Search

Worried your address, birth date or health data is being sold? You should be – and the law isn’t protecting you

<div class="theconversation-article-body"><a href="https://theconversation.com/profiles/katharine-kemp-402096">Katharine Kemp</a>, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a> Australians don’t know and can’t control how data brokers are spreading their personal information. This is the core finding of a newly <a href="https://www.accc.gov.au/system/files/Digital-platform-services-inquiry-March-2024-interim-report.pdf">released report</a> from the Australian Competition and Consumer Commission (ACCC). Consumers wanting to rent a property, get an insurance quote or shop online are not given real choices about whether their personal data is shared for other purposes. This exposes Australians to scams, fraud, manipulation and discrimination. In fact, <a href="https://www.accc.gov.au/media-release/consumers-lack-visibility-and-choice-over-data-collection-practices">many don’t even know</a> what kind of data has been collected about them and shared or sold by data firms and other third parties. Our privacy laws are due for reform. But Australia’s privacy commissioner <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4224653">should also enforce</a> an existing rule: with very limited exceptions, businesses must not collect information about you from third parties. <h2>What are data brokers?</h2> <a href="https://cprc.org.au/wp-content/uploads/2024/02/CPRC-Singled-Out-Final-Feb-2024.pdf">Data brokers</a> generally make their profits by collecting information about individuals from various sources and sharing this personal data with their many business clients. This can include detailed profiles of a person’s family, health, finances and movements. Data brokers often have no connection with the individual – you may not even recognise the name of a firm that holds vast amounts of information on you. Some of these data brokers are large multinational companies with billions of dollars in revenue. Consumer and privacy advocates provided the ACCC with evidence of highly concerning data broker practices. <a href="https://www.accc.gov.au/system/files/Salinger%20Privacy.pdf">One woman</a> tried to find out how data brokers had got hold of her information after receiving targeted medical advertising. Although she never discovered how they obtained her data, she found out it included her name, date of birth and contact details. It also included inferences about her, such as her retiree status, having no children, not having “high affluence” and being likely to donate to a charity. ACCC found another data broker was reportedly creating lists of individuals who may be experiencing vulnerability. The categories included: <ul> <li>children, teenage girls and teenage boys</li> <li>“financially unsavvy” people</li> <li>elderly people living alone</li> <li>new migrants</li> <li>religious minorities</li> <li>unemployed people</li> <li>people in financial distress</li> <li>new migrants</li> <li>people experiencing pain or who have visited certain medical facilities.</li> </ul> These are all potential vulnerabilities that could be exploited, for example, by scammers or unscrupulous advertisers. <h2>How do they get this information?</h2> The ACCC notes <a href="https://cprc.org.au/wp-content/uploads/2023/03/CPRC-working-paper-Not-a-fair-trade-March-2025.pdf">74% of Australians are uncomfortable</a> with their personal information being shared or sold. Nonetheless, data brokers sell and share Australian consumers’ personal information every day. Businesses we deal with – for example, when we buy a car or search for natural remedies on an online marketplace – both buy data about us from data brokers and provide them with more. The ACCC acknowledges consumers haven’t been given a choice about this. Attempting to read every privacy term is near impossible. The ACCC referred to a recent study which found it would take consumers <a href="https://www.mi-3.com.au/06-11-2023/aussies-face-10-hour-privacy-policy-marathon-finds-study">over 46 hours a month</a> to read every privacy policy they encounter. <figure class="align-center zoomable"><a href="https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&q=45&auto=format&w=1000&fit=clip"><img src="https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&q=45&auto=format&w=754&fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&q=45&auto=format&w=600&h=131&fit=crop&dpr=1 600w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&q=30&auto=format&w=600&h=131&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&q=15&auto=format&w=600&h=131&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&q=45&auto=format&w=754&h=165&fit=crop&dpr=1 754w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&q=30&auto=format&w=754&h=165&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&q=15&auto=format&w=754&h=165&fit=crop&dpr=3 2262w" alt="" /></a><figcaption>The approximate length and time it would take to read an average privacy policy in Australia per month. <a class="source" href="https://www.accc.gov.au/about-us/publications/serial-publications/digital-platform-services-inquiry-2020-25-reports/digital-platform-services-inquiry-interim-report-march-2024">ACCC Digital Platform Services Inquiry interim report</a></figcaption></figure> Even if you could read every term, you still wouldn’t get a clear picture. Businesses use <a href="https://cprc.org.au/wp-content/uploads/2024/02/CPRC-Singled-Out-Final-Feb-2024.pdf">vague wording</a> and data descriptions which <a href="https://theconversation.com/70-of-australians-dont-feel-in-control-of-their-data-as-companies-hide-behind-meaningless-privacy-terms-224072">confuse consumers</a> and have no fixed meaning. These include “pseudonymised information”, “hashed email addresses”, “aggregated information” and “advertising ID”. Privacy terms are also presented on a “take it or leave it” basis, even for transactions like applying for a rental property or buying insurance. The ACCC pointed out 41% of Australians feel they have been <a href="https://www.choice.com.au/consumers-and-data/data-collection-and-use/how-your-data-is-used/articles/choice-renttech-report-release">pressured to use “rent tech” platforms</a>. These platforms collect an increasing range of information with questionable connection to renting. <h2>A first for Australian consumers</h2> This is the first time an Australian regulator has made an in-depth report on the consumer data practices of data brokers, which are generally hidden from consumers. It comes <a href="https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf">ten years after</a> the United States Federal Trade Commission (FTC) conducted a similar inquiry into data brokers in the US. The ACCC report examined the data practices of nine data brokers and other “data firms” operating in Australia. (It added the term “data firms” because some companies sharing data about people argue that they are not data brokers.) A big difference between the Australian and the US reports is that the FTC is both the consumer watchdog and the <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312913">privacy regulator</a>. As our competition and consumer watchdog, the ACCC is meant to focus on competition and consumer issues. We also need our privacy regulator, the Office of the Australian Information Commissioner (OAIC), to pay attention to these findings. <h2>There’s a law against that</h2> The ACCC report shows many examples of businesses collecting personal information about us from third parties. For example, you may be a customer of a business that only has your name and email address. But that business can purchase “<a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4224653">data enrichment</a>” services from a data broker to find out your age range, income range and family situation. The <a href="https://www.legislation.gov.au/C2004A03712/latest/text">current Privacy Act</a> includes <a href="https://www.oaic.gov.au/privacy/australian-privacy-principles/read-the-australian-privacy-principles">a principle</a> that organisations must collect personal information only from the individual (you) unless it is unreasonable or impracticable to do so. “Impracticable” means practically impossible. This is the direct collection rule. Yet there is no reported case of the privacy commissioner enforcing the direct collection rule against a data broker or its business customers. Nor has the OAIC issued any specific guidance in this respect. It should do both. <h2>Time to update our privacy laws</h2> Our privacy law was drafted in 1988, long before this complex web of digital data practices emerged. Privacy laws in places such as California and the European Union provide much stronger protections. The government has <a href="https://ministers.ag.gov.au/media-centre/speeches/privacy-design-awards-2024-02-05-2024">announced</a> it plans to introduce a privacy law reform bill this August. The ACCC report reinforces the need for vital amendments, including a direct right of action for individuals and a rule requiring dealings in personal information to be “fair and reasonable”.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/230540/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /> <a href="https://theconversation.com/profiles/katharine-kemp-402096">Katharine Kemp</a>, Associate Professor, Faculty of Law & Justice, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a> Image credits: Shutterstock This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/worried-your-address-birth-date-or-health-data-is-being-sold-you-should-be-and-the-law-isnt-protecting-you-230540">original article</a>. </div>

