The Cyber Sushi

(serving up the cold facts, with some phish bytes)

Welcome back! Here's what we are covering in this issue:

Living Outside the City? The Alarming Scam Statistics Affecting Regional and Remote Aussies

Scams and cybercrime affect everyone, everywhere. Even the most remote corners of Australia have connectivity to the online world and the criminals that inhabit it. Yet the scams targeting people living outside of the big smoke, and their ability to respond when something has gone wrong, differs significantly.

Regional and Remote Australians Losing $200,000 a Day to Investment Scams 😟

There's no doubt about it, investment scams are the worst of the worst. Australians reported financial losses of over $21 million to IDCARE from investment scams in JULY alone. But, in regional and remote Australia it is even worse. Remote clients are 30% more likely to report investment scams than their city counterparts and the financial losses are higher too. We are receiving reports in these areas of financial losses of $200,000 a day! This would add to the hardship of Australians living in rural and remote areas who already may have shorter lives, higher levels of disease and injury and poorer access to health services.

Remote Access in Remote Regions

Giving a criminal control of your device (remote access) can cause a world of pain. They can spy on what you are doing. download malware, access your emails and your confidential files. Outback Aussies (living in remote areas) are 70% more likely to experience remote access as part of a scam than a city counterpart.

Fake Websites

Here's another startling fact: Regional and remote Aussies are 25% more likely to report engaging with a fake website to IDCARE than our clients living in metro areas.

The Road Is Long, With Many a Winding Turn...

Thanks to The Hollies for those great lyrics! One of the biggest difficulties clients living outside of cities face is lack of access to essential services. Some IDCARE clients explained how they were told to present at their nearest bank branch to prove who they were, but that nearest branch was a very long and winding road away (hundreds of kilometres). Other clients said they were unable to get a credit report because the credit reporting agency wouldn't recognise their remote address. For many, they want to speak to a human in-person when they've been scammed on the phone or on the internet, but human services have been removed from their area forcing them into the online space they've become nervous of.

Unique Challenges Facing Indigenous Australians

A 2023 government report found Indigenous Australians were four times more likely to be a victim of fraud or scams. There is also an absence of culturally and linguistically appropriate cyber resilience information. In some cases, people are required to contact government departments for help with their identity credentials in English, which is their third of fourth language. Many also lack formal identity documents.

What Are We Doing About This?

In 2021, IDCARE launched its Cyber Resilience Outreach Clinics (CROC) initiative to reach the 50 most vulnerable regional and remote postcodes. Thanks to sponsorship from Westpac, we travelled across the country, delivering 201 in-person clinics to those regional and remote postcodes and reaching over 16,000 Australians. We are now preparing to return and develop more intensive Clinics and connections with these regional and remote communities who need resilience now, more than ever. Stay in tune with our CROC updates here.

Happy 10th anniversary IDCARE!

What were you doing 10 years ago?

At IDCARE, our founder and managing director, Dr David Lacey, had left his role as the Executive Director of the Australian Crime Commission to start up a service like none other in the world - a human-centric support service for victims of scam and cyber-crime.

So much has happened in the last 10 years! IDCARE has grown from its office on the Sunshine Coast, Queensland, to offices around the country and New Zealand (and now we are looking at expanding into the Pacific regions). We've helped hundreds of thousands of people who never thought they'd be scammed, (and then they were), know what to do next. We've also assisted hundreds of organisations who've experienced a cyber-attack with harm assessments, response plans and support.

To celebrate our 10th anniversary, IDCARE held an event in Sydney, hosted by the Macquarie Group, with invited guests who have helped share in our journey. The United Nations Special Rapporteur on the right to Privacy, Ana Brian Nougrères, and Privacy Commissioner, Carly Kind, shared their insights on privacy along with the Deputy National Cyber Security Coordinator, Tony Chapman. Macquarie's General Counsel - Privacy and Data, Olga Ganopolsky, was the Master of Ceremonies and Federal Assistant Treasurer and Minister for Financial Services, Stephen Jones, spoke via a video message.

Many valuable stories were shared on the vital role IDCARE has had in helping Australians protect their privacy against a backdrop of increasing cyber threats.

You can read Carly Kind's keynote address here or watch Stephen Jones' speech on Facebook.

