Scamming is becoming rife in this high-tech age, but last week I saw it taken to a new level.
I received an email from a friend in Melbourne — I’ll call him Jack — who is prominent in the financial services industry. It was displaying his correct email address, was headed “Cordial Invitation”, and asked me to “click here” to respond. The words “Cordial Invitation” were a warning signal, because it didn’t sound like his typical terminology — instead of replying I sent a new email to his correct email address asking if it was genuine.
When there was no response, I rang his office, where a frazzled Executive Assistant told me they were having hell because their systems had been “hacked”. I deleted the email, and put the issue to one side. The next day I received another email purporting to be from Jack that said, “It’s some wealth management documents for your review, containing some useful and research information. You need to log on to view. Jack.”
In a state of confusion, I sent him a text asking what was happening and he responded by text, “I have been hacked — it’s a nightmare.”
The challenge for all of us is that many of our normal, day-to-day communications require something to be downloaded. Anybody who owns shares will be used to receiving regular emails from companies like Computershare, where you need to download the dividend statement from their website by clicking the highlighted icon. Our electricity and water bills have a PDF attached, and once again they need to be opened to be actioned.
The problem is that most of these fake emails look authentic. Just this week I got an email purporting to come from ASIC regarding “Invoice number 1-E9Y79UE” and asking me to click on a certain link to download the document. It had the ASIC logo on the top, and their normal disclaimer stuff on the bottom, but knowing it was most unlikely ASIC would ever send me that type of communication I simply hovered my mouse over the sender.
This revealed the email had come from “firstname.lastname@example.org” and the link was sending to a foreign site, so it was obviously a scam.
I asked my IT guru to give us some tips on how we can avoid being caught by the scammers. First, I asked what was in it for anyone who would send me an email asking me to click on a link. He told me that once I clicked on the link, I would be giving the scammer access to my entire computer, which includes my contact list, emails, and quite possibly passwords! So his first rule is: don’t click on links unless you are 100% certain they come from a trusted source. One way to check is by hovering your mouse over the links to reveal the actual source.
We discussed PDFs, which are the preferred means of communication with credit card providers and utility institutions, and he replied that a normal PDF should be safe to open as it should not open a link. However, companies like American Express and 28° Mastercard, whose emailed credit card advices usually say “to access your statement click here” he suggested that a much safer option is to log into their website directly to download your statement.
I understand there are now 30 billion connected devices around the world, so the field for scammers is a fertile and growing one. Obviously, consumer education and awareness is going to be critical and I suggest a good place to start would be www.scamwatch.gov.au. It provides information on a wide range of creative scams, and ways to avoid them. It’s too late to take action when the damage is done.
- Noel Whittaker is the author of Making Money Made Simple and numerous other books on personal finance. email@example.com