| |

Australian regulator warns of massive near doubling of home computer intrusions so far this year

Publication: 
Editorial Staff
chiefofficersnet

"So far this year scammers have stolen more than AUD7.2 million from Australians by gaining access to home computers, an increase of 184 per cent compared to the same period last year." So says the Australian Competition and Consumer Commission.

Contrary to the common "phishing e-mail" approach, many instances start with a phone call. And just to make it worse, they are targeting phones: you know, those things that contain your financial apps and are used as "tokens" or for SMS confirmations by your bank.

The ACCC’s Scamwatch says in a report issued today that almost 6,500 Australians have reported phone calls from scammers trying to convince them to download software that gives access to home computers and their bank accounts.

Commonly called remote access scams, scammers pretend to be from well-known organisations such as Telstra, eBay, NBN Co, Amazon, banks, government organisations, police, and computer and IT support organisations. They create a sense of urgency to make you give them access to your computer via remote access software.

“Remote access scams are one of the largest growing scam types in Australia. Scammers take advantage of the digital world and the fear of fraud and cybercrime to access people’s devices and steal their money,” ACCC Deputy Chairman Delia Rickard said.

“These types of scams target and impact all people and can be convincing. People aged 55 and older lost over AUD4.4 million, accounting for almost half of total losses. Young people reported losing on average AUD20,000 and eight Indigenous Australians, some in remote communities, lost a total of AUD38,000.”

Scams of this nature will often be an unexpected phone call saying you’ve been billed for a purchase you didn’t make, your device has been compromised, or your account has been hacked. Sometimes they start with an SMS, email or pop up on a screen from a scammer seeking urgent contact to fix a problem.

The scammer will pretend to assist you or ask you to assist them to catch the scammer. They will tell you to download remote control software such as AnyDesk or TeamViewer. Once the scammer has control of your computer or device, they will ask you to log into applications such as emails, internet banking or PayPal accounts, which will allow the scammer to access your banking and personal information to impersonate you or steal their money.

While remote access tools have been around for years to help IT support personnel in their work, scammers are also taking advantage of the ability to remotely access people’s computers or smart phones.

The ACCC is working with the private sector to disrupt these scams including by sharing information with telecommunications carriers about the phone numbers used to call Australians so they can trace and block calls.

So let's simplify this:

Scammers phone potential victims, say they are from their bank, etc. and ask them to download remote access software.

Then they either take over control of the device (smartphones are computers with an emphasis on communications, they are not "telephones" in the sense that it was used until a generation ago) or they ask the victim to perform certain acts and record and recover those acts which include all the access codes for accounts, for example.

Part of the reason for this is the increase in the use of smartphones by vulnerable groups. As more and more services require the use of a smartphone, people who don't otherwise need one are being pushed into having one - and once they have it they suffer from the twin problems that people trust new-to-them technology and they have no idea of the complex world they are joining.

There was a significant change in recent reports: Amazon and eBay shopping were used by fraudsters as the "hook" for their calls reflecting the increasing importance of those companies in, in particular, on-line shopping during the pandemic. The leaders were telecommunications companies Telstra and NBN Co but the shopping channels are coming up fast behind them.

The ACCC has issued clear and sensible advice. It might even be thought to be obvious advice.

But no matter how clear, sensible or obvious it is, the lesson from this announcement is simple: it's not getting through and it's clear that many people are not thinking about security first.

The ACCC's advice is set out below.

“It is really important not to let anyone who contacts you out of the blue access your devices, as once you give them access, you have no way of knowing what the person will do to your computer or what programs they may install,” Mrs Rickard said.

“If you receive contact from someone claiming to be from a telecommunications company, a technical support service provider or online marketplace, hang up. If you think the communication may have been legitimate, independently source the contact details for the organisation to contact them. Don’t use the contact details in the communication. Also, don’t click on any of the links.”

“Remember, your bank will never ask you to give them access to your computer or accounts, nor will they ask for the codes to verify transactions. You should never provide those numbers to anyone except to verify transactions you are making in your mobile banking app or through your online banking,” Mrs Rickard said.

The ACCC is working with the private sector to disrupt these scams including by sharing information with telecommunications carriers about the phone numbers used to call Australians so they can trace and block calls.

People who think they may have been scammed should contact their bank or financial institution as soon as possible. If they installed any apps or programs, they should also delete them from the device. Support in recovering from these scams including how to check if your identity and computer is secure is available through IDCARE on 1800 595 160 or www.idcare.org(link is external)

People can make a report on the Scamwatch website. They can also follow @scamwatch_gov(link is external) on Twitter and subscribe to Scamwatch radar alerts.

---------------- Advertising ----------------

--------------------------------------