Legal

"I felt duped": 95-year-old loses $1.6 million in bank scam

A 95-year-old has been left feeling "sick" after she was scammed out of $1.6 million by heartless scammers claiming to be a bank. In November last year, Harriet Spring received a call from a man who called himself George Thompson, and said he worked for ING Bank. The man gained Harriet's trust over several months, at the difficult time that the great-grandmother was handling the sale of her mother's house. "Over time, I completely thought he was from ING, I had no reason to believe he wasn't," she told <a href="https://9now.nine.com.au/today/95-year-old-great-grandmother-loses-more-than-1-million-life-savings-to-scammers/f41540e7-f5c9-4c3b-89a7-ac94dd81bf6a" target="_blank" rel="noopener">Today</a>. "George" then convinced Harriet the money from the sale of the house could build interest in an ING account, but it was actually being held by Westpac Bank. "It sounds implausible now, but the scammer had me convinced and I told my mother's bank, Teachers Mutual Bank, that this was an ING fixed term deposit, but it was being put in the Westpac bank," she said. "I put down the BSB number and the account number and what I thought was my name attached to the account, (my mother's bank) pointed out that it seems strange and ING account would be held with Westpac, but they still went ahead and authorised the transfer." When Harriet realised the scammers had taken hold of her life savings totalling $1.6 million, she felt "sick". "Obviously my world just fell out from under me - I just felt sick," she said. "I felt utterly responsible, I felt duped, foolish, ashamed - a lot of shame associated with it and I think that's why a lot of people don't come forward and talk about this kind of thing." Harriet has shared her story as a warning for others to be wary of potential scammers, while also calling on banks to have better protocols in place to stop suspicious transactions from going through. "Someone with basic training from the bank would have known that ING don't bank with any other banks and they should have flagged it," she said. "I believe the reality is that the banks 100 per cent put the blame on the victims and they minimise their own liability." "There should be some sort of system for compensating victims, the banks don't commit the theft, but they certainly drive the getaway car and they need to be held responsible for being complicit with this." Image credits: Today

Legal

"Expectation vs Reality": Woman's reaction to hotel scam

A woman was left outraged after forking out on a hotel room with a gorgeous sea view, only to find out she had fallen for a scam. Influencer Clarisa Murgia paid an obscene amount of money for the room with a view, which was advertised as part of a holiday of a lifetime across Europe. Expecting blue seas, sailing boats and a view of the mountain range, the influencer was utterly disappointed when she found out that the breathtaking views was nothing but a poster attached to the wall of the building outside her window. She shared footage of the "view" on TikTok, with the caption "Expectation vs Reality" and from one angle the poster looked just like the real thing. But as she pans to the another side, the massive poster emerges attached to a crumbling white wall, with her actual view being rows of barred white windows and a dingy alley. "Someone rented a B&B with a sea view. I feel scammed, guys," the influencer added. "No one has ever deceived me like this before, hahaha." The video racked up over 2.5million views, with many joking about her unfortunate situation. "Not even my ex lied that much," one joked. "My luck in life is summarised in this video," another added. "That's why I always look at the location so I don't fail," a third wrote. Images: TikTok

Travel Trouble

How to avoid 6 common tourist scams

Often when people are on holidays their focus is on relaxing or seeing the sights of the area. But if you don’t keep your wits about you, it’s possible you might end up losing everything to scammers who will do anything to get their hands on your belongings. Here we have six common scams to look out for while you are travelling abroad. Scam 1: You are in a busy bar in a tourist friendly area when some locals ask where you’re from and offer to buy you a drink. Without thinking, you accept the drink and then find yourself waking up hours later without any of your belongings as you’ve had your drink spiked. Solution: If people seem too friendly, be aware that they may be scammers. Don’t accept drinks from people you don’t know, and don’t leave your drink unattended to use the bathroom. Scam 2: You are about to put your handbag and computer on the conveyer belt to go through the scanner. The people in front of you walk through the metal detector and while one goes through, the other sets off the alarms. They step back into where you are standing and take their time removing wallets and coins from their pockets. While you are waiting for your turn to walk through the metal detector, the other person has taken your belongings and is long gone. Solution: Don’t place your items on the conveyer belt until there is no one else waiting in front of you to go through the metal detector. Scam 3: In a busy area such as after a concert or a busy night like New Year’s Eve it can be impossible to get public transport or a taxi back to your hotel. A friendly looking guy comes by and offers you a lift for a reasonable fee using his private car. The scam itself can then range from being charged an exorbitant amount when you arrive at your hotel – or you could even find yourself robbed and dropped by the side of the road with no way home. Solution: However tempting it is, never get in the car with an unlicensed taxi driver. This is even more important to note if you are travelling alone. Scam 4: While you are waiting with your luggage for a train or bus, a passer-by appears to drop their wallet and walk off without noticing. You might try to do the right thing by grabbing the wallet and running after the person to return it. By the time you get back, your luggage is missing. Solution: When travelling alone, never leave your items unattended even if it means you don’t help someone when you normally would. This is especially true in airports where baggage will quickly be confiscated if left alone. Scam 5: You’re taking in the sights when a couple of men dressed as policemen approach you. They demand to see your wallet and let you know that counterfeit money has been given to tourists in the area. When your wallet is returned it has had much of the contents removed. Solution: Police would never demand to see your wallet. If something doesn’t feel right, suggest that you continue the discussion at the nearest police station as you don’t feel comfortable. Most likely they will not push their luck. Scam 6: You receive a phone call in your hotel room late at night from someone claiming to be from the front desk. They apologise for the late call but request that you just confirm your credit card details as their system is playing up. You read out the numbers and hang up. Before too long your credit card has rung up a huge bill as this was a scammer calling you, not a staff member. Solution: Organise payment in person by letting the caller know that you will come down to the front desk to discuss it. Image credits: Getty Images

Travel Tips

Kochie's thoughtful act for scam victim

David Koch has given back to a hard-working Aussie who lost her life savings to a convincing scam. For many years, scammers have been using the likeness of Australian celebrities to con people out of their money. Kochie is just one of many high-profile personalities who have had their identities used to run convincing scams, that thousands of people have fallen victim to. The former Sunrise host has often taken to social media to warn people of the illegitimate ads, but it hasn't been enough to stop the scammers in their tracks. In a special 7News Spotlight investigation, Kochie joined the team to lift the lid on the multi-billion-dollar scam industry in which fake advertisements featuring well-known celebrities have been used to con more than 600,000 Aussies. “It’s devastating because it’s my reputation on the line,” says Koch. “And these scams are so good, they’re so believable that people who trust me look at me and say, ‘Wow, I’m getting some comfort out of what this bloke is saying,’ and then are ripped off by some scammer from overseas.” Koch is desperately trying to stop this criminal act, saying, “I’ve reported it to the ACCC and ASIC. I’m part of an ACCC case against Meta at the moment surrounding these scam ads.” As part of the investigation, Kochie met Allison, who lost $250,000 when she invested her money in what she thought was a reputable company, fronted by who she believed to be the former Sunrise host. As an avid Port Adelaide supporter, she trusts Koch, who is also the Chairman of the football club. “Port Adelaide members are all part of a big family,” says Koch. “And the fact that these scammers use my association with the club to prey on members is just abhorrent.” After losing her savings, Allison has been struggling to make ends meet, and is on a payment plan so she can stay as a member of the AFL club she loves. After learning of her story, Koch himself has stepped in and ensured she has lifelong membership. “It’s the least we can do,” says Koch to Allison. “Because, football has got to be your haven.” Allison is just one of the many victims of complex scams in Australia, with reporter Sarah Greenhalgh believes millions of dollars have been illegally stolen. “The scammers successfully prey on these people’s unique vulnerabilities and the victims’ lives have changed forever as a result,” she says. Image credits: 7News Spotlight

