December 12, 2018
Priming Phase: Scammers start with a text message purportedly from the AFP. The message states they will be calling you in relation to an 'ATO matter'. The point of this message is to create uncertainty and a state of fear.
Validating Phase: Within minutes your mobile will ring. The caller says they are from the AFP, working in conjunction with the ATO, and you are being investigated for tax evasion. In psychological terms this methodology of manipulation is working on 'confirmation bias' - the tendency to interpret new evidence as confirmation of your existing theory. The text message, quickly followed by the phone call, is all the ‘evidence’ you need to believe the story is true. The scammer then goes on to further verify the validity of the call by reciting your legal rights and obligations. By this stage you are in such a state of panic that you will do anything to either prove your innocence or get yourself out of trouble.
Confirming Phase: To further their story the scammer asks you for your accountant’s details. They then put you on hold and arrange for your accounting firm to call you. You receive the call, the number on your phone tells you that it is indeed your accounting firm ringing you to verify the truth of the AFP/ATO claims. Of course it’s not your accounting firm at all - the scammer is using Caller ID Spoofing to make it look like the number calling you is different from the scammer's number.
Action Phase: Once convinced, they tell you that you have a ‘get our of jail’ card to play - In order to stop the arrest, you must pay a fee. There will always be a sense of urgency around this fee, and they will tell you that you must not tell anyone about it or the arrest will happen that afternoon. Payment is usually in the form of vouchers (Google Play or iTunes) or depositing cash into a Bitcoin ATM. Although this sounds unlikely to be successful, many people will comply because all the above phases have built upon the notion of your 'imminent arrest' and at this stage you will do just about anything to remove the threat.
Please warn all your friends and family about this scam. One day you might save someone from going through this very upsetting scenario.
For Stay Smart Online Week the Australian Cyber Security Centre is hosting a cyber security breakfast for small business owners and operatorsmore info
IDCARE has received many reports about phishing text messages appearing to come from Australia Post.more info
A spike in scams targeting the Chinese-Australian community.more info