I dodged a phishing scam but fell for the dodgy meter reader sting.
Phishing scams trick you into clicking on a link or email attachment, which infects your computer with hostile software (malware) or takes you to a fake web page designed to steal private information.
In my case, the Energy Australia email for the gas bill looked real: same logo, same font and the fact that it was up 50 per cent on my last bill, almost clinched it for me.
Except there was no name on the bill, no account number and the due date for payment was in three days’ time. Then I did something silly.
I clicked on “View my Bill” and a file called “EnergyAustralia Electricity bill.zip” downloaded to the desktop.
Unbeknown to me, malware was being installed on my computer to hunt for bank logins and passwords, to be sent back to the scammer.
My browser virus warning popped up (there are virus warning scams too) and I deleted the download and turned off the computer.
In the last nine months, there has been a tsunami of phishing scams across Australia, targeting clients of the ATO, ASIC, Origin Energy, Telstra and MYOB. Many of these cyber crooks operate out of China.
Australian Competition and Consumer Commission (ACCC) figures show that more than 45,000 Australians reported online scammers trying to steal their personal information, with $2,832,030 lost in 2017. The majority of the victims were over 65 years of age.
Late last year two South Australian property buyers were defrauded out of nearly $1 million by email scammers posing as conveyancers.
An SA woman fell for a phishing scam trying to get a US visa. She was directed to a fake but professional looking website and entered her credit card and passport details. The scammers stole money from her bank account but the bank spotted it and stopped it.
One of the largest phishing stings was in Austria in 2015, when the CEO of an aircraft parts manufacturer fell for a scam that cost the company $56.79m (US).
Criminals pretended to be fellow executives and sent him an email asking for a secret transaction. Most of the money disappeared into accounts in Slovakia and Asia. The CEO was sacked.
When I notified Energy Australia of the phishing scam, I was told that someone acting in my name had cancelled my account on September 13. This was news to me and probably to the offshore phishing crooks.
If the online scammers don’t get you, the dodgy door-to-door meter reading contractors will.
This brazen scam is simple. Last September a young man dressed as a gas meter reader entered our property and got me to fill out a form to ‘ensure all the details were up to date’.
That form contained all the information that the scammer needed to terminate my Energy Australia gas service and connect me to a new retailer – and earn a nice commission in the process.
The new gas account arrived from a retailer I’d never heard of. My name wasn’t on the bill and there was no customer number but it was a legitimate account.
Who is paying them to do this? I would suggest a low rent marketing company but I have no proof. This is deceptive conduct and it is illegal.
Two scams in three months suggest there is feverish activity going on in the dark crevices of the Internet and among the petty cons who pose as meter readers in Adelaide.
If you were trusting, this scam would have hacked your computer, ransacked your bank account and, by accessing your email addresses, your friends and family would have been attacked online too. Then a gas bill would have arrived from a service provider you’ve never heard of.
It is no wonder some older people are suspicious of the Internet.
There are a number of reasons why people are duped. Older folk, in particular, tend to trust those acting in the name of an organisation. Always ask meter-reading contractors for their ID before letting them on to the property.
Put a lock on the letterbox, as some letters will have your contact details and date of birth.
Another factor is online laziness. We use mental ‘sign-offs’ triggered by logos and brand names to confirm authenticity. We don’t always scrutinize the typos in the message or its intent.
When media use becomes routine, people become less conscious of which emails they opened and what links or attachments they clicked on.
If something feels weird about an email that someone you know sends—especially if it’s a request – ask them personally if they sent you an email.
Create multi-level authentication for all accounts that offer it. Use a password manager to maintain strong, random, unique passwords and back up your data. The price of privacy and security is eternal vigilance.
Malcolm King, an Adelaide writer, works in generational change and is a regular InDaily columnist.
We value local independent journalism. We hope you do too.
InDaily provides valuable, local independent journalism in South Australia. As a news organisation it offers an alternative to The Advertiser, a different voice and a closer look at what is happening in our city and state for free. Any contribution to help fund our work is appreciated. Please click below to become an InDaily supporter.