The Cyber Sushi

(serving up the cold facts, with some phish bytes)

Welcome back! Here's what we are covering in this issue:

• Investment Scams Are Getting Smarter
• Cyber Month 2025 - Celebrating 21 Years of Cyber Awareness
• Behind the Mask: New and Trending Scams
• Ask Dr Lacey: "How can you tell if a website is real or fake?"

Investment Scams Are Getting Smarter

Over the past two years, IDCARE has supported thousands of Australians who’ve been targeted by investment scams. These scams often promise high returns with “safe” investments like term deposits or new crypto opportunities—but the reality is very different. 


What’s happening? 

• Investor Network scams use WhatsApp or Telegram groups to attract participants, often with fake mentors and “success stories” from other members. People are encouraged to deposit more money with promises of higher returns, only to find withdrawals are blocked. These scams are increasingly sophisticated, using fake websites, celebrity endorsements, and even real company details to appear legitimate. 
• Term Deposit and Imposter Bond scams target older Australians seeking secure investments. Scammers clone legitimate websites and provide convincing documents to make schemes appear real, resulting in significant financial loss. 

How scams operate: 

• Social media ads or friends’ recommendations can make scams appear credible. 
• Scammers provide realistic documents, receipts, and websites. 
• Emotional connections with the scheme, or a desire to recover previous losses, can encourage continued deposits. 

Detection and early warning: 

• Many only realise a scam is occurring when trying to withdraw funds or noticing unusual account activity. 
• Banks, family, or friends can sometimes identify suspicious activity earlier. 
• Researching a business online isn’t always enough—scammers often manipulate public records to appear legitimate. 

Key takeaway: 
Investment scams are increasingly sophisticated and can affect anyone. Stay cautious of: 

• Investment opportunities via WhatsApp, Telegram, or social media. 
• Offers promising unusually high returns with “low risk.” 
• Pressure to deposit quickly or repeatedly. 
• Requests for personal documents or bank details. 
• Businesses that look legitimate online — scammers can manipulate records and clone websites, so always double-check with official sources .

Cyber Month 2025 - Celebrating 21 Years of Cyber Awareness

October marks Cyber Month 2025! For more than two decades, Cyber Month has helped Australians and New Zealanders understand the ever-changing world of online risks and the simple steps we can all take to stay safe.

At IDCARE, we’re proud to once again support Cyber Month and its message that cyber security is everyone’s responsibility. Whether you’re at work or at home, the way we manage our personal information has never been more important. Scams, data breaches, and cybercrime continues to be more prevalent, and awareness is one of the strongest tools against them.

Throughout Cyber Month, on our social media channels, we’ll be sharing a series of practical tips, helpful information, and more designed to help you protect yourself and your loved ones. Our goal is to provide you with actionable steps you can take straight away.

Cyber Month is also a great time to reflect on how far we’ve come. In 21 years, the online world has transformed, and so have the challenges we face. But one thing remains the same - by building awareness and working together, we can create a safer digital community for everyone.

Stay tuned to our updates this month, and join us in making cyber security part of your everyday routine.

Behind the mask: The Guide to New and Trending Scams

Fake Aldi 'Special Buys' websites stealing your money
September saw a record number of reports to IDCARE from clients caught out by Aldi impersonation scams. 

Criminals are setting up fake Aldi websites, advertising heavily discounted items that make the real “special buys” look overpriced. Shoppers enter their name, address, phone number, and credit card details at checkout. They receive a fake order confirmation and tracking email — but soon after, multiple unauthorised charges hit their accounts. 

Our tips: 
1. The safest place for Aldi “special buys” is still the middle aisle of your local Aldi store 
2. Never shop online by clicking a link in a text, email, or ad — type the web address directly into your browser to be sure it’s genuine 

Fake PayPal emails tricking over-45s intro big losses
August saw a sharp rise in PayPal impersonation scams reported to IDCARE. More than 80% of those impacted were over the age of 45, and half were over 65. Average losses doubled in August, hitting $12,408. 

Scams begin with emails branded to look like PayPal, warning of “suspicious activity” and urging you to call a fake support number. Once on the line, criminals may: 
- Push you to install remote access software, giving them control of your device and bank accounts 
- Use stolen card details to deceive you into handing over 2FA codes 

Is PayPal Safe?
Yes — but PayPal will never ask you to call a number in an email, install software, or share 2FA codes. The risk comes from criminals impersonating PayPal to deceive you. 

Our tips:
1. Don’t click links or call numbers in PayPal emails — check messages directly in the official PayPal website or app 
2. Never install software at the request of an unexpected caller or email 
3. Enable two-factor authentication (2FA) on your accounts Ask Dr Lacey: "How can you tell if a website is real or fake?"

Have a Scam, Identity, or Cyber-Related Question? Ask Dr. David Lacey!
 
Having dealt with countless cases of scams, identity theft, and cybercrime, Dr. David Lacey is one of Australia’s most respected experts in the field. He is highly sought after by both government and industry for his unique insights into the online criminal environment. In this edition of The Cyber Sushi, Dr. Lacey is inviting you to submit your questions – and we (the Cyber Sushi team) will answer them. Send your questions to [email protected].

Our question today comes from Maria

Hi Dr Lacey,

With so many scams out there, how can I tell if a website is real or fake?


Answer:

Hi Maria, 

That’s a fantastic question - and one we’re asked a lot at IDCARE. Unfortunately, criminals are getting very good at making fake websites look real. They’ll copy logos, layouts, and even use official-looking addresses to deceive people. But there are some reliable checks you can use: 

Check the URL carefully - Scammers often use addresses that look almost right but have small differences (like aldis.com instead of aldi.com). 
 
Don't rely on the padlock alone - It used to be that a padlock in the browser bar meant a site was safe. Today, that’s no longer true. The padlock just shows the connection is encrypted, which scammers can also use. So, while a missing padlock is a warning sign, having one doesn’t automatically make a site trustworthy.  

Go Direct - If you find a site through an ad, email, or text link, don’t click it. Type the official web address into your browser or use a bookmark you trust. 
 
Check contact details - Real businesses usually provide verifiable contact info, like a phone number and physical address. Try calling or checking these if unsure. 
 
Too good to be true? - Ultra-cheap deals, “exclusive” investment offers, or high-pressure limited-time offers are often signs of a scam. 

At the end of the day, spotting a fake website comes down to being cautious, double-checking details, and never rushing to enter personal or payment information. When in doubt - close the page and verify through official channels. 

Kind regards, 
The Cyber Sushi Team