Money & Banking

War veteran loses $18,000 to Netflix scam

Shane Arnold, 71, was left with nothing after he fell for an elaborate Netflix scam, allegedly run by a teenager. The war veteran was robbed of $18,000 when he thought he was entitled to a refund after receiving a fake Netflix email. After he entered his personal banking details, the accused scammer allegedly used this information to call Arnold the following day claiming to be a security officer from Commonwealth Bank. "(It was) extremely convincing," Arnold told 9News. "He spoke in a posh English accent." Arnold was allegedly told by a 19-year-old, whose voice had been disguised with AI, that his account had been compromised and ordered to put his bank cards in a bag, to be collected by a driver. Hours later, the accused teen who is from Braybrook, Melbourne allegedly withdrew thousands of dollars from ATMs in Braybrook and West Footscray, and purchased dozens of gift cards from Kmart. He also allegedly filled up on fuel, bought a new iPhone, and some strawberry milk and ice cream. The teen has since been charged over the incident, but Arnold is still fighting hard to get his money back. "I've worked for 50-odd years to get that money," he told the publication, adding that he felt "like my heart had been ripped out". The senior also claimed that the bank was partly to blame, and has lodged a report to the Australian Financial Complaints Authority (AFCA) who are currently managing his case. Arnold added that Commonwealth Bank had only offered to reimburse him $1000, and said that everyone who'd been scammed deserved to have their money returned to them. "I hope all those people get their money back," he said. "None of them deserved to be scammed and none of them did anything wrong." Images: Nine News

Legal

"It was devastating": Grandfather loses $1 million in scam before his death

A "vulnerable" and "lonely" grandfather lost over $1 million in a complex scam in the months before he died, with his son now issuing a warning to others. Adrian Heartsch was described by his family as a "frugal" man, who had no experience with online banking before becoming involved in the scam. “Unless he knew exactly what he was paying for – he wouldn’t pay for it,” his son Simon Heartsch told A Current Affair. “I said to him if somebody can scam you, they can scam anybody.” He soon connected with someone online, who called themselves a woman named Vida and charmed him with sweet talk and pet names, and soon earned his trust. “He wasn’t alone, but he was lonely. He had no company, he didn’t even have his dog anymore to talk to,” his son told ACA. “So I guess he’s vulnerable in that way.” The woman convinced Mr Heartsch to send her several Apple gift cards, claiming he would be given over $20 million worth of gold bars or gold bullion in return. She also promised the grandfather that she would come to Australia and live “happily ever after” with him. Simon only discovered the truth about his father's finance and the long-running scam when Adrian landed in hospital. “We brought up these emails that were just gobsmacking,” he said. “The story grew from $300,000 to $600,000 to up and up and up … over a million dollars.” The ruse had been going on for three years, and saw Mr Heartsch buy up to $10,000 worth of Apple gift cards from several shops in a single day. Simon said his father was “mortified” after learning the truth and didn’t want to pursue a case with the police. The scam cost the 77-year-old almost everything, robbing him of his savings, truck and caravan, leaving him with only his home. Shortly after, Mr Heartsch fell “sicker and sicker” as his health deteriorated, and he passed away a month after his family learned of the scam. “It was like all this was the nail in the coffin, it was devastating for him, his whole life savings he’s lost,” said Simon. Adrian's family went searching for answers, and with the help of a cyber security expert, discovered that the scammer was operating out of Ghana in West Africa. Following his father’s death, Simon urged others to watch out for loved ones who may be vulnerable to “horrible” scammers. “They’re ruining peoples’ lives. They’re speeding up people’s deaths,” he said. “They’re preying on the vulnerable.” Image credits: A Current Affair

Legal

“Unbelievably legitimate”: Deb Knight falls victim to popular scam

Deb Knight has shared how she fell victim to a popular scam, losing $1,200 while trying to get Taylor Swift tickets for her daughter's birthday. Like many people around Australia, the veteran journalist was eager to get her hands on tickets to the highly anticipated Eras Tour as a once in a lifetime surprise for her eight-year-old daughter's birthday present. After missing out on tickets through all official channels, Deb thought hope was lost, until a friend reached out to her. “A really good friend, who I’ve known all my life, contacted me and said, ‘do you still want Taylor Swift tickets?’” Knight told A Current Affair. “It was my daughter’s eighth birthday and getting my hands on these tickets would be the best present ever." “My friend put me in contact with her friend who had the tickets – or so I thought.” Knight had received a phone call from her close friend who said her cousin was selling tickets, but unbeknownst to everyone involved, the friend’s Facebook account had been hacked. Deb promised to pay half the cost of the tickets as a bond, then pay the rest after she had seen the tickets, which she said looked “unbelievably legitimate". Tech expert Trevor Long joined Deb on ACA, and noticed one major error about the fake tickets. “The difference is a genuine Taylor Swift ticket in an Apple Wallet right now does not have that barcode.” Alarm bells started ringing for the veteran journalist when the so-called seller said the payment had not come through, but by then it was too late. Deb contacted her bank but it was too late to get her $1,200 back, and her hunt to find Taylor Swift tickets continued. “I realised I’d been scammed. I felt sick to the stomach, absolutely humiliated. I also felt embarrassed and ashamed,” she said. “I was reluctant to speak publicly about this but I think we’ve got to. We have to normalise it so people feel there’s less of a stigma about it." “It happens to everyone, even Deb Knight – it’s disgusting, what’s happening, so something needs to be done.” Police have warned Swifties who missed out on tickets to the singer’s upcoming tour not to fall prey to ticketing scams, and only to purchase tickets through official channels such as Ticketek marketplace. Since tickets for the Eras tour went on sale last June, and subsequently sold out in record timing, Victoria Police said there had been more than 250 reports of ticketing scams for Taylor Swift shows alone. Image credits: A Current Affair

Money & Banking

"Too good to be true": Bank teller saves couple from losing $40k

A Tasmanian couple have been saved from losing $40k into an online investment scam after a bank teller noticed the red flags. The couple visited the NAB branch in Rosny, Hobart after their account was blocked during an attempt to transfer the money to an ‘online investment firm’ in Perth. The payment was the first of two instalments that they were set to pay the "firm" but NAB Customer Advisor Erin Bugg saved them from a massive loss. Bugg became suspicious of the firm after they promised a 12 per cent return on their term deposit and a guaranteed pay out if the firm went bust. “If there was a scam red flags bingo card, ‘online investment opportunity’ would be top of the list,” the NAB Customer Advisor said. “Immediately, alarm bells went off for me. It sounded like an investment scam and I was concerned this couple could lose their life savings.” The couple, however, insisted that they weren't being scammed so Bugg decided to look into the matter further and found a website and article about the firm. When she looked into the rates they offered she realised it “was literally too good to be true." “No one likes to be told they’re being lied to, especially when they feel like they’ve done all the right things. They had done their own research, and even spoken to the company on the phone,” she said. She added that "alarm bells" started ringing when the wife explained that a man from the firm kept calling her to thank her for the investment and encourage her to open an account. The couple then rang the "firm" in front of Bugg to try and convince her it was real. “I declined to speak to the ‘firm’, but I could hear them telling the customers, ‘Oh, NAB always flags us as a scam’,’” she recalled. NAB’s fraud team then informed them that the firm had a bank account at another bank, and to call the bank to confirm whether it was legit. After calling the other bank, they found that the account was not connected to the investment firm and suggested them to not transfer anything. “It was such a relief to hear from the customer that they’d avoided being scammed,” Bugg said. This comes after Scamwatch received over 7,000 reports of investment scams collectively costing Aussies over $275 million in the last year. Image: NAB

