The rise in online scams: What every internet user needs to know

In the lands of cybersecurity, being “pretty sure” is pretty dangerous. Like many of us, Sarah considered herself tech-savvy since she used a computer daily for work, shopped online regularly, and even helped her parents set up their smart TV. So when she received an email from her bank about a suspicious transaction, she didn’t think twice about clicking the link to verify her account, not realising it could be one of many online scams.

Little did Sarah know that single click would turn her life upside down for months. Hours on the phone to the bank, providing proof and the unknown of who else could have her information now. Stories like this are becoming alarmingly common, with investment, romance and phishing scams ranking highest in Australia.

Most common types of online scams

When in doubt, reach out. If something seems off, always contact the company directly through their official channels, not the details in the suspicious message. Here’s what to look out for:

• Phishing emails which use urgency and personalisation to trick people into revealing sensitive information.
• Fake online dating profiles to build relationships and eventually ask for money. Not wanting to meet in person and quickly asking for financial help are things to be wary of; particularly payment requests via gift cards, wire transfers, or cryptocurrency, because they’re more difficult to trace or reverse.
• Posing as tech support, claiming your device has been compromised. They’ll try to gain remote access (asking you to click a link they send via email or text, or ask you to provide your IP address) or sell you unnecessary services.
• Fake shopping sites that mimic real retailers but take your money and personal information. Be cautious of deals that seem too good to be true and always check the site’s legitimacy before purchasing 
• Lastly, walk the other way on investment and cryptocurrency opportunities promising high, fast returns with little risk.

High-profile hacks: The domino effect of data breaches

Considered the largest data breach in Australia to date, a 2022 data breach affected up to 9.8 million Optus customers. That’s nearly 40% of Australia’s population. If you weren’t affected, chances are someone you know was.

Hackers later hit Medibank, accessing 9.7 million current and former customers’ details and claim information. Medibank refused to pay the ransom, leading to data being leaked on the dark web for anyone to see or exploit.

In the USA in 2021, T-Mobile exposed the names, birth dates, Social Security numbers, and driver’s licence information of approximately 76.6 million U.S. residents, leading to a $500 million class action lawsuit for T-Mobile to pay out. Customer money funds those payouts.

Hackers gained access to Uber’s internal systems in 2022, exposing staff email addresses, corporate reports, and Slack messages. Even if you’re not an employee, consider how often we trust companies with our data.

How do hackers get into company systems?

There’s countless ways company data gets compromised. The most common being:

• Outdated software leaving vulnerabilities unpatched
• Improperly set up security measures
• Employees revealing credentials through a sophisticated phishing email or disgruntled employees or contractors causing intentional breaches
• Poor encryption making it easier for hackers to read information
• Targeting less-secure third party vendors or partners who have access to a company’s systems.

Major organisations hit by ransomware attacks

A ransomware attack is a type of cyberattack where malicious software (malware) encrypts a victim’s files or locks them out of their computer system. The attacker then demands a ransom payment, usually in cryptocurrency, in exchange for restoring access to the data or system.

Large companies who were stuck down by ransomware attacks in recent years include:

• Fuel shortages disrupted commutes and road trips on the East Coast as Colonial, the largest fuel pipeline in the U.S., shut down for several days to resolve the issue, and paid $4.4 million ransom in 2021.
• The food on our table and the prices we pay took a hit when JBS Foods, the world’s largest meat processing company, was affected, impacting its operations in Australia, Canada, and the U.S. JBS paid an $11 million ransom to regain control of their systems
• Imagine waiting for medical attention, but the system is down for weeks. This was the case for Scripps Health San Diego after a hack took them offline, affecting patient care and cost the organisation an estimated $112.7 million.

Even the famous aren’t safe

Hackers posted unusual content and stories on Aussie actor Chris Hemsworth’s account in 2020 before the issue was resolved. Part of a larger Twitter hack affecting high-profile accounts, hackers posted Bitcoin scam tweets from Elon Musk’s account and others in 2020. The incident led to increased scrutiny of Twitter’s security measures. In 2017, hackers hacked Selena Gomez’ Instagram account and posted nude photos of her ex-boyfriend Justin Bieber before the account was secured.

What to do if you’ve been scammed or hacked

You might think I’m not a big company or a celebrity. Why should I care about these hacks? If those with resources and teams dedicated to security can fall victim, how vulnerable are we in our daily digital lives? Cyber predators might prefer high profile prey, but ordinary internet users remain easy targets for hackers of all skill levels.

• Change passwords for all affected accounts immediately
• Contact your bank or credit card company to prevent further unauthorised transactions
• Collect evidence including emails, messages, and screenshots
• Run a full antivirus scan on all your devices and update all software to the latest versions
• Inform your contacts to prevent the scam from spreading.

Reporting scams to relevant authorities

• Report to ScamWatch: Visit ScamWatch, run by the ACCC
• Australian Cybercrime Online Reporting Network (ACORN)
• IDCARE free support to Australian victims
• If you believe your privacy has been breached, you can complain to the Australian Information Commissioner OAIC.
• If you have information that could help catch the scammer, report to your local police.

Scam support and recovery resources

• The MoneySmart website offers guidance on financial recovery after scams.
• Visit the ACSC website for comprehensive cybersecurity advice and resources.
• Beyond Blue offers mental health support
• For free financial counselling, contact Financial Counselling Australia.
• The Stay Smart Online program provides up-to-date information on the latest online threats and how to respond to them.

Basic protection measures we should all have in place

Adequate cyber protection requires putting a few measures in place. When combined, these simple steps will significantly boost your online safety:

• Using strong, unique passwords and change them regularly
• Enabling two-factor authentication
• Keeping software and operating systems updated
• Install Sapher Shield, which verifies the authenticity of websites, links and attachments before you enter sensitive information.