Saturday, November 17, 2018

NZ’s ‘Fraud Awareness Week’

This week is Fraud Awareness Week, a NZ government public campaign to educate New Zealanders about the growing problem of fraud, and how to NOT become a victim. It’s a really good idea, and, sadly, very much needed.

The Ministry of Business, Innovation, and Employment (MBIE) described the problem on their website:
Data from NetSafe shows that between January and September 2018 almost 8,000 New Zealanders reported a scam to the organisation, with more than $24.7 million lost to scammers. The losses are almost five times higher comparing to the same period last year and that’s just from the scams that have been reported.
The “reported” part is critical: By some estimates the amount of unreported fraud is many times that of what is reported. Victims have sometimes lost their life savings to scammers, but even a few hundred dollars is too much. Which is why the campaign is such a good idea: To help prevent more victims.

The image up top is from the campaign, and it highlights their main tip: “Stop and think. Is this for real?” Their specific advice, provided in an editorial on the MBIE site:
Be suspicious. It can feel like a negative approach but if you always take your time and consider the angles, you’re less likely to get caught. Offers that are too good to be true, usually are. If someone’s asking for money, personal information, passwords, credit card numbers, PIN or bank details, red lights should be flashing in your head.

Don’t trust unexpected contact. Scams often come through unexpected phone calls, knocks at the door, or emails from people you don’t know.

Do your research. Always find out more before considering any offers. Use Google to look into people or companies, talk to family or friends, and see what they think.

Successful scams appear legitimate. To build trust they’ll often use one piece of information they have about you, to get more. For example, they may know what power company you use, or who you bank with.

Scammers can convincingly copy letterheads, logos, websites, and ID badges. If you’re suspicious, don’t use the details they supply, contact the company independently.

Resist demands to act quickly. Scammers will often leverage your emotions. But anyone offering a legitimate opportunity will allow you time to consider your response. So if you feel pressured, back out. Take time to think about it, run it past other people, or just turn it down.
I do all of that and always have. That’s not because I’m brilliant, obviously, but because I’m naturally suspicious, and that has served me well. Like everyone else, I’ve had scammers try to victimise me, and they’ve all failed—so far. Most of the time their phishing emails are so obviously fake that I get a good laugh out of. There have only been a couple emails I’ve ever received that were even remotely convincing as being possibly real—apart from them including a link to log into one’s bank account, something no real bank would ever do. Of course, the fact that I often get them “from” banks where I don’t have an account makes them even easier to ignore.

Lately, I’ve had more scams coming at me through my cellphone—calls or texts. I’ve received the calls from foreign numbers that—surprise!—I somehow miss. They never leave a voice message. The idea in the scam is that the victim will see the number and ring back, but the calls goes to a phone number that results in massive charges. I delete any phone number I don’t recognise, no matter where it’s pretending to be from, if they don’t leave a message. If they’re real and want to reach me, they can leave a message.

Texts are another odd one. A couple days ago I got the text at right. It doesn’t actually matter what bank it's from, what I literally laughed out loud at was the message: “Update your account”. No real business of any kind has ever sent me a vague message like that, nor would they ever send such a message. The link, blurred out so as not to put anyone seeing it at risk through curiosity, was a “bitly” link—the same URL-shortening service I use to make links easy to cut and paste (for sites I won’t link to directly). In this case, the bitly address was no doubt used to hide the fact that it didn’t go to that bank’s real website, and they probably didn’t even use a legitimate looking URL (something known as “covert redirect”). I should emphasise that I don’t know for certain that the scammers’ bitly address didn’t lead to a covert-redirect (a real enough looking, but faked, Westpac URL). I deleted the message without clicking the link. It doesn’t really matter: No real business would ever send a bitly link to a supposed customer—not ever.

Fighting scammers (and spammers) is a never-ending battle, and it won’t be getting better any time soon. At the moment, our best defence is to be suspicious. As the ministry says, “Stop and think. Is this for real?” That’s the last thing crooks want us to do.


rogerogreen said...

There is $1.6 million I wish to split with you. All you need to do is wire 2000 in Bitcoin to this account:

Arthur Schenck (AmeriNZ) said...

Heh. I got a scam email about one of my sites being erased if I didn't pay bitcoins. I didn't, it wasn't.