Money & Banking

Kyle and Jackie O's kind act for mother and daughter who got scammed

Kyle Sandilands and Jackie O have given away their own tickets to Taylor Swift's Eras Tour, to a mum and her nine-year-old daughter, after the duo got scammed out of $1200. Sam, had attempted to purchase the concert tickets for her young daughter Charlie, but instead of getting tickets she got scammed and was left heartbroken. The radio stars were touched by their story, and immediately jumped into action to make the mother-daughter's day better. “Hi Charlie, Kyle and Jackie O have come to the rescue with free concert tickets. We are going to give you our tickets so you can go see her for free," Kyle told the nine-year-old. In a post shared on Instagram, Charlie was filmed bursting into tears when she realised she would be seeing her idol after all. “I couldn’t have a little sweetheart like you be so excited to see her but then have someone steal the tickets. So, you’re going to go see her,” Kyle added. The mother-daughter duo were filmed hugging each other in happiness. This comes after The Australian Consumer and Competition Commission’s (ACCC) Scamwatch received 273 reports of people being scammed while buying tickets to The Eras Tour via social media. Images: Instagram

Money & Banking

Aussie grandma and former Greens candidate jailed in Japan claims she was scammed

Donna Nelson, a 57-year-old Perth grandmother, has found herself entangled in a nightmarish situation in a Japanese prison, accused of a crime she vehemently denies. Nelson, an Aboriginal health advocate and former Greens candidate, has been incarcerated for nearly a year without a trial date set, facing allegations of attempting to smuggle two kilograms of meth into Japan. However, her plight is not as straightforward as it may seem, and her family and legal team are tirelessly fighting to clear her name. The ordeal began on January 4, when Nelson was arrested at Narita Airport in Tokyo. Authorities claimed to have discovered drugs concealed within a false compartment in her luggage. According to the prosecution, a customs officer suspected her of acting suspiciously. But the narrative has taken a complex turn as Nelson's defence team unveiled a shocking revelation: she alleges she was deceived and manipulated by a Nigerian scammer who had groomed her for two years. Since her arrest, Nelson has been confined to Chibu prison, located an hour outside Tokyo. Her living conditions are appalling; she spends 23 hours a day isolated in her cell, showers are allowed only every three days, and communication with other inmates and visitors is strictly prohibited. This form of treatment is a reflection of Japan's infamous "hostage justice" strategy, aimed at coercing confessions from detainees. The only individuals granted access to Nelson are her lawyers, Australian embassy representatives, and a pastor. Legal representatives have identified a significant issue with translation throughout the case, and it could very well hinge on an inaccurate translation by the customs officer at the time of her arrest. Rie Nishida from Shinjuku International Law Firm, one of Nelson's lawyers, explained, "The main evidence from the prosecution is mainly a customs officer who said she acted suspiciously. There's a lot of mistranslation that's also the difficulty in this case." This mistranslation issue is not trivial; it extends to the messages exchanged between Nelson and the man she believed she had a romantic connection with, who ultimately turned out to be a scammer. Matthew Owens, another member of the legal team and a translator for the case, noted, "Some of them were completely wrongly translated, so we had to re-translate those messages and submit them back to the prosecutor." Nelson remains steadfast in her conviction that she is innocent of the accusations against her. Her lawyer, Owens, relayed her message, saying, "Donna wants to say that she is going to be able to prove her innocence, she's 100 per cent confident of that, and she wants everyone in Australia and the world to know she is innocent." If found guilty, Nelson could face a harrowing 20-year sentence in a Japanese prison, a terrifying prospect for both her and her family. Her five daughters and grandchildren are distraught, but they are not giving up the fight to prove her innocence. They believe they have evidence to substantiate the claim that she was scammed and unjustly accused. Image: Australian Greens

Legal

1 in 6 older adults fall victim to impersonation scams

More older adults are likely to fall victim to scams than are currently recognised according to new US research. The problems are global. <div class="copy"> A research team from Rush University Medical Center in Chicago, US, says older Americans who aren’t cognitively impeded, are also at risk. In their study <a href="https://10.1001/jamanetworkopen.2023.35319" target="_blank" rel="noreferrer noopener">published</a> today in JAMA Network Open, the group reports on a behavioural experiment where they targeted 644 adults aged 64-104 in Rush’s Memory and Aging Project – a local scheme that draws on participants from metropolitan Chicago to participate in research – with a pitch mimicking a real-world impersonation scam. The study’s fictitious ‘US Retirement Protection Task Force’ pitched itself to participants as a government social security initiative. This USRPTF told participants via either post, email or a telephone call there’d been irregular activity on their Medicare or social security file and the inquiry was a routine account security check. As part of this, the fake agency asked participants to call a telephone hotline or login to a provided website to provide their details. Over two-thirds of the study failed to respond to any attempts to obtain information by the phoney scheme. The remainder were evenly split by either responding to requests for contact, but expressing scepticism at the authenticity of the USRPTF, or by responding and engaging with the request for information. Those who were engaged with the request for information, but expressed doubts, were also those with the highest cognitive performance, and lowest proportion of dementia. They were also the most financially literate participants, while those who provided their details had the lowest literacy. Those who provided details were also found to have the lowest scam awareness of all participants. Among this group, 1 in 10 willingly provided personal information and 1 in 5 provided details of their social security number. “If extrapolated to a population level, these numbers are astounding and suggest that a very large number of older adults are at risk of victimisation,” the authors say. They also note that, given the use of a fictitious US government organisation name, the number of people vulnerable to well-organised scams is likely much higher. Last year, the US National Council on Aging reported 92,371 older Americans were defrauded of a total of US$1.7 billion. Most were victims of government department impersonation, sweepstakes and robocall scams. Often such scams will simply demand payment while ‘spoofing’ the phone number of a government agency to add the veil of legitimacy. It’s a similar story around the world. This year, the Australian Competition and Consumer Commission found Australians lost a record $3.1 billion last year, mostly via phone scams. Australians over 65 years of age accounted for a quarter of losses and reports. The UK’s Action Fraud initiative found Britons lost about ₤2.35 billion in the 2020/21 financial year, with those aged 50-69 most susceptible to falling victim. <div> <noscript data-spai="1">&lt;img decoding="async" class="aligncenter size-full wp-image-198773" src="https://cdn.shortpixel.ai/spai/q_lossy+ret_img+to_auto/cosmosmagazine.com/wp-content/uploads/2023/09/Issue-100-embed.jpg" data-spai-egr="1" alt="Subscribe to our quarterly print magazine" width="600" height="154" title="1 in 6 older adults fall victim to impersonation scams 2"&gt;</noscript> </div> Image credits: Getty Images <a href="https://cosmosmagazine.com/people/society/1-in-6-older-adults-fall-victim-to-impersonation-scams/">This article</a> was originally published on <a href="https://cosmosmagazine.com">Cosmos Magazine</a> and was written by <a href="null">Cosmos</a>. </div>

