Expert Advice

Scam, Bam, Time to Give a Damn?

BAL Lawyers7 February 2019
Username and password written on a paper note in the shape of a fish attached to a hook - Phishing and internet security concept

Last year there were 177,516 reported cases of “scamming”, with 12,800 of those relating to identity theft.

Scamming; we know it happens – but mainly to “others”; we dread it happening to us. But do you really appreciate how easily you can fall victim?

With the advent of digital globalisation – particularly internet banking – stealing a person’s money has become relatively “easy”. Last year alone, according to the Australian Competition and Consumer Commission, there were 177,516 reported cases of “scamming”, with 12,800 of those relating to identity theft. And the culprits often remain anonymous, ironic when the most dangerous scams involve identity fraud.

Identify theft seems elaborate, yet involves a series of simple steps; often commencing with hacking a phone or computer to obtain one’s name, address, the bank you use or even access to your banking apps, to then transfer the funds before suspicion is even raised. Once a password is discovered or changed, then your “door” is flung wide open. But even with this warning, I suspect many are still thinking “It won’t happen to me”. One such example involves this elaborate string of simple processes. We have no “legal advice” on this; this is merely a warning:

First, the hacker obtained information relating to the identity of the victim; much of that information can come from any bill, letter or even by checking the White Pages or googling it! You might have published your birth date and received 100 “Happy Birthday” messages via social media.

Using that information they pretended to be the victim to the victim’s phone provider, or they may have even rung you and asked you the standard list of security questions. Be aware of the “unsolicited phone service provider” who can save you money on phone or power: “You’re with Telstra, right?”. Having contacted your phone supplier, it merely requires convincing the phone company to change the email used for the account to one controlled by the hacker.

In the simplest way your mobile phone is hacked; the SIM can be deactivated, and the phone number transferred to another SIM, allowing the hacker to then access the victim’s phone messages and perhaps trace applications downloaded, now accessible through your phone account history, and all using a mobile phone controlled by the hacker.

In this real-life case, access through an internet banking app allowed the hacker to press “forgot password” to the internet banking app, and of course, the “security code” for the password to change is delivered to the phone controlled by the hacker. They have now successfully gained access to the victim’s bank account. Upon gaining access, the hacker proceeded to deplete the victim’s savings; all this can take place in the space of a few seconds.

Such a story could end in tears, but for the victim’s proactive behaviour from the warning signs: on this occasion, their phone posted a message that their sim was ‘deactivated’. Then shortly after there was a series of Gmail messages on their PC notifying of their bank’s transfers from the victim’s account to accounts that were not known. On seeing the emails, the victim immediately notified the fraud team at their bank, and an investigation was launched. The real point of true exposure came when the published name, address and mobile phone number could be matched with a phone company and with sufficient information to alter the email address to deal with the sim. Here, there was no recollection of being spammed with security questions and police believed that either (physical, snail) mail had been intercepted revealing security information or their work or home PC had been subject to spyware. But seriously, finding out someone’s date of birth, favourite footy team, mother’s maiden name, pet’s name and the like is not a huge challenge if you are sufficiently motivated.

By the time the emails from the bank confirming the transactions depleting the victim’s money had been successful, the whole of the victim’s balance of savings was taken. Once these signs appear, it is important to notify the bank immediately, as they typically allow a short window within which they will assist you to avoid the loss and begin the process of recovering your money. You should also notify the police and report the scam to the Australian Competition and Consumer Commission’s Scam Watch.

Roughly three weeks later, the saga concluded with the finding that the victim had indeed fallen prey to digital fraud, which was covered by the Bank’s favourable fraud policy and its insurance. No details were given as to whether the scammer/s were found (which is very unlikely). Yet we all pay the cost, through the costs to the Bank and through our insurances.

While falling prey to a scam can be difficult to avoid, by being aware of the warning signs, and proactive in notifying the police and your bank, such a scam may not end in disaster. Be vigilant about your personal information. And where you hold personal information from another. Be alert to the damages caused by careless protection of it.

Written by Lauren Babic, Lawyer, BAL Lawyers.

Original Article published by BAL Lawyers on The RiotACT.

What's Your Opinion?