Behind the Mask: A Guide to New and Trending Scams

Extortion Scams

Extortion scams are not new. From 1 August to 18 August, we received on average one report of a successful extortion scam per hour! Most of these are "sextortion" where the criminals try to make you pay money to prevent the sharing of intimate photographs they claim they have. We receive many examples of these and the wording is something like this:

“I am a hacker, and I have successfully gained access to your operating system. I also have full access to your account.
At the time of hacking your account had this password: [redacted] I've been watching you for a few months now.”

It goes on from here threatening that “with one mouse click” they will share the videos they took secretly.

OUR TIPS

If you receive an email, phone call or text from someone claiming they have images or videos of you and you need to send money or they will be shared, in most cases you can delete the message and not worry about it. It is a phishing scam.

The "You've Bought Guns" Phishing Scam

We've seen an interesting twist in a phishing scams this month. Criminals are contacting people, pretending to be their bank, saying they've noticed a "mass purchase of firearms" on their credit card. Predictably the person panics and they are then transferred to fake "police" where they may be threatened with jail time unless they pay up.

OUR TIPS

If you receive a phone call, email or text from your bank saying there is unusual illegal activity on your account and offering to transfer you to the police, hang up. It is a scam. Your bank is not going to transfer you directly to the AFP.

"SOS Only" – Mobile Phone Porting Is on the Increase Again

We've seen a 50% increase in mobile phone or SIM swapping cases reported to IDCARE in June and July, compared to the previous five months. It's a worrying trend because clearly criminals are finding loopholes in the legislation introduced by the government preventing mobile phone porting in February 2020. Criminals want access to your phone number, because this gives them access to those valuable one-time pin or authentication codes designed to protect your account. One of our clients shared their story of having their mobile phone number ported. You can listen here

OUR TIPS

Over 80% of clients who report their mobile phone number has been ported have no idea what they did to enable this. It's why you have to be really vigilant and if your phone shows you can make SOS calls only, contact your bank quickly as this is often the indicator your number has been ported to a different provider. It's also a good idea to use an authenticator app instead of a text message for two-factor authentication as this protects your accounts from access if someone else is receiving your texts.

The News and Views You Didn't Want to Miss

Scream at a Scammer and the Project: Our "Scream at a Scammer" initiative, which gives scam victims a space to vent, was recently featured on The Project. Belinda Meyers, who lost her life savings of $15,000, shared her story, highlighting the importance of raising awareness about these crimes. Watch here

We're in PNG and the Pacific: The IDCARE team is returning home after a busy two weeks in Papua New Guinea and Fiji. They met with key stakeholders to understand how to best support cybersecurity projects in these countries. A big thank you to everyone who helped make this trip possible! 🙏 See more

Scams Awareness Week: August 26 to 30 was Scams Awareness Week and IDCARE was proud to support the National Anti-Scam Centre's "Share a story, Stop a Scam" campaign. Listen to the message from our Managing Director, Dr David Lacey, for the week.

Have a Scam, Identity, or Cyber-Related Question? Ask Dr. David Lacey!

Having dealt with countless cases of scams, identity theft, and cybercrime, Dr. David Lacey is one of Australia’s most respected experts in the field. He is highly sought after by both government and industry for his unique insights into the online criminal environment. In this edition of Cyber Sushi, Dr. Lacey is inviting you to submit your questions – and we will answer them. Send your questions to [email protected].

Our question today comes from Geraldine

Dear Dr. Lacey,

I've been receiving a lot of emails with QR codes lately. I'm kind of familiar with them (thanks to Covid) and I also see them at restaurants, but I've heard they might not be safe? Can you advise?

Regards.
Geraldine

Answer:

Dear Geraldine,

Yes, we've all become a lot more familiar with QR (Quick Response) codes since the pandemic. What's interesting about QR codes is that they've been around a lot longer than the last four years. They were initially created three decades ago by a Japanese company called Denso Wave, a subsidiary of Toyota, for the automotive industry as an improvement to the bar code.

Criminals like using QR codes to send out in their phishing messages. It's called quishing. One of the reasons it is effective is that because a QR is, essentially, an image, it may bypass email filters designed to block out scams and spam. This way, QR codes can land in the inboxes of anyone and because we have become conditioned to thinking our email filters will remove the rubbish, we may be more inclined to scan them. When doing this, it may redirect to a malicious website or prompt you to download malicious software that can monitor your online activity.

As with any incoming email or text message, it is important to treat a message with a QR code as suspicious. Check who the message is coming from and consider why they are asking you to scan the QR code. While QR codes are fine for online surveys or restaurant menus, if you are being redirected to a website asking for login details or download options - it may be a scam.

Best regards,
Dr. Lacey