How to avoid online scams

Scammers online are rife these days, with Australian victims perceived to be rather soft targets.

Gone are the days where we might be duped by Nigerian Princes or very poorly written emails from, apparently, Margot Robbie (yes, I got one of these once). Instead, scammers often rely on your goodwill or perhaps a moment of vulnerability to trick you into thinking you need their help to avoid “unnecessary and unwanted charges”, and before you know it they are accessing your computer and perhaps your bank accounts.

So how do you spot these from the real deal?

Read on for some tips on how to avoid being scammed.

How is this service contacting me?

With the abundance of choice of streaming services or similar, comes a vast choice of ways for scammers to grab your attention.

popular streaming servicesWhether it’s a big bank, Netflix, Disney+, Amazon, the ATO, Telstra, or something else, scammers will throw any well known service out there, casting the net as wide as possible, and see what lands. This sort of scamming can be described as phishing, as the scammers are trying to land any fish. That’s you, you’re the fish. Don’t be the fish.

The way this works is you receive an email, text message or phone call out of the blue that appears to come from a bank, or a service you might use (eg. Netflix) that either tells you that your credit card details are out of date and need updating, or that you have just been successfully charged and if you no longer want to be charged, click THIS button!

These emails are often alarmist in nature (YOUR SERVICE IS ABOUT TO BE CANCELLED!), often require you to do something quickly (ACT NOW!), and/or trying to trick you into thinking you have been charged something when you haven’t (THANK YOU FOR THE PAYMENT OF $70 IF THIS IS IN ERROR CLICK HERE OR CALL THIS NUMBER!), for the purpose of you making a rash decision and calling the number, or clicking the bright shiny button.

Clicking the button within these emails might do one of several things:

  • Take you to a fake, sometimes well branded (sometimes not), website for you to enter card details
  • Convince you to make a phone call to the number provided to talk about your “refund”, and thereby hand over card or banking details
  • Perhaps ultimately convince you to download some sort of remote access software to “help” you with the refund
  • Something else that is just as dangerous

All of this spells major trouble, and the downloading of remote access software (eg. AnyDesk, AnyPlace Control, Ultra Viewer) fills me with the most dread.

Some personal experiences

how to avoid scammers onlineIn the last month I have had no less than 3 customers contact me due to activities based on the above. All of them had a similar story to tell, they were all a little embarrassed about what had happened, were a little vulnerable at the time due to a hectic life or less than ideal personal circumstances, and had unwittingly allowed access to their machine and in some cases, bank accounts.

One person hadn’t lost anything and realised what was going on, and quickly shut it down.

Another lost a few hundred dollars, but was apparently getting it back from the bank after discussing the situation with them. In this instance, it was bills that appeared to come from Google that the victim had paid, and having an online business was quite used to receiving such bills.

Another had someone in their accounts and setting up payments to a third party before they realised what was going on. Last I heard, they were trying to talk to the bank about getting over $9,000 back …

Another common scam is to say that you have been charged a relatively small amount of money. For the sake of an example, let’s say $50.00 and now you are looking for a refund because you never signed up for this service to begin with, so how dare they take your $50 to begin with, right? Helpful Company (the scammer) says they have refunded you, but OH NO they have made a mistake and refunded you $500.00. Now if you can just be kind enough to refund that money back to the account number they’ll provide (“you might not see the $500 in your account yet, because you know it clears overnight”), because if you don’t they’ll get fired and then who will feed their 5 children … you get the idea but in this way they are trying to prey on your goodwill and sense of doing the right thing. Now just download this Remote Access software and Helpful Company will walk you through it!

Things to look out for

Poorly spelled email subjects, or content. Dead giveaway, though less and less common. However, legit company emails are good at getting the spelling perfect. Also look for impersonal emails (Dear Customer, versus your real name).

Do you even use the service? I got an email recently that I admit looked great. Content was solid, good use of logos and other imagery. Only a slight typo in the subject which I didn’t actually notice on the first read. If I actually had a Paramount+ account, I might have even believed that I was about to be cut off!

Buttons, links, click-throughs that go somewhere completely different to the expectation. A lot of email viewers these days will show you where the email has come from (return email address) or where the link is going to, when you hover on it. Try this, and see what it says. The email that I received recently telling me that my Disney+ account currently has “suspension your account” I doubt should really be using imagery or links from “lumiere-a.akamaihd.net”. That all of the footer information was in Spanish is quite the red flag also.

ANY text message or SMS that wants you to click a link. This is popular with bank and tax/ATO scams. If in doubt, don’t believe them, and contact your bank or service via another means (look up the phone number in a separate Google search). The real service providers don’t want to lose your business, and won’t simply cut you off. Just TRY and genuinely disconnect from Foxtel to see how difficult it is!

No service wants to be paid via Apple iTunes cards (a still popular ATO scam).

Nobody is going to buy your car sight unseen via a friend/agent that only wants to pay via PayPal and pick it up to deliver to Far North QLD or the NT.

If you have been told that an amount from a service you don’t use has been successfully charged, check your bank accounts to verify it is true. And don’t click the button.

The last word

It only takes a couple of bites, a small number of people to take the hook, for the scammers to make a good amount of money. This is a large part of why such scams continue to be seen.

By being ever vigilant and perhaps even a little suspicious of any email asking you to click a link or button to avoid cancellation of a service (or to commence a refund process) you can help keep yourself and your money safe.

Please don’t ever, EVER, allow someone you don’t know and trust to install any sort of remote access software on your computer.

And don’t click the shiny button.

Distrusted SSL certificates not reflected in Chrome browser or Developer Console

blog feature image

There has been a long standing issue between Google / Chrome (and now also Mozilla / Firefox) and Symantec regarding the SSL certificates that Symantec have issued in the past via their various subsidiaries (eg. Thawte, RapidSSL). In a nutshell, as of v66 of Chrome, certain SSL certificates will become distrusted (those issued prior to June 2016), and the browser will tell you accordingly. Similar will occur with Firefox v60 (or so I believe). Other certificates will get similar treatment later in 2018.

Read more Distrusted SSL certificates not reflected in Chrome browser or Developer Console