Australians warned to stay alert to online scams before expected record-breaking shopping season
With the holiday season just around the corner, Australians are gearing up for the year’s biggest shopping spree. Over the six weeks leading up to Christmas, shoppers are expected to spend almost $70 billion – much of it online, especially during Black Friday and Cyber Monday sales.
But a new report released by the Australian Cyber Security Centre (ACSC) shows how important it will be for consumers to keep their wits about them as they shop online.
In its latest Annual Cyber Threat Report for 2023–24, the ACSC says that the most common cybercrimes affecting individuals involved identity fraud (26 per cent), online shopping fraud (15 per cent) and online banking fraud (12 per cent). Worse still, the average cost to an individual of a cybercrime has gone up 17 per cent to $30,700 over the past year.
Retail businesses were also most likely to report being a victim of cybercrime, the Threat Report found, highlighting how much scammers are focusing on shopping activity. A common method criminals use to lure victims is to promise seemingly great deals on items they know people want.
“As we head into peak shopping season, scammers are ramping up their tactics, preying on deal-seeking consumers,” says Mark Anderson, National Security Officer at Microsoft Australia and New Zealand.
High-tech scams to keep an eye out for this holiday season
Whether it’s through sophisticated video manipulations or enticing but deceptive online offers, scams can be incredibly convincing and easy to fall for. Microsoft’s latest Digital Defense Report highlights some scams Australians should watch out for, including the following.
◆ Deepfakes
With AI-driven deepfake technology, scammers can create realistic fake videos and audio that impersonate trusted individuals. They might use fake video calls or voice messages from familiar sources like friends or family members, tricking users into sharing sensitive information or making unauthorised payments.
To protect themselves, consumers should always verify unusual requests by contacting the person directly. They should also be cautious with links and attachments from unknown sources, and look for signs of manipulation such as unnatural movements in videos. A further step is to consider using multifactor authentication for added security.’
◆ Tech scams
Tech scams often involve fake tech support pop-ups or calls pretending to be from companies like Microsoft or Apple. These might appear after visiting certain shopping sites or clicking on ads. They convince shoppers to share sensitive information or pay for fake services to ‘fix’ non-existent issues.
Other tech scams create fake shopping deals or impersonate well-known retailers, luring shoppers to fraudulent sites where they unknowingly enter payment details or make purchases that never arrive.
Microsoft’s report highlights that tech scams have led to significant financial losses globally. In fact, they can impact wallets up to 10 times more than traditional phishing attempts, making it crucial for holiday shoppers to stay vigilant and double-check the legitimacy of offers and websites.
◆ QR code phishing
While QR codes are a convenient way to share and access information, they can also lead to fake websites designed to steal personal information. These sites can direct users to a fake sign-in page where they unknowingly enter their credentials, potentially bypassing security measures like multifactor authentication. To avoid them, shoppers should be cautious with QR codes from unknown sources and always verify requests for personal information.
Top tips to stay safe this peak shopping season
According to Anderson, consumers should take the following precautions.
◆ Avoid clicking on links or attachments: During the holiday season, scammers capitalise on our search for good deals. If an email or text offers deep discounts, tight timeframes to take up an offer, or unusual availability for an item that is sold out everywhere else, it could be a scam. To play it safe, shoppers shouldn’t click on links or open attachments in SMS or email. Instead, they should go to the retailer’s website directly and see if the offer checks out.
◆ Be sceptical, even with familiar contacts: Phishing messages are more convincing and harder to identify than ever. Consumers should take care with unexpected texts from friends or family members asking for money and emails that appear to be from their bank asking for personal details. They should always apply additional scrutiny and double-check directly with the sender before acting on a request, opening or downloading an attachment, or replying to a message. Fake invoices are another common trick scammers use to prompt unauthorised payments or downloads.
◆ Use unique passwords and multifactor authentication: Consumers should consider using a password manager to help store strong, unique passwords for websites. They should also enable multifactor authentication wherever possible. This adds a vital second layer of security, which Microsoft reports can block 99 per cent of password-based attacks. Shoppers should also be alert to unexpected multifactor authentication alerts, which could indicate an attempt to breach their account.
Report suspected scams to authorities: If someone thinks they’ve been scammed, it’s important to act quickly. In Australia, they can contact groups including:
- ID Support NSW on 1800 001 040 or https://www.nsw.gov.au/id-support-nsw
- the ACSC’s 24/7 hotline at 1300 CYBER1 (1300 292 371) or by reporting online at https://www.cyber.gov.au/report-and-recover/report.