Many of us have, at some stage, received an email claiming to be from a bank, email service or card company. Often it will suggest a sense of urgency, claiming your account is locked, compromised or at risk of closing down unless you follow a link.
This scam email will lead to a website (once again, seemingly official) that will ask for secure private information such as a password, a credit card number or important identity details.
There are often telltale signs that can warn you the email and website are imitations. But scammers have found some increasingly smart ways to avoid suspicion.
A new wave of email scams is targeting Australians with what experts have described to The New Daily as one of the most sophisticated data theft (or “phishing”) schemes yet.
When you enter a scam website, you may see your name already entered in. This information is automatically drawn from the real company’s website. At this first stage, only you can see this data; contrary to appearances, the scammers do not yet have this information.
Seeing your own name can immediately earn your trust – and trick you into submitting your confidential details.
The fake website gives a further illusion of security by automatically listing the name of your bank or financial institution, potentially tricking you into providing your full credit card information through a fake “Verify with Visa” or “MasterCard SecureCode” form.
The scam is currently targeted at Australian Netflix subscribers, but is extremely likely to broaden its reach in the coming months. It is just as likely that other scammers will learn from these new tricks moving forward.
However, no matter what new challenges lie in store, there are still some strong, foolproof ways to avoid falling victim.
Alex Kidman, Tech and Telco editor at Finder, told The New Daily one key technique to avoiding identity theft: “the really obvious thing is that the URL won’t be quite right”.
The address in the address bar might look like the institution it’s impersonating, but there may be a subtle variation.
Mr Kidman says this is more difficult to spot on mobile phones, where the full address is not always immediately visible.
“The key thing for people to keep themselves safe is to realise, if you get something that says you must take immediate action, the most sensible thing you can do is open up a fresh browser and log in to the service yourself,” he said.
“If there is a genuine problem with your account they will waste no time letting you know whether your account is going to be suspended. If your billing information is out of date they will let you know because it’s in their interests to do so.
“They want to keep you as a customer so if it comes up there then the email was legit but nine out of 10 times it won’t… An awful lot of firms just don’t do these kinds of email communications anymore because of this exact problem.”
Have you received a scam email like this? Do you know anybody who has fallen victim? And what tricks do you have for spotting the scammers?