6 Scams to Look Out for in the Wake of Major Data Breaches
March 28, 2023
Most major Australian enterprises use Outsourced IT support or an in-house IT department to deliver high-level cybersecurity services. Still, cybercriminals find ways to slip through. In March 2023, Latitude Financial became the latest Australian company to experience a significant data breach. Though the full extent of the cyber attack has yet to be confirmed, the breach exposed the personal records of more than 330,000 current and former customers (some of whom hadn’t been with the company since 2005).
Some unlucky Australians had their data exposed not just in the Latitude Financial breach but also in the Optus and Medibank breaches that went down late last year. In the wake of these and other attacks, it’s common for victims to experience an uptick in spam emails and scam attempts. You may think you’re fine if your phone number and email address were the only things exposed. However, the unfortunate truth is that these data points alone can be all a cybercriminal needs to launch an attack.
Thankfully, there are steps you can take to protect yourself, your money, and your data. The first is to educate yourself on the most common attack vectors to ensure you don’t fall for phishing attempts or slip into the sales funnel of a scammer. Cybercriminals are creative, but they also tend to rinse and repeat any tactics that work. So once you know the red flags, you’re in a good position to avoid falling into their traps.
Here are the major scam message types to look out for in the wake of Australia’s recent data breaches:
Your child messaging from an unknown number
Helping your kids goes hand-in-hand with parenting. Unfortunately, scammers have figured out a way to leverage this. Though the details may vary, the general setup is that you’ll get a message from an unknown number claiming to be your kid. They usually start with “Hi mum,” or “Hi dad,” before telling you they’ve lost or broken their phone and are messaging from a new number. They’ll ask for money and layer on a sense of urgency that triggers your parenting instincts. Since this isn’t an unusual request for a kid to make, many parents send the funds without question.
Australians have lost millions of dollars to this scam type. You can avoid falling victim to it by taking a breath and seeking verification before doing anything. Call or message your child on their usual number to see if they respond. Kids aren’t always known for promptly answering their parents’ calls, so if you don’t get through, try contacting them via social media, their work number, or someone you know they’re with at the time.
If you can’t get hold of your child, ask the person who messaged you a few questions that only your child would know. Ensure the answers wouldn’t be easily guessable by a stranger.
It’s also worth taking preventative measures before you receive such a message. Talk to your kids and establish a few easy ways to tell if it’s really them messaging. For example, you could agree on a set of emojis you always use in your communications.
Messages that look like they came from myGov
Fake myGov messages may come via email or SMS. They usually involve a request for you to update your details or a claim that you’ve received an adjusted refund from the ATO. Thankfully, you don’t have to do any sleuth work to determine whether these messages are legitimate or not.
The Australian Communications and Media Authority (ACMA) has confirmed that “myGov will never send you an email or SMS with a link.” So, if you receive such a message, you can delete it with confidence. If you have lingering doubts, do not click any links in the email or SMS. Instead, navigate to the official myGov website – my.gov.au – and log in to see if you’ve received any official communications.
The ever-evolving Flubot scam
Just as the flu is constantly mutating, so too does the Flubot attack vector. If you’ve never heard of it before, Flubot is a form of malware that’s particularly problematic for Android users. The aim of the attack is to get you to click a link in a message and unintentionally download the malware onto your device. This aspect of the scam has remained the same. The part that’s constantly evolving is the way they get you to click the link.
Common Flubot variants to look out for include:
- Delivery tracking messages;
- Messages claiming to link to photos or videos of you online;
- New voicemail messages;
- Security update messages;
- Flash player update requests.
While other Flubot variants may arise, they always share one thing in common: there’s a link they want you to click. If you tap the link, you may unwittingly download the Flubot malware.
Once on your phone, the malware can access your contact list, send text messages, and make phone calls. These factors are central to the way the malware spreads. Flubot malware can also allow scammers to access your account credentials, giving them the ability to steal money and sensitive personal data. So, be wary when you receive messages and emails containing links.
Someone with the “wrong number” wanting to make friends
It’s sweet to think that a lifelong friendship could spring from something as random as a wrong number. Sadly, scammers have figured out how to leverage our love of such stories.
Nowadays, if someone messages you in error but then wants to keep talking, it’s unlikely to be the start of a beautiful new friendship. Instead, after chatting for a while to gain your trust, they’ll likely start making romantic moves or mention that they’re making a ton of money in crypto. Either way, this is the start of a scam funnel aimed at separating you from your money.
Someone claiming to be from your super fund
Superannuation scams are a big one to look out for as they come in a wide variety of formats. You could receive a phone call, email, or SMS offering financial advice or asking you to update your details. Recently, scammers even made a fake Facebook page for AustralianSuper, offering customers high returns if they invested in cryptocurrency.
Once again, your takeaway here is to avoid clicking links in emails or text messages. With phone calls, you can hang up and call your super fund on its official phone number. If they genuinely need to reach out to you, there will be a record, and you’ll be put through to the appropriate person. As for fake social media pages, the best advice is to navigate to your super fund’s official website and use their social media icons (often embedded at the bottom of the page) to reach their official channels.
Anyone talking about crypto investing
Even if you haven’t had your details exposed in a data breach, your friends may have. Unfortunately, this can affect you in the form of crypto scams. Cybercriminals will often hack a person’s social media account with the aim of sending messages to that person’s friend list.
What red flags indicate that your friend’s account has been hacked? Be incredibly cautious if they start telling you about an amazing crypto platform that’s been making them a lot of money. Be equally dubious if they claim it’s an investment advisor who’s been helping them. Whether they send you a link to a crypto platform or investment guru, you can be 99.9% sure it’s a scam. Your best bet is to ignore the messages and contact your friend via a secure alternative channel to let them know their account has been hacked.
How to protect yourself online
Whether aimed at an individual or a prominent company, most modern cyber crimes have one thing in common: they leverage human error. Thankfully, there are steps you can take to ensure you’re never the weak link in your cybersecurity armour.
Educating yourself on the most common scams and attack vectors is a brilliant place to start. It’s also crucial to ensure you have robust cybersecurity measures in place at home and at work. If you’re ready to take your cyber hygiene to the next level, check out our top cybersecurity tips.
If you’d like to protect your business from data breaches and the threat of human error, contact us today to discuss your options. As a Managed Service Provider, we offer 24/7 monitoring, uninterrupted cybersecurity, and IT packages designed to suit your industry, needs, and budget. Our friendly IT experts are always happy to talk strategy.
Book a FREE Consultation
When you choose Invotec, we want you to feel 100% confident. That’s why we offer a free consultation for all schools, to see if we’re a perfect fit. Request your free consultation today and take the first step towards better IT Support.