Legal

Hilarious reason dad couldn't be fooled by online scam

One savvy dad has outwitted a scammer who posed as his daughter, after the scammer made one hilarious error. Ian Whitworth, a dad from Sydney, took to his LinkedIn page to share the message a scammer texted him in a classic phishing scam that targets parents. He shared the photo of what he thought was the "funniest phishing text any parent has ever received". The text read, "Hey dad, dropped my phone in the sink while doing the dishes. Its unresponsive this is my new number for now just text me here x." Despite the terrible grammar and punctuation that would immediately alert anyone to the possibility of a scam, it was something else that caught the dad's attention. Instead, Whitworth said it was the fact his daughter would never do the chore mentioned by the scammers. Still, he thought it was worth sharing a photo of the text in a bid to warn others, which he uploaded along with the comment, "Cybersecurity update. I just got this." "Perhaps the funniest phishing txt any parent has ever received. 'Doing the dishes', yeah, for sure." In a reply to one of the people who commented on his post, Whitworth joked that his daughter "at age four emerged from my parents' kitchen with a shocked look on her face. 'What's pop doing?'. He was washing up in the sink." Another commenter wrote, "Haha! There is NO WAY this is from my son or daughter, that's for sure." Another commenter said the giveaway that it wasn't from his own child was that they didn't immediately ask for money, to which Whitworth replied, "Ha, yeah, the phishers are like the seven step ladder of confidence before the money issue gets raised. Actual kids: MONEY NOW." According to the federal government's Scamwatch website run by the Australian Competition and Consumer Commission (ACCC), the "Friends/Family Hi Mum" impersonation scam was common. "Scammers send messages pretending to be a family member or a friend desperate for money," it said. "They say they have a new phone and they need you to pay money to help them out of a crisis." Scamwatch warns: "Don't assume a person you are dealing with is who they say they are" and offers the following advice. "If someone you know sends a message to say they have a new phone number, try to call them on the existing number you have for them, or message them on the new number with a question only they would know the answer to," it said. "That way you will know if they are who they say they are." Image credits: Getty Images / LinkedIn

Legal

Heavily pregnant mum and disabled child kicked off plane

Siobhan Foster, her husband, and their disabled child were kicked off their flight after she was accused of being "aggressive" by a flight attendant. Foster, who is seven months pregnant, was onboard an easyJet flight to Ibiza to celebrate her brother's wedding. She struggled to find room for her carry-on in the overhead baggage compartment, so she asked a flight attendant to help her find space, but the response was reportedly "a sharp ‘Clearly Not’", which eventually led to a dispute. When things escalated, all 180 passengers were eventually told to disembark. One of Foster's outraged friends posted the <a href="https://www.thesun.co.uk/news/23859832/easyjet-passengers-kicked-off-pregnant-mum-stewardess-fight/" target="_blank" rel="noopener">video</a> on social media, and the Newtonabbey mum was seen collecting hand luggage while struggling to carry her toddler. “We’re being thrown off the plane today because of somebody thinking they’re better than everyone else,” the friend said. The easyJet stewardess responded: “Bye, bye bye," as the upset family walked down the stairs. Foster took to Facebook to complain about her experience with "sleezy jet". “So, I asked could you help me find somewhere, her reply was ‘You’ll need to find somewhere yourself’ even though there literally was nowhere," she wrote. She then claimed that she asked for help again, because she was heavily pregnant, to which the flight attendant allegedly said: "You’re being abusive and it’s not my job to help you.” Another flight attendant reportedly backed up her co-worker, but Foster argued that other airlines have been more helpful as she is pregnant. “Writing this, I understand it would make you think was I being abusive, but I honestly wasn’t and the whole plane can vouch for me,” Foster wrote. “People were actually putting this on [Facebook] about how bad I was treated.” After eventually finding a place for her bag, the pregnant mum was allegedly confronted by two other crew members who also accused her of being “aggressive.” Foster decided to ignore them because she was "crying" and "so upset," but the flight attendant reportedly started raising her voice. They were then kicked off, and were told it was because of Foster's aggression, but when Foster’s mum and brother asked for an exact reason, the crew members allegedly couldn't give them a direct response. After an hour, everyone had to disembark and the family were met by eight police officers and two Swissport employees and were told they would not be allowed back on the flight, despite other passengers being allowed back in. “So, that whole day we were in Belfast airport from one lunchtime to nine that night with our child, my legs were so swollen and sore with being on them all this time I was crying uncontrollably that this was happening to us for no reason whatsoever. “I’m so traumatized to the point I don’t know how I’ll ever fly again,” she wrote on Facebook. EasyJet has denied any wrongdoing and a spokesperson told the Daily Mail that "a group of passengers were "behaving disruptively." “EasyJet’s cabin crew and ground agents are trained to assess and evaluate all situations and to act quickly and appropriately to ensure that the safety of the flight and other passengers is not compromised at any time. “The Captain took the decision to ask all passengers on the flight to return to the terminal so the situation could be resolved and as soon as it was they re-boarded and the aircraft continued to Ibiza.” Despite the incident, the Foster family eventually made it to Ibiza the next day, just in time for the wedding, after catching a RyanAir flight out of Dublin. “Thankfully we got to Ibiza and made my brother’s wedding to say how stressed, upset, and overwhelmed I’ve been I honestly think I’ve no words,” she wrote. “EasyJet should be ashamed of themselves and I most definitely am taking this further, I’m still in shock of how we were treated especially being seven months pregnant and having a disabled child with us.” Images: Facebook

Travel Trouble

"Ignore, delete and report": Cruel Medicare scam on the rise

The Australian Competition and Consumer Commission’s Scamwatch has warned Aussies against a suspicious Medicare email going around claiming that their services have been suspended. The email states that Medicare services have been suspended because of incomplete customer medical records and contains a link for them to update their medical records to access the service. “Fake emails impersonating Medicare are doing the rounds claiming Medicare services have been suspended," a spokesperson for the consumer watchdog wrote in a tweet. “Ignore the email and the instruction to reactivate your Medicare services — it’s a scam.” "Ignore, delete, and report to Scamwatch." <blockquote class="twitter-tweet"> <a href="https://twitter.com/hashtag/scamalert?src=hash&ref_src=twsrc%5Etfw">#scamalert</a>: Fake emails impersonating Medicare are doing the rounds claiming Medicare services have been suspended. Ignore the email and the instruction to reactivate your Medicare services - it's a scam. Ignore, delete, and report to Scamwatch <a href="https://t.co/qPicjZTOSW">https://t.co/qPicjZTOSW</a> <a href="https://t.co/8UhY7JnlFk">pic.twitter.com/8UhY7JnlFk</a> — NASC Scamwatch (@Scamwatch_gov) <a href="https://twitter.com/Scamwatch_gov/status/1689849418793566208?ref_src=twsrc%5Etfw">August 11, 2023</a></blockquote> Services Australia also advised customers to beware of emails and texts that sound urgent, make promises of financial benefit, and threaten with fines, debts or jail. “If you’ve clicked on a suspicious link or given your personal information to a scammer, call our <a href="https://www.servicesaustralia.gov.au/phone-us?context=64107" target="_blank" rel="noopener">Scams and Identity Theft Helpdesk</a>,” the website states. Image: Getty

Legal

The $500 million ATO fraud highlights flaws in the myGov ID system. Here’s how to keep your data safe

