Scam "phishing" emails pretending to be from service providers in order to steal your credit card details continue to be a thorny issue for Australians.
A current scam email aimed at Telstra customers highlights how convincing these cons can be. The message claims you're due for a refund, and asks for you to confirm your details, including your credit card information. The email includes Telstra's current logo and is "signed" by Telstra executive Gerd Schenkel. The link in the email does not go to a Telstra site, but you'd be hard-pressed to tell that simply by looking at it. The fake site is designed solely to steal your personal data.
A more novel rip-off aimed at Netflix subscribers is being sent via text message, rather than email. This is relatively uncommon, because texting typically costs money for the scammer, unlike email, which can essentially be sent for free. The message asks you to "Update your Netflix Account so you can continue enjoying your Netflix service", and links to a fake login page. If you fall for it, your Netflix login details will be stolen. This scam doesn't ask you for credit card information.
The common denominator here is that Telstra and Netflix are massively successful companies. Telstra has close to 17 million subscribers; about 5 million Australians use Netflix. So any scam message sent to an Australian has a good chance of reaching an actual customer. This logic is why the Big Four banks and the ATO are also often used as bait in phishing emails.
What happens if you do fall for one of these scams and enter your details? The scammers won't necessarily take the obvious route and start running up charges on your credit card, though that's certainly one possibility. They may simply sell their collection of credit card numbers in an online "black market" for someone else to exploit. That means any suspicious charges on your card may come weeks or months after the details have been stolen, and you may not connect the two events.
Banks have sophisticated fraud detection systems, so any attempt at using your card may well be picked up. While that means you're less likely to lose a large amount of money, you'll still have to cancel your card and go through the hassle of recreating any automatic payments made with it.
Scams that don't seek out credit card details, like the Netflix one, can be just as dangerous. The issue? Many people use the same password across multiple services. If you have the same password for Netflix as for your email account, then the scammer can easily access all that information.
So how can you spot a scam? One obvious giveaway is that these messages will typically be addressed to "Dear customer" or not include a salutation at all. Spelling and grammar mistakes are also a clear sign of a scam, as is any request to confirm information the company already knows. After all, if you've already paid by credit card, the provider doesn't need those details to give you a "refund".
Regardless, if you receive an email that says you owe money or you're due a refund, the safest strategy is to ignore it and delete it immediately. If you're unsure, contact the company concerned by phone – and look up the phone number yourself.
Angus Kidman is a technology expert and the editor-in-chief for comparison site finder.com.au. This article was originally published by the Sydney Morning Herald on 13 July 2016. It represents the views of the author only and does not necessarily reflect the views of AMP.
AMP has taken steps to make your online experience with us safe and secure.
When you’re faced with unexpected expenses, having emergency cash set aside can make all the difference.