December 12, 2018
Priming Phase: Scammers start with a text message purportedly from the AFP. The message states they will be calling you in relation to an 'ATO matter'. The point of this message is to create uncertainty and a state of fear.
Validating Phase: Within minutes your mobile will ring. The caller says they are from the AFP, working in conjunction with the ATO, and you are being investigated for tax evasion. In psychological terms this methodology of manipulation is working on 'confirmation bias' - the tendency to interpret new evidence as confirmation of your existing theory. The text message, quickly followed by the phone call, is all the ‘evidence’ you need to believe the story is true. The scammer then goes on to further verify the validity of the call by reciting your legal rights and obligations. By this stage you are in such a state of panic that you will do anything to either prove your innocence or get yourself out of trouble.
Confirming Phase: To further their story the scammer asks you for your accountant’s details. They then put you on hold and arrange for your accounting firm to call you. You receive the call, the number on your phone tells you that it is indeed your accounting firm ringing you to verify the truth of the AFP/ATO claims. Of course it’s not your accounting firm at all - the scammer is using Caller ID Spoofing to make it look like the number calling you is different from the scammer's number.
Action Phase: Once convinced, they tell you that you have a ‘get our of jail’ card to play - In order to stop the arrest, you must pay a fee. There will always be a sense of urgency around this fee, and they will tell you that you must not tell anyone about it or the arrest will happen that afternoon. Payment is usually in the form of vouchers (Google Play or iTunes) or depositing cash into a Bitcoin ATM. Although this sounds unlikely to be successful, many people will comply because all the above phases have built upon the notion of your 'imminent arrest' and at this stage you will do just about anything to remove the threat.
Please warn all your friends and family about this scam. One day you might save someone from going through this very upsetting scenario.
Australian Information and Privacy Commissioner discusses latest quarterly report on the Notifiable Data Breaches scheme.more info
IDCARE encourages small businesses to participate in the Australian Cyber Security (ACSC) Small Business Survey.more info