(serving up the cold facts, with some phish bytes)
Over the past two years, IDCARE has supported thousands of Australians who’ve been targeted by investment scams. These scams often promise high returns with “safe” investments like term deposits or new crypto opportunities—but the reality is very different.
What’s happening?
How scams operate:
Detection and early warning:
Key takeaway:
Investment scams are increasingly sophisticated and can affect anyone. Stay cautious of:
October marks Cyber Month 2025! For more than two decades, Cyber Month has helped Australians and New Zealanders understand the ever-changing world of online risks and the simple steps we can all take to stay safe.
At IDCARE, we’re proud to once again support Cyber Month and its message that cyber security is everyone’s responsibility. Whether you’re at work or at home, the way we manage our personal information has never been more important. Scams, data breaches, and cybercrime continues to be more prevalent, and awareness is one of the strongest tools against them.
Throughout Cyber Month, on our social media channels, we’ll be sharing a series of practical tips, helpful information, and more designed to help you protect yourself and your loved ones. Our goal is to provide you with actionable steps you can take straight away.
Cyber Month is also a great time to reflect on how far we’ve come. In 21 years, the online world has transformed, and so have the challenges we face. But one thing remains the same - by building awareness and working together, we can create a safer digital community for everyone.
Stay tuned to our updates this month, and join us in making cyber security part of your everyday routine.
Fake Aldi 'Special Buys' websites stealing your money
September saw a record number of reports to IDCARE from clients caught out by Aldi impersonation scams.
Criminals are setting up fake Aldi websites, advertising heavily discounted items that make the real “special buys” look overpriced. Shoppers enter their name, address, phone number, and credit card details at checkout. They receive a fake order confirmation and tracking email — but soon after, multiple unauthorised charges hit their accounts.
Our tips:
1. The safest place for Aldi “special buys” is still the middle aisle of your local Aldi store
2. Never shop online by clicking a link in a text, email, or ad — type the web address directly into your browser to be sure it’s genuine
Fake PayPal emails tricking over-45s intro big losses
August saw a sharp rise in PayPal impersonation scams reported to IDCARE. More than 80% of those impacted were over the age of 45, and half were over 65. Average losses doubled in August, hitting $12,408.
Scams begin with emails branded to look like PayPal, warning of “suspicious activity” and urging you to call a fake support number. Once on the line, criminals may:
- Push you to install remote access software, giving them control of your device and bank accounts
- Use stolen card details to deceive you into handing over 2FA codes
Is PayPal Safe?
Yes — but PayPal will never ask you to call a number in an email, install software, or share 2FA codes. The risk comes from criminals impersonating PayPal to deceive you.
Our tips:
1. Don’t click links or call numbers in PayPal emails — check messages directly in the official PayPal website or app
2. Never install software at the request of an unexpected caller or email
3. Enable two-factor authentication (2FA) on your accounts Ask Dr Lacey: "How can you tell if a website is real or fake?"
Have a Scam, Identity, or Cyber-Related Question? Ask Dr. David Lacey!
Having dealt with countless cases of scams, identity theft, and cybercrime, Dr. David Lacey is one of Australia’s most respected experts in the field. He is highly sought after by both government and industry for his unique insights into the online criminal environment. In this edition of The Cyber Sushi, Dr. Lacey is inviting you to submit your questions – and we (the Cyber Sushi team) will answer them. Send your questions to [email protected].
Our question today comes from Maria
Hi Dr Lacey,
With so many scams out there, how can I tell if a website is real or fake?
Answer:
Hi Maria,
That’s a fantastic question - and one we’re asked a lot at IDCARE. Unfortunately, criminals are getting very good at making fake websites look real. They’ll copy logos, layouts, and even use official-looking addresses to deceive people. But there are some reliable checks you can use:
Check the URL carefully - Scammers often use addresses that look almost right but have small differences (like aldis.com instead of aldi.com).
Don't rely on the padlock alone - It used to be that a padlock in the browser bar meant a site was safe. Today, that’s no longer true. The padlock just shows the connection is encrypted, which scammers can also use. So, while a missing padlock is a warning sign, having one doesn’t automatically make a site trustworthy.
Go Direct - If you find a site through an ad, email, or text link, don’t click it. Type the official web address into your browser or use a bookmark you trust.
Check contact details - Real businesses usually provide verifiable contact info, like a phone number and physical address. Try calling or checking these if unsure.
Too good to be true? - Ultra-cheap deals, “exclusive” investment offers, or high-pressure limited-time offers are often signs of a scam.
At the end of the day, spotting a fake website comes down to being cautious, double-checking details, and never rushing to enter personal or payment information. When in doubt - close the page and verify through official channels.
Kind regards,
The Cyber Sushi Team
Join the global list of organisations making a real difference in people’s lives by supporting our service.
Copyright © 2025, IDCARE. All Rights Reserved.
ABN 84 164 038 966