<a href="https://theconversation.com/profiles/rob-nicholls-91073">Rob Nicholls</a>, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a> The Australian Tax Office (ATO) paid out more than half a billion dollars to cyber criminals between July 2021 and February 2023, according to an <a href="https://www.abc.net.au/news/2023-07-26/ato-reveals-cost-of-mygov-tax-identity-crime-fraud/102632572">ABC report</a>. Most of the payments were for small amounts (less than A$5,000) and were not flagged by the ATO’s own monitoring systems. The fraudsters exploited a weakness in the identification system used by the myGov online portal to redirect other people’s tax refunds to their own bank accounts. The good news is there’s plenty the federal government can do to crack down on this kind of fraud – and that you can do to keep your own payments secure. <h2>How these scams work</h2> Setting up a myGov account or a myGov ID requires proof of identity in the form of “<a href="https://www.afp.gov.au/sites/default/files/PDF/NPC-100PointChecklist-18042019.pdf">100 points of ID</a>”. It usually means either a passport and a driver’s licence or a driver’s licence, a Medicare card, and a bank statement. Once a myGov account is created, linking it to your tax records requires two of the following: an ATO assessment, bank account details, a payslip, a Centrelink payment, or a super account. These documents were precisely the ones targeted in three large data breaches in the past year: at <a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">Optus</a>, at <a href="https://theconversation.com/medibank-hackers-are-now-releasing-stolen-data-on-the-dark-web-if-youre-affected-heres-what-you-need-to-know-194340">Medibank</a>, and at <a href="https://asic.gov.au/about-asic/news-centre/news-items/guidance-for-consumers-impacted-by-the-latitude-financial-services-data-breach/">Latitude Financial</a>. In this scam, the cyber criminal creates a fake myGov account using the stolen documents. If they can also get enough information to link to the ATO or your Tax File Number, they can then change bank account details to have your tax rebate paid to their account. It is a sadly simple scam. <h2>How government can improve</h2> One of the issues here is quite astounding. The ATO knows where salaries are paid, via the “<a href="https://www.ato.gov.au/business/single-touch-payroll/what-is-stp-/">single touch</a>” payroll system. This ensures salaries, tax and superannuation contributions are all paid at once. Most people who have received a tax refund will have provided bank account details where that payment can be made. Indeed, many people use precisely those bank account details to identify themselves to myGov. At present, those bank details can be changed within myGov without any further ado. If the ATO simply checked with the individual via another channel when bank account details are changed, this fraud could be prevented. It might be sensible to check with the individual’s employer as well. Part of the problem is the ATO has not been very transparent about the risks. If these risks were clearly set out, then calls for changes to ATO procedures would have been loud and clear from the cyber security community. The ATO is usually good at identifying when a cyber security incident may lead to fraud. For example, when the recruitment software company <a href="https://www.abc.net.au/news/2018-06-06/australian-data-may-be-compromised-in-pageup-security-breach/9840048?itm_campaign=newsapp">PageUp was hacked in 2018</a>, the ATO required people who may have been affected to reconfirm their identities. This was done without public commentary and represents sound practice. Sadly, the millions of records stolen in the Optus, Medibank and Latitude Financial breaches have not led to a similar level of vigilance. Another action the ATO could take would be to check when a single set of bank account details is associated with more than one myGov account. A national digital identity would also help. However, this system has been in development for years, is not universally popular, and may well be <a href="https://www.themandarin.com.au/226280-gallagher-warns-community-support-for-digital-identity-not-ubiquitous/">delayed</a> until after the federal election due in 2024. <h2>Protecting yourself</h2> The most important thing to do is make sure the ATO does not use a bank account number other than yours. As long as the ATO only has your bank account number to transfer your tax rebate, this scam does not work. It also helps to protect your Tax File Number. There are only four groups that ever need this number. The first is the ATO itself. The second is your employer. However, remember you do not need to give your TFN to a prospective employer, and your employer only needs your TFN after you have started work. Your super fund and your bank may ask for your TFN. However, providing your TFN to your super fund or bank is optional – it just makes things easier, as otherwise they will withhold tax which you will need to claim back later. Of course, all the usual data safety issues still apply. Don’t share your driver’s licence details without good reason. Take similar care with your passport. Your Medicare card is for health services and does not need to be shared widely. Don’t open emails from people you do not know. Never click links in messages unless you are sure they are safe. Most importantly, know your bank will not send you emails containing links, nor will the ATO.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/210459/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /> <a href="https://theconversation.com/profiles/rob-nicholls-91073">Rob Nicholls</a>, Associate professor of regulation and governance, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a> Image credits: Shutterstock This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/the-500-million-ato-fraud-highlights-flaws-in-the-mygov-id-system-heres-how-to-keep-your-data-safe-210459">original article</a>.

Technology

Facebook Messenger scams are on the rise – here’s how to protect yourself

Facebook Messenger scams prey on our vulnerabilities Scams through Facebook’s Messenger platform are being reported at higher rates than ever before, according to AARP, citing its own data as well as that of the government. Since Facebook’s early days, cybercriminals have been mining Facebook’s direct-messaging capabilities to scam unsuspecting victims out of money. One of the earliest Facebook Messenger scams involved a message, purportedly from a friend, claiming they were stuck in a foreign country and in desperate need of immediate financial assistance to get out. It wasn’t really the friend, however, but rather a scammer who had hacked into the friend’s account. Imposter scams such as “the friend in a foreign country” have evolved and proliferated over the years. The common thread is the scammer either creates an account impersonating an actual Facebook account or hacks into an existing Facebook account. In either case, the scammer then uses the fake/hacked account to send private messages to the account holder’s friends that elicit either money or personal information. The messages vary, but all are designed to prey on our human vulnerabilities, including: <ul> <li>the desire to be a “hero”</li> <li>the desire to appear “generous”</li> <li>the desire to win “free money”</li> <li>the desire to be loved and admired</li> <li>the desire to avoid shame or punishment</li> </ul> If a scammer tries to message you, report them, Facebook advises, but that begs the larger question of how does one recognise a Facebook Messenger scam? Current Messenger Facebook scams According to Facebook and our cybersecurity experts, here are the most common Facebook Messenger scams today: Romance scams. Preying on our desire to be loved and admired, romance scammers appear as attractive strangers with sad stories and a desire to love and be loved. The most effective romance scammers will friend a number of mutual friends before reaching out to any of them, in an attempt to make themselves seem less like strangers and more like people in the same social network. Many use photos they’ve stolen off the Internet and many pose as members of the military or as doctors, in an attempt to inspire trust, admiration, and even authority. What they all have in common is they can’t meet you just yet because they’re somewhere far away, and although it may take a bit of time, even as much as several weeks, they will eventually ask you to send money so that they can come to see you. Lottery scams. Preying on our desire for “free money,” lottery scammers appear as friends or organisations who are thrilled to tell you you’ve won money in some lottery or contest. The common thread? It’s a contest you have no recollection of having entered and to get the prize, you’ll have to either pay a fee or “refundable” advance or provide personal information. Inheritance scams. Also preying on our desire for free money, inheritance scammers claim to be lawyers or others who represent someone who has died and supposedly left you their estate or some portion of it – but first, you’ll have to fork over some money or personal information. Loan scams. Another variation on the “free money” theme is the loan scam, whereby the scammer promises low-interest loans with no money down – except for a “refundable” application fee. Facebook points out that loan scammers may send messages via Messenger and also leave posts and comments on Pages and in Groups to legitimise themselves. However, legitimate lenders wouldn’t offer loans via Facebook Messenger, nor would they ask you for money to proceed with a loan application. Donation scams. Facebook specifically warns users to watch out for “famous people” or people claiming to represent a charity hitting them up for a donation. Donation scams, which are easy money for a scammer because they are a direct request for payment, prey on our desire to be perceived, or to perceive ourselves, as generous. “Hey, is this you?” scams. Consumer Affairs warns of this “phishing scam” that uses the threat of shame to goad you into giving up personal information. The scammer hacks into one of your Facebook friend’s Messenger accounts and sends you a video, asking if it’s really you in the video, and implying there’s something in the video that could embarrass you. If you ever get a message like this, Consumer Affairs urges you to ignore and delete it to avoid giving away personal information or introducing a virus onto your computer. Red flags to watch out for Unfortunately, Facebook Messenger scams evolve rapidly (as soon as we suss them out, there are several more to replace them). So, it’s a good idea to be aware of these warning signs that we culled from our experts: Someone is asking you for money. While Facebook warns specifically against strangers asking for money, Rachel Wilson, investigative coordinator for The Smith Investigation Agency, points out to Reader’s Digest that any time anyone asks you for money over Messenger, it’s immediately suspect. “If friends or family ask you to help them in an emergency, always call to speak with them personally to confirm that the message originated with them.” Someone is getting a little too personal. When someone sends you a message requesting personal information, especially financial information, it should be considered suspicious, advises Sean Messier, credit industry analyst for Credit Card Insider. Messier suggests not revealing any such information until you’re certain the message-sender is who they claim to be, but it’s probably also a good idea to never reveal any such information over Messenger at all. Someone is offering something for free. You know how they say there’s no such thing as a free lunch? Well, there’s no such thing as free money on Facebook, points out Robert Siciliano, security expert. This is true for any kind of “free money” Messenger message, including those involving lotteries, loans, contest winnings, inheritances, lost bank accounts, and reimbursements of money owed. Someone who wants to take the conversation off Facebook (to text or email, etc). Facebook warns against taking conversations off Facebook unless you’re absolutely certain, beyond a shadow of a doubt, the message sender is who they say they are. Messages that seem out of character for the sender. If a message seems “out of the norm” for the sender, trust your instincts and ignore it. This is doubly true if the message includes an attachment. Be very wary of opening attachments in general, and particularly if something seems “off” about the message or the sender. Messages rife with spelling and grammatical errors. Facebook points out that when a message is filled with typos and grammatical errors, you should have your guard up. A single typo is one thing, but things like the misspelling of names and places are a big red flag. Messages from new accounts with few friends. Roger Thompson, CEO of Thompson Cybersecurity Labs, points out that new accounts with few friends should always be considered suspicious until confirmed otherwise. Friend requests from such accounts and from duplicate friend accounts should be considered suspect as well. To avoid getting hacked (and used by a cybercriminal in an imposter scam), Wilson recommends updating your social media passwords regularly and always use two-factor authentication. She also notes that with Facebook use increasing among seniors, it would be a good deed to speak to older family members about Messenger scams and how to avoid them. Image credits: Getty Images This article originally appeared on <a href="https://www.readersdigest.com.au/true-stories-lifestyle/science-technology/facebook-messenger-scams-are-on-the-rise-heres-how-to-protect-yourself" target="_blank" rel="noopener">Reader's Digest</a>.

