Cyber attacks and scams

In an increasingly digital world, cyber security has become a critical concern for our clients. By understanding the risks posed by cyber threats and scams, and by implementing proactive security measures, clients can safeguard themselves from the potentially devastating consequences of falling victim to a scam or a cyber breach. With an 80% increase in scam events reported in FY23, we always encourage our clients to remain vigilant. Scammers will use varying tactics to try and part you from your money. To help you understand some of the types of scams and attacks that have been either commonly reported by our clients or been reported on in mainstream media, we’ve listed below what to look out for and what to do if you think you’ve been targeted by them.  

ATO / Tax Related Scams:

The number of ATO impersonation scams are higher than ever, and with most adult Australian’s having some interaction with the Australian Taxation Office, it’s a common trap people fall in. These scams can be by email, SMS or phone calls.   The ATO will use phone, email and SMS to contact you. But they will never:

  • send a pre-recorded message to your phone.
  • threaten you with immediate arrest!
  • demand payment through unusual methods like gift cards or payments to personal bank accounts.
  • insist you stay on the line until a payment is made.
  • send you an email or an SMS with a QR code or a link to log in to their online services.
  • ask you to return personal information through these channels.

The ATO social media accounts are all verified, so if you’re contacting them through these channels, look for the ‘tick’ and make sure you’re only engaging with the verified pages.

What to do if you think you’ve been targeted?
If you think communication such as a phone call, SMS, voicemail, email or interaction on social media claiming to be from the ATO is not genuine, do not engage with it. You should either: 

  • Call Us! Your client manager at Forsyths can see your ATO history and can help verify if you do have any outstanding requirements with them.
  • go to Verify or report a scam to see how to spot and report a scam 
  • phone the ATO on 1800 008 540, if you have divulged information or paid a scammer money. 

Credential Stuffing

You may have heard on the news over the last couple of months some big Australian retailers and their customers have fallen victim to “Credential Stuffing” attacks. Credential stuffing is a cyberattack method in which attackers use lists of compromised user credentials to breach into a system. The attack uses bots for automation and scale and assumes that many users reuse usernames and passwords across multiple services. Once they gain access to your account, they use saved credit card details to make fraudulent purchases. How can you avoid being a victim of credential stuffing? Simple! Use complex passwords, utilise two factor authentication when it’s available, and don’t use the same username and password for all your accounts.  

Remote access scams

Remote access scams continue to be among the top scams people currently report. While traditionally involving a phone call, there has been an emerging trend of the use of web chats. These scams involve criminals convincing people to download an app or software, which allows remote access to your computer. Once in the computer, the criminals then find your banking log on details and other personal information. Red flags to look for:

  • Pop up messages on your device saying it’s been compromised and urging you to contact a number where an operator will ask you to download software to “fix the issue”.
  • Calls out of the blue from a well-known business, telco or government agency requesting access to your device to remove a “virus” or “fix an issue”.

  How to protect yourself?

  • Never give an unexpected person remote access to your computer or online bank accounts.
  • Never share any SMS codes you receive from your bank.
  • If you aren’t sure if contact is legitimate, hang up or delete the text message or email. Contact the organisation using details you have found yourself.

Remember, when it comes to cybersecurity, it's not a matter of if, but when. Taking proactive steps today can help mitigate risks and ensure a secure financial future tomorrow.