AU: Countdown to Tax Day

listen to - something different! podcast on goodpods

By Jacquline Jayne

We are approaching a hectic time with the end-of-financial year (EOFY) sales left and right, with added fuel to the fire with tax time.  June is HUGE, and so are the scams. 
According to Scamwatch, buying or selling scams resulted in 9,854 reports, with $6,749,897 lost in June and July 2022 combined.  The actual losses would be much higher than this because many people do not report scams.  If there were compulsory scam reporting in Australia, I would go so far as to say that this could be doubled, if not tripled. 
The type of scams criminals uses are often underestimated during this time.  Online shopping is one area that cybercriminals target.  There are also classified scams, false billing, and overpayment scams, to name a few.  The challenge for us all is knowing what to look out for and doing everything possible to avoid being scammed.   

Some scams to look out for this year include: 

Fake Company and Fake Products – in this scam, a website has been set up with products, contacts, shipping details, and everything you would expect from an e-commerce website.  They may also have a social media account with a few ads across other sites.  Everything looks good and legitimate until your order never arrives because it was a fake company.  The challenge is to do as much research as you can before purchasing. 

Only Pay for Postage Scams – as the name suggests, these scams are all about paying for postage only, so the product is free.  Unfortunately, there is no product, and you won’t get your money back for the postage you have paid as the company is fake. As with the above scam Fake Company and Fake Products, research is essential before purchasing. 

Classified Scams – where scammers will post fake ads on social media sites.  Often, these fake ads have been copied from real ads except for a ‘too good to be true’ price.  Once you contact the scammer, they will use all sorts of excuses to push you to transfer money fast or use other strange tactics to get you to do something out of the ordinary.  This can also work in the reverse when you are selling something legitimate on one of these sites, and the scammer will contact you with random payment options and, again, force a quick sale where you aren’t thinking in the usual way about the transaction. As a buyer, if it is too good to be true, it usually is, and if the seller is pushy or in a hurry, be very cautious. As a seller, stick with the usual payment terms, such as cash or PayPal, and if the buyer is being pushy, be cautious. 

Overpayment or Refund Scams – if you are selling something online, the scammer buyer will more than likely make you an offer above the listed price, or when they make payment via credit card (that is a stolen card), they will tell you that they accidentally transferred too much into your account and ask that you refund the overpaid amount to them.  Being a trusting person, you transfer the overpayment back to the scammer, usually via Western Union or bank transfer.  There is also a chance that you will send them the product, and it is only after a few days or weeks that you discover that the credit card they used was fake and they didn’t pay you anything, and you are now out of pocket. 

Story Time 

I fell for a scam in late 2022.  Yes.  I should have known better; however, given the right circumstance and situation, even cybersecurity professionals can become victims. Over the holiday break, I was aimlessly scrolling on social media, and those hula hoop weight loss things kept popping up.  You know the ones I mean (don’t pretend you have considered getting on if you have a few centimeters to get rid of around the old waist).  After seeing too many ads with success stories, I decided to buy one for a friend of mine, of course.   

Here’s what I did: 

  1. I visited the site (didn’t click on the link from the social media ad). 
  2. I checked out their contact us section and saw that they had a local address. 
  3. I looked at their other products. 
  4. They had ‘Shop Pay’ as a payment option. 
  5. I went to Facebook to check them out – all seemed ok. 
  6. Then I purchased the product. 
  7. And patiently waited for the product. 
  8. After waiting a long time, I emailed the company to see where it was – no reply. 
  9. I emailed twice again with no reply. 
  10. I contacted ‘Shop Pay’, and they could do nothing; my money was gone. 
  11. Finally, I got angry and felt like a fool for being scammed. 

Here’s what I didn’t do: 

Visit my favorite search engine and type in the name of the company like this: 
“XYZ company reviews” because if I had done that, I would have seen it as a scam website.   
Surprise! The company does not exist, and I found hundreds of reports on Reddit with the same story as me.  Sigh.  This step should have been between three and four above as it would have been here that I would have stopped and not purchased the product. 
Granted, it wasn’t a substantial financial loss, but it was still a loss, and I was scammed.   

Top Tips to Avoid EOFY Scams  

  1. Do your research on what you want to buy.
    Check the reviews everywhere for the company and the product (I didn’t look hard enough).  
  2. There will be an increase in emails, SMS, and pop-up ads with amazing deals, all asking you to CLICK on something or OPEN something to access the deal.  Unfortunately, many of these will be fake and scams, so pay close attention and don’t click!
    Rather than click on the offer, go to the official website, as you will always find them there. 
  3. Use a third-party payment service such as PayPal, Apple Pay, and Google Pay which gives you an extra layer of protection.  You can also get a gift credit card or a separate credit card from a different bank that you only use for online transactions.
    If something were to happen with a separate credit card not tied to your primary bank, the headaches would be much less.
  4. Don’t use free public Wi-Fi as it is not secure. 
    If you need free Wi-Fi, please get a Virtual Private Network (VPN) that provides online privacy and protection. 
  5. Enable Multifactor authentication (aka MFA or 2FA) wherever possible. 
    This means that in addition to entering your username and password, you will have a second layer of authentication generated from a third-party authenticator app such as Google Authenticator or Microsoft Authenticator.
  6. Be aware of parcel delivery scams with links via email and SMS. 
  7. Always go to the official website to track parcels.
  8. Make sure you are not reusing your passwords and login details. Using the same email address is okay; never reuse your password.
  9. If you have too many to remember, you can write them down or, ideally, get yourself a password manager tool to manage all your passwords. 

And here are a few examples of actual in-the-wild scams. 

Social Media Scam Example: This is an example of an ‘only pay for postage’ scam commonly seen on social media. 

Bank Scam Example: An example of a smishing (malicious SMS) that was sent out to Commonwealth Bank customers.  You will not that there isn’t a link to click on, but rather a local phone number to call.  The scam begins once you call the number. 

Australian Post Scam Example: In this dangerous scam, Australia Post was made aware of fraudulent text messages circulating as an update to parcel delivery and prompting customers to click on a link to “update your information.”

Due to the nature of smartphone technology and how it groups communications, scammers could send scam messages using the ‘AusPost’ sender ID, which you can see under the round person image at the top.  The scam text would appear with the legitimate thread of real Australia Post SMSs. One more thing – please share information such as this article with your friends and family.  The more people who know about these scams, the less people will fall for them. Stay safe out there!  Until next time.

About the author: Jacqueline Jayne is the Security Awareness Advocate at KnowBe4. This is an opinion column. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of this publication.

Leave a Reply