Technology

Australia can learn from the UK’s experience by making banks pay for scam losses

<a href="https://theconversation.com/profiles/muhammad-al-mamun-1454182">Muhammad Al Mamun</a>, <a href="https://theconversation.com/institutions/la-trobe-university-842">La Trobe University</a> British banks will soon be required to reimburse customers who fall victim to authorised push payment fraud – where a scammer convinces you to authorise a payment, generally by masquerading as a legitimate business or person. The new rules from the UK’s <a href="https://www.psr.org.uk/">Payment Systems Regulator</a> are intended to incentivise all businesses involved in payments to take more action against scam activity, with reimbursement costs split 50:50 between the bank that sends and the bank that receives the payment. There is a strong case that banks and other payment providers in Australia (and New Zealand) should be made to do the same. Scam-related losses are soaring, and banks are falling short of detecting, stopping and recovering losses. In 2022 Australians <a href="https://www.accc.gov.au/system/files/Targeting%20scams%202022.pdf">lost at least $3.1 billion</a> to scams – an 80% increase on 2021. The Australian Competition and Consumer Commission says the actual losses were far higher, because about 30% of victims don’t report their loss to anyone. While the biggest losses came from investment scams (totalling $1.5 billion), payment redirection scams – where a scammer impersonates a business or individual asking for payment – amounted to A$224 million. Among the most vulnerable groups are older people (25% of losses were reported by those aged 65+), people with a disability (6% of reported losses), and people from culturally and linguistically diverse communities (almost 10% of reported losses). <h2>What are Australian banks doing?</h2> No regulations oblige Australian banks to reimburse scam victims, though some banks have self-governed reimbursement policies. While banks have dedicated fraud teams to prevent scams and support victims, the most recent review of the four major banks’ processes by the Australian Investments and Securities Commission, <a href="https://download.asic.gov.au/media/mbhoz0pc/rep761-published-20-april-2023.pdf">published in April</a>, says they detected and stopped just 13% of scam payments. Reimbursement policies and practices varied from bank to bank but the overall rate was low – ranging from 2% to 5%. The review described the banks’ approaches to liability, reimbursement and compensation as “inconsistent and generally very narrow”. <h2>Why the UK has made banks responsible</h2> The greater obligations being imposed on British banks follows attempts by the UK’s <a href="https://www.psr.org.uk/">Payment Systems Regulator</a> to improve consumer protections through a voluntary code of conduct. Introduced in May 2019, this voluntary code was intended, under certain conditions, to ensure the reimbursement of victims of “authorised push payment” scams. These conditions included the customer taking reasonable care and notifying any scam incident to the bank. It had modest success, with <a href="https://www.psr.org.uk/news-and-updates/latest-news/news/psr-sets-out-proposals-to-give-greater-protection-against-app-scams/">46% of reported scam losses</a> being reimbursed between 2020 and 2022. But the Payment Systems Regulator wants 95%. So it has pressed for a mandatory reimbursement scheme. Under the new provisions money must be reimbursed within 48 hours of a fraud being reported. The idea is to get banks to put more effort into detecting and preventing scams. Overall, the UK has accepted the need for a more regimented regulatory approach over a market-based one. <h2>A more pragmatic approach needed</h2> While the Australian Investments and Securities Commission’s own reports have revealed the sorry state of scam prevention, management, and reimbursement practices at major banks, the regulatory body is still not walking in the footsteps of the UK. It is instead advising banks to improve their governance and scam management practices. The Australian Banking Association, which represents the banking sector, has strongly argued against regulation supporting mandatory reimbursement. It has even suggested this <a href="https://www.smh.com.au/business/banking-and-finance/big-banks-fight-push-for-billions-of-dollars-in-scam-refunds-20220131-p59sp3.html">could increase scamming losses</a> because of the risk customers will take less care if they know any losses will be covered by their bank. It has called for greater personal responsibility in preventing scam losses. But such an argument ignores the effects of the digitisation push by financial service providers, which has made scamming so much easier. Scammers are also becoming more sophisticated. The statistics speak for themselves. Scamming losses are increasing. Recovery rates are meagre. A more pragmatic approach based on this reality and banks’ fiduciary responsibilities is needed.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/209585/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /> <a href="https://theconversation.com/profiles/muhammad-al-mamun-1454182">Muhammad Al Mamun</a>, Senior Lecturer in Finance, <a href="https://theconversation.com/institutions/la-trobe-university-842">La Trobe University</a> Image credits: Getty Images This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/australia-can-learn-from-the-uks-experience-by-making-banks-pay-for-scam-losses-209585">original article</a>.

Money & Banking

Thief asks woman out on date after robbing her at gunpoint

A US woman has gone through the harrowing experience of being robbed at gunpoint, but it was what happened after the fact that was almost as eerie. Amber Beraun was checking the mail one night at her Indianapolis home in May when she was approached by a man with a gun. The gunman was later identified as Damien Boyce. Speaking to WRTV, Beraun said she was confronted by Boyce, who attempted to enter her home. She refused and gave him all the cash she had handy, which came to $100. Before he made his escape, Boyce asked Beraun a very unexpected, and quite frankly bizarre question - to add him on Facebook. The thief also noted he was planning to pay her back. Beraun responded, telling him she “believed” him and that “times just get rough”. Boyce proceeded to ask the woman to “come chill”. He was later arrested by the Indianapolis Metropolitan Police Department and charged over a separate armed robbery on June 12, where two people got shot and one was hit in the head with a brick. He was also charged with his robbery of Beraun. Beraun said her local neighbourhood has been affected by the terrifying incident. "It makes me a little on edge knowing that people walk up and down the street, looking for places to commit crimes," she said. "It makes it a little different when you hear noises at night." Beraun insisted she "never" thought something like this would happen to her. "He took away my sense of safety from my home." Image credit: ABC America

Legal

How scammers use psychology to create some of the most convincing internet cons – and what to watch out for

