smarter and they want your data. Stay one step ahead with Credit Union SA's guide to not getting hacked in 2023.

Credit Union SA is urging the community to be cautious of phone messages claiming to be from a family member or friend and asking for help, following a significant rise in impersonation scams in the recent months.

More than 1150 Australians fell victim to the scam in the first seven months of 2022, according to The Australian Competition and Consumer Commission (ACCC).

Known as ‘Hi Mum’ or ‘family impersonation’ scams, victims are contacted – often through messaging apps like WhatsApp – by a scammer posing as a family member or friend.

The scammer claims they’ve damaged or lost their phone and are contacting you from a new number. After developing a rapport, they’ll ask you for help and money to urgently pay a bill or replace their phone. Scammers might also ask for personal details or photos to use on their social media profile.

The excuse of a broken or lost phone is used to justify the request for funds, with the explanation being that they can’t access online banking temporarily.

If you get a message from a number you don’t recognise, Credit Union SA encourages you to always independently verify the contact yourself and never just trust a text.

 

Verify Directly

If you’re contacted by someone claiming to be family or a friend, start by calling the number you have saved for them in your phone already. If your loved one picks up, you’ll know the message is a scam.

Secondary Contact

If you can’t get through to your friend or family member directly, try using another contact method or verifying with someone else who is likely to know them, such as a partner or close friend.

Ask a Question

If you haven’t been able to contact your family member or friend directly, consider asking a personal question that a scammer couldn’t know the answer to.

Above all, never send money without being absolutely sure who you’re sending it to.

---

 

Flubot

Since August 2021, many Australians have been getting scam text messages about missed calls, voicemails or deliveries.

The ACCC has received more than 12,000 reports of these scams, which involve convincing the victim to download an app containing malicious software called ‘Flubot’.

The malicious software used in the Flubot scam can read your text messages, send text messages from your phone, make phone calls from your number, access your contacts and send the infected link to contacts on your phone.

More importantly, it can capture your credit card and internet banking details from your phone, which may lead you to become victim to significant fraud losses.

There is potential for the Flubot malware to evolve over time and attempt to imitate banking apps, as well as Apple Pay, Fitbit Pay, Garmin Pay, Google Pay and Samsung Pay.¹

 

Don’t Click!

Quite simply, never click links received via SMS. If you don’t click the link and don’t install the app that follows, you’ll be safe.

Take the Time to Verify

Scammers will often pretend to be from places you might expect to get a tracking link from, like Australia Post, DHL, Amazon or eBay. Scam text messages trigger a sense of urgency, and are often poorly written with strange web links. Stop, think and take the time to verify.

Keep Your Contact Details Up to Date

Make sure your bank can contact you about any account security concerns – it could help keep you safe from scams.

 

But what if I’ve been caught out?

Act Immediately

Your passwords and online accounts are now at risk from hackers. Contact your financial institutions immediately.

Clean Your Device

You can clean your device by contacting an IT professional, downloading official anti-virus software from your app store, or performing a factory reset ASAP.

---

 

Scam Spotter

Think you can spot a scam? Spot three things wrong with this email, then see how you did below.

 

Did you pass the test?

Here’s what you should be looking out for:

Spelling Mistakes

Email addresses might appear correct at first glance but often contain extra letters or errors on closer inspection.

“Don’t Miss Out!”

The email text will try to create a sense of urgency to make the reader act without thinking.

Hyperlinks

Hovering over linked text within the email will show you the real URL you’ll be directed to. Watch for random strings of letters, numbers or illegitimate web addresses.

Branding

Inconsistencies with wording and layout of the business logo or font, colours and sizing of body text.

Lack of Personalisation

The introduction does not address you by name, because scammers will send these out to large databases all at once.

---

¹ Android, Google Pay, and the Google Logo are trademarks of Google LLC. Apple, the Apple logo, Apple Pay, Apple Watch, Face ID, iPad, iPhone, iTunes, Mac, Safari, and Touch ID are trademarks of Apple Inc., registered in the U.S. and other countries. iPad Pro is a trademark of Apple Inc. Samsung Pay is a trademark of Samsung Electronics Co., Ltd. Fitbit and the Fitbit logo are trademarks or registered trademarks of Fitbit, Inc. in the U.S. and other countries. Garmin Pay is a trademark of Garmin Ltd. or its subsidiaries.

This article is intended as general information only and has been prepared without taking into account the personal financial situation, objectives or needs of the reader. Before acting on this information, you should consider its appropriateness, having regard to your objectives, financial situation and needs.