You’ve probably heard the theory that people are the weakest link when it comes to cybersecurity, and that if something seems too good to be true, it probably is.
However, the reality is that scams are getting increasingly sophisticated, and more people from all ages and walks of life are falling prey.
Director of the UNSW Institute for Cyber Security, Nigel Phair, says that from all the research he has done, everyone who has clicked on a phishing link or responded to a scam didn’t think it was too good to be true.
“That’s why they did it,” he says. “These are educated people, but they still fall for these things.”
Nigel has been working in the cybersecurity field for 19 years, first with the Australian Federal Police (AFP) before working his way through IT consulting and academia. He is now also a Canberra Community Bank director for the four local Bendigo Bank community branches in the ACT.
“We live and breathe online,” he says. “And online has provided so much opportunity when it comes to banking and finance. It’s just awesome.”
But with opportunity comes risk.
The Australian Competition and Consumer Commission (ACCC) has declared the week beginning 8 November as National Scams Awareness Week, and Bendigo Bank is onboard to try to spare its customers a world of hurt.
“Criminals are rational people – they want money,” says Nigel.
“We still see letters from Nigerian princes and other basic scams, and we still see them because they work. But where the criminals’ level of sophistication has increased is continuing to leverage trust in a known brand through what is known as ‘phishing’.”
Nigel says the big ones doing the rounds at the moment when it comes to online banking and money are automated calls.
“Whether it’s a call claiming to be from the tax office, the police, Border Force and so on, that’s the big one right now because criminals don’t want you to think or question,” he says. “If you think, you might not fall for their trap. It’s all about the here and now.”
As we approach Christmas, Nigel says we should expect to see an increase in dodgy emails claiming to come from Australia Post and other courier companies trying to persuade you to click on links and divulge bank and other personal details.
Another big one is the ‘flubot’.
Nigel describes this as a text message or a voicemail which requires you to download a dodgy app onto your device in order to access it.
“As we get into more non-traditional banking products, these types of scams are going to proliferate,” he says.
Due to the sheer amount of phishing already out there, Nigel says banks have lost many means of communication with customers. For example, when a bank sends you a legitimate email, chances are you’ll think it is a phishing email and disregard it.
“Banks, from the top tier to the bottom tier, have to be really smart with not only what they message to their customers, but also how they message it,” he says.
In-app messaging is taking off as a smart way around this because the customer is already securely in the bank’s app and knows it is a trusted location. Many of these apps have their own built-in inbox.
Prevention is certainly better than cure in the case of an online banking scam as there’s next to no chance you’ll ever see the money again. It’s an approach Nigel says needs to be second nature.
“When you go to Civic on a Friday night, you park your car, move your wallet or phone out of sight, lock it and just generally make it less of a target to break into,” he says.
“People need to take that same sort of thinking to online banking, and think about how they can reduce their chances of becoming a victim.”
Nigel has three top tips for avoiding online banking scams:
“Particularly if you’re using a mobile smart device, make sure you enable all the security features,” he says. “If you’ve got facial recognition for the device and the banking app, make sure you enable it.
“The next one is to reduce what people can see about you on social media. Criminals trawl social media profiles for personally identifying information. Lock down all your security settings on your social accounts.
“They would be the big two, and then don’t share the same password across multiple logins. Have a ‘passphrase’ with multiple words in them rather than a password.”
For more information on how to keep your online banking secure, visit Bendigo Bank.