The clever new email scam targeting Australians

Many of us have, at some stage, received an email claiming to be from a bank, email service or card
Australia

Many of us have, at some stage, received an email claiming to be from a bank, email service or card company. Often it will suggest a sense of urgency, claiming your account is locked, compromised or at risk of closing down unless you follow a link.

This scam email will lead to a website (once again, seemingly official) that will ask for secure private information such as a password, a credit card number or important identity details.

There are often telltale signs that can warn you the email and website are imitations. But scammers have found some increasingly smart ways to avoid suspicion.

A new wave of email scams is targeting Australians with what experts have described to The New Daily as one of the most sophisticated data theft (or “phishing”) schemes yet.

When you enter a scam website, you may see your name already entered in. This information is automatically drawn from the real company’s website. At this first stage, only you can see this data; contrary to appearances, the scammers do not yet have this information.

Seeing your own name can immediately earn your trust – and trick you into submitting your confidential details.

The fake website gives a further illusion of security by automatically listing the name of your bank or financial institution, potentially tricking you into providing your full credit card information through a fake “Verify with Visa” or “MasterCard SecureCode” form.

The scam is currently targeted at Australian Netflix subscribers, but is extremely likely to broaden its reach in the coming months. It is just as likely that other scammers will learn from these new tricks moving forward.

However, no matter what new challenges lie in store, there are still some strong, foolproof ways to avoid falling victim.

Alex Kidman, Tech and Telco editor at Finder, told The New Daily one key technique to avoiding identity theft: “the really obvious thing is that the URL won’t be quite right”.

The address in the address bar might look like the institution it’s impersonating, but there may be a subtle variation. 

Mr Kidman says this is more difficult to spot on mobile phones, where the full address is not always immediately visible.  

“The key thing for people to keep themselves safe is to realise, if you get something that says you must take immediate action, the most sensible thing you can do is open up a fresh browser and log in to the service yourself,” he said.

“If there is a genuine problem with your account they will waste no time letting you know whether your account is going to be suspended. If your billing information is out of date they will let you know because it’s in their interests to do so.

“They want to keep you as a customer so if it comes up there then the email was legit but nine out of 10 times it won’t… An awful lot of firms just don’t do these kinds of email communications anymore because of this exact problem.”

Have you received a scam email like this? Do you know anybody who has fallen victim? And what tricks do you have for spotting the scammers?

  1. Patsy  

    There must be ways of tracking these spammers so that they can be prosecuted to the fullest for their “crime”. My computer is a huge part of my business and I seem to spend alot of unnessassary time filtering spammers. Even unsubscribing doesn’t always work…..it’s very frustrating. And don’t get me started on the telemarketers/phone scammers lol. We can’t get on the Do Not Call register because we’re a home based business and so they are constant. Just leave us alone….we’ll call you if we want a service. There…..rant over!!!!!

  2. marilyn willson  

    My friend almost got scammed, I happened to pop in and listebed and watched as the scammer put up a bank page that my friend thought was official, there was more money than he thought in this account, he was told that accidently this extra money had been put into his account and would he withdraw that extra amount and send it to someone else, my hackles were up and I intervened only to get sworn at and called horrible names, which I graciously returned and hung up. They sounded educated and Indian accented.

  3. Anthony Arnold  

    This is an email I received today with a logo at the top that looks a lot like Australia Post’s but says MyPost. The English is pretty crook “Sending” has not been delivered – “Pack” has not been delivered and Australia Post leaves a card to pick up from your local Post Office and holds parcels for about a fortnight and doesn’t fine you after 3 days. Be aware, be careful !!!

    ============================

    Sending has not been delivered to your address!
    Good day
    Pack has not been delivered to the specified address on October 18, 2016, as nobody was at home. If you don’t claim a package within 3 service days, Australia Post will fine you for storing it.
    Please download and examine the information about your dispatch, print it and go to the post office to receive your parcel.
    Download here
    IMPORTANT: Please check the information! Otherwise you may be fined wrongly.
    Warranties Australia Post expressly disclaims all conditions, guarantees and warranties, express or implied, concerning the Service. Where the law prevents such exclusion and implies conditions and warranties into this agreement, where legally permitted, the liability of Australia Post for breach of such condition, guarantee or warranty is limited at will of Australia Post to either providing the Service again or paying the cost of having the service supplied again.
    You can find any information about the procedure and conditions of pack storing in the nearest post office.
    Respectfully,
    Helen Johnson
    Australia Post

    ===========================

    The “download here” line was a web address…

  4. Rob  

    Have had numerous emails purporting to be from Telstra telling me I have paid my bill twice and offering a refund. They have made the email appear to have come from Telstra including logo! Nothing relates to any bill I have paid! They want me to click on a link which, as we know, will give the cagey bastards access to my info. I simply delete as soon as I see it.

    • Bronwyn Halbisch  

      Yes, I’ve received [yesterday] this email, proposing to be from Telstra, advising that my bill had been paid twice and log on to receive refund… I did this [unfortunately] filling out the whole form, giving Visa card info etc., the thing that alerted me to, I’d better check through Telstra’s own site and My Account, which didn’t say I’d over paid!! was the fact they asked me for my Bank’s limited… So they had me.. I immediately called the Bank’s emergency number and they cancelled my credit card and also I had to change the password on my internet banking… AND the b…s have sent another like email this morning… so I’ve sent that off to the Bank’s spoof area too!

    • Diana Mitchell  

      As if Telstra would offer a refund
      Ha!

  5. Glen  

    The really obvious thing is HOW THE HECK A BANK OR ANY SUCH BUSINESS CAN GET YOUR EMAIL ADDRESS !! Did you give it to them ? No. Then the obvious thing is how or WHY would they contact you for details about your account via a contact you DIDN’T GIVE THEM ?

    • Denis  

      These scammers have ways to get your email address .I often get messages from Banks I don’t even deal with so that’s a bit of a giveaway.
      The longer your email address has been on the net the more likely you are to get these messages. My current one has been on for about 18 years so I get fair bit. It used to be on my business web site.
      NEVER reply to them as that just confirms your email as active.
      There are people that collect email addresses and sell them to the scammers.
      You can also put filters on your emails to put them in the junk folder – I am up to 52 😉 I put them through Spamcop as I explained in another post.

  6. Denis  

    I get a lot of satisfaction by sending them through SPAMCOP https://www.spamcop.net/ you have to register – tick 12 months as it saves you logging on often.
    What you need to do with the message first is VIEW SOURCE (this depends on the mail program you use). Use help to find it. This shows you all the code behind the message,
    Right click – SELECT ALL then COPY Paste this into the Spamcop window and press the PROCESS SPAM

    The program parses (puts it through a routine) the information and you will see on screen all the operations it goes through to find the admin/abuse address of the ISP. You then just SUBMIT SPAM and away it goes – the spammer then loses its access to the ISP in most cases which costs them money. You’d be surprised where some of them come from.

  7. Scammers trading as PayPal have been trying to get me for months.

  8. Joanne  

    Have had several, on my mobile phone, over the last few years’, including one this week!

    I phone the Fed Govt’s ‘Scamwatch’, & give them the details.

    Then I DELETE message, having NEVER opened them!

  9. Guy Flavell  

    If you get conned by these spammers then you’re a bloody dill. Just delete anything that looks remotely suspicious and NEVER, ever give your personal banking details to anyone at all … apart from companies or organisations that you are mutually setting up a direct bank debit with to pay a regular commitment like a loan repayment, phone or energy bill.
    Follow these simple rules and you’ll be completely secure from these loathsome fraudsters.

Leave a Reply

Your email address will not be published. Required fields are marked *