ASB lists ways we can be tricked - and what to do to prevent it.
Scams and cyber-attacks are ever-present enemies when consumers and businesses go about their daily activities – and the results of being caught up in a scam can be debilitating.
ASB head of technology and operations, David Bullock, is imploring people to be extra vigilant and careful in the lead-up to Christmas.
The latest CERT NZ data shows a total of 2069 incidents were reported in the third quarter of this year, with scams and frauds increasing 32 per cent to 595, from 526, and unauthorised access rising 28 per cent to 295, from 230.
Direct financial loss reached an all-time quarterly high of $8.9m compared with $3.9m in the second quarter – and scams, frauds and unauthorised access contributed strongly to the record loss.
The highest total incidents over the past two years came in the lead-up to Christmas last year, with 3977 reported in the fourth quarter (October to December). The total number of incidents, including those unreported, may be much higher.
Bullock says: “Different scams have lots of different hallmarks and it is really hard for people at this time of the year – a busy period – to understand and see them for what they are.”
A classic is the package scam, he says: “They take advantage of the fact that most of us are expecting a package, you click on the link to find out where your package is – and quickly you have given your information away, a real challenge and problem.
“You need to be careful and not click on links. It is much safer to go to the freight website or the original vendor you purchased from to update your package.”
Other scams include the text on your mobile phone: “You may get a text from your so-called telecommunications provider about something being wrong with your mobile account and the scammer starts asking for your username and password.
“Elderly people are often caught out when the scammer contacts them talking about their computer having a problem and how they need to download some software to resolve the fault. You should immediately distrust anyone talking to you about your computer and go back to the shop you bought it from or seek professional help.”
Another classic con is a message which says there is a problem with one of your (banking) accounts. “But they tell you not to contact your bank”. As soon as that occurs, he says, you should immediately contact the bank and ask them about it.
Bullock says people shopping online know the types of screens that vendors use. “If you are not used to them and what the normal process looks like, you are more likely to be caught out by a scam.”
He says one of the basics of protecting against fraud and scamming is to use a strong password for banking that isn’t used elsewhere.
“It’s really important. All of us find it difficult to remember passwords and we are prone to use the same password on multiple sites. The problem with this is that, as soon as one of the sites is compromised, the financial criminals now have your password for every single interaction such as your banking and telecommunications.
“When someone calls asking for your information, often the best course of action is to hang up the phone, go on to the official website of ‘the caller’ and check out whether what they are asking is legitimate.”
Bullock loves reciting tips for a stronger password: “You go into a website and put in your password. It says ‘no, you need a capital letter’. So, you change the first letter of your password to a capital.
“Then it says ‘you need a number’ and you put 1 at the end of your password. It goes on, ‘you need to put a symbol’ and you put an exclamation mark at the end of the password.”
Bullock says it can be inconvenient initially, but it’s such an obvious way that we think we can create a stronger password when it’s not. Change your (new) password immediately. A stronger password, for example, is ‘lollipophousecarkey’ all one word.”
Bullock says there’s a great practical learning online, the Little Black Book of Scams by the Commission for Financial Capability.
The Little Black Book details:
- Investment scams (in New Zealand it is illegal to sell financial products off the back of a cold call)
- identity theft and romance scams
- business email response scams (fraudster will impersonate company executives by gaining access to their emails or imitating them)
- phishing and smishing scams (unsolicited emails claiming to be from a legitimate organisation)
- tax scams (email from Inland Revenue claiming you are entitled to an extra refund)
- door- to-door scams from aggressive salespeople
- emergency scams targeting loving grandparents receiving a phone call claiming to be their grandchild
- subscription traps (tricked into providing credit card information and locked into a monthly subscription)
Bullock says there are reputable password managers who can provide protection for multiple passwords online. “There are passwords you might use for services that are very low risk, but you will have specific passwords for higher risks partnerships such as banking and telcos and you really want to make sure they are secure.”
For businesses, he suggests four key protections:
- Two factor authentication (it could be a code, fingerprint or facial recognition) – anyone who logs onto the system needs to provide something else on top of their username and password to verify who they say they are
- Make sure there’s a different password for all the business relationships
- Update software consistently to remove the vulnerabilities that financial criminals will use to attack and enter your organisation
- Back up your data
For more business insights, cyber security tips and tools, visit the ASB Business Hub.