<a href="https://theconversation.com/profiles/stacey-wood-473147">Stacey Wood</a>, <a href="https://theconversation.com/institutions/scripps-college-2153">Scripps College</a> and <a href="https://theconversation.com/profiles/yaniv-hanoch-1341108">Yaniv Hanoch</a>, <a href="https://theconversation.com/institutions/university-of-southampton-1093">University of Southampton</a> <a href="https://www.experian.co.uk/blogs/latest-thinking/fraud-prevention/cybercrime-fraud-most-common-crime-uk/">Online fraud is today’s most common crime</a>. Victims are often told they are foolish for falling for it, but fraudsters use psychological mechanisms to infiltrate the defences of their targets, regardless of how intelligent they are. So it’s important to keep up with the latest scams and understand how they work. Recently, consumer protection magazine Which? <a href="https://www.which.co.uk/news/article/the-4-most-convincing-scams-weve-seen-in-2023-so-far-a7bRP9s0KJvG">identified some of the most convincing scams of 2023</a>. These scams all have one thing in common – they insidiously take advantage of people’s cognitive biases and psychological blind spots. They included “pig butchering” a way of fattening up victims with affection, the missing person scam which involves posting fake content on social media pages, the traditional PayPal scam, and a new scam called the “fake app alert” in which malware is hidden on apps that look legitimate. <h2>Pig butchering</h2> In our work as fraud psychology researchers we have noticed a trend towards hybrid scams, which combine different types of fraud. Hybrid scams often involve crypto investments and <a href="https://www.psychologytoday.com/us/blog/the-fraud-crisis/202210/new-scams-committed-forced-trafficked-labor">sometimes use trafficked labour</a> In the US alone, <a href="https://www.fbi.gov/contact-us/field-offices/springfield/news/internet-crime-complaint-center-releases-2022-statistics">the FBI recently reported</a> that people lost US $3.3 billion (£2.6 billion) in 2023 to investment fraud. Pig butchering is a long-term deception. <a href="https://www.cnbc.com/2023/05/02/pig-butchering-scammers-make-billions-convincing-victims-of-love.html">This type of scam</a> combines elements of <a href="https://www.actionfraud.police.uk/a-z-of-fraud/romance-scams">romance scams</a> with an investment con. The name comes from the strategy of <a href="https://www.theguardian.com/money/2023/may/22/dating-cons-and-dodgy-apps-among-most-common-scams-says-uk-watchdog">“fattening up” a victim with affection before slaughter</a>. It will usually begin with <a href="https://www.which.co.uk/policy-and-insight/article/pig-butchering-among-most-convincing-scams-of-2023-so-far-which-warns-aDRtr4I1UT1R">standard scam approach like a text</a>, social media message, or an introduction at a job board site. Victims may have their guard up at first. However, these scams can unfold over months, with the scammer slowly gaining the victims’ trust and initiating a romantic relationship all the while learning about their vulnerabilities. For example, details of their financial situation, job stresses, and dreams about the life they want. Romance scammers often saturate their targets with affection and almost constant contact. Pig butchering sometimes involves several trafficked people working as a team to create a single persona. Once the victim depends on the scammer for their emotional connection, the scammer introduces the idea of making an investment and uses fake crypto platforms to demonstrate returns. The scammers may use legitimate sounding cryptocoins and platforms. Victims can invest and “see” strong returns online. In reality, their money is going directly to the scammer. Once a victim transfers a substantial amount of money to the con artist, they are less likely to pull out. This phenomenon is known as the <a href="https://www.sciencedirect.com/science/article/abs/pii/0749597885900494">“sunk cost fallacy”</a>. Research has shown people are likely to carry on investing money, time and effort in activities they have already invested in and ignore signs the endeavour isn’t in their best interests. When the victim runs out of money or tries to withdraw funds, they are blocked. The victim is left with not only financial devastation, but also the loss of what they may imagine to be their most intimate partnership. They are often <a href="https://cloud-platform-e218f50a4812967ba1215eaecede923f.s3.amazonaws.com/uploads/sites/6/2021/12/VC-Who-Suffers-Fraud-Report-1.pdf">too embarrassed to discuss the experience</a> with friends and family or to report to the police. <h2>PayPal scams</h2> Fake payment requests are a common attack that works by volume rather than playing the long game. Payment requests appear to come from a genuine PayPal address. Fraudulent messages typically begin with a generic greeting, an urgent request and a fake link. For example, Dear User: You’ve received a payment, or you have paid too much. Please click link below for details. Users are directed to a spoofed website with a legitimate sounding name such as www.paypal.com/SpecialOffers and asked to enter their account information and password. Both of us have received these scam requests – and even we found them difficult to discern from legitimate PayPal request emails. These scams work through mimicry and play on the human tendency to trust authority. Legitimate PayPal correspondence is usually automatic bot language, so it is not difficult to imitate. But remember, genuine messages from PayPal <a href="https://www.paypal.com/ca/for-you/account/security/fraud-dangers#:%7E:text=Any%20email%20from%20PayPal%20will,bank%20account%2C%20or%20credit%20card.">will use your first and last name</a>. <h2>The missing person scam</h2> This seems to be a new scam that exploits a person’s kindness. In the past, charity scams involved posing as charitable organisation responding to a <a href="https://www.aarp.org/money/scams-fraud/info-2019/charity.html">recent, real calamity</a>. The new missing person scam is more sophisticated. The initial plea is a <a href="https://www.thesun.co.uk/tech/20875699/facebook-fake-missing-child-scam-warning/">fake missing person post</a> that generates likes and shares, increasing its credibility and exposure. Then the fraudster edits the content to create an investment scheme which now has the veneer of legitimacy. This scam may work because the initial consumers are unaware that the content is fraudulent, and there is no obvious request. In psychology, this type of persuasion is known as “<a href="https://thedecisionlab.com/reference-guide/psychology/social-proof">social proof</a>” – the tendency of individuals to follow and copy behaviour of others. <h2>Fake app alerts</h2> People post mobile apps, designed to steal users’ personal information, on the Google Play or Apple app store. The app often has a <a href="https://www.edinburghnews.scotsman.com/news/crime/another-person-comes-forward-after-banking-app-scam-3584340">legitimate function</a>, which gives it a cover. Consumers unknowingly jeopardise their private information by downloading these apps which use malware to access additional information. Although there has been <a href="https://tech.co/news/fake-android-apps-delete">media coverage of Android security issues</a>, many users assume malware <a href="https://www.ben-evans.com/benedictevans/2020/8/18/app-stores">cannot bypass app store screening</a>. Again, this scam plays on people’s <a href="https://psycnet.apa.org/doiLanding?doi=10.1037%2F0021-9010.92.3.639">trust in authority figures</a> to keep tjem safe. Discuss any investment opportunities with friends, family members or professionals. It’s much easier said than done, but exercising caution one of the best strategies to reduce the chance of becoming a fraud victim. Scammers count on people paying little to no attention to their emails or messages before clicking on them or providing valuable information. When it comes to scams, the devil is in the missing details.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/207759/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /> <a href="https://theconversation.com/profiles/stacey-wood-473147">Stacey Wood</a>, Professor of Psychology, <a href="https://theconversation.com/institutions/scripps-college-2153">Scripps College</a> and <a href="https://theconversation.com/profiles/yaniv-hanoch-1341108">Yaniv Hanoch</a>, Professor in Decision Science, <a href="https://theconversation.com/institutions/university-of-southampton-1093">University of Southampton</a> Image credits: Shutterstock This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/how-scammers-use-psychology-to-create-some-of-the-most-convincing-internet-cons-and-what-to-watch-out-for-207759">original article</a>.

Technology

Our Partners

Over 60

News

Shop

Catalogues

Newspaper

Contests

Entertainment

Travel

Health

Lifestyle

Finance

Property

Compare

Games

Information

Keep up to date

Search

Worried your address, birth date or health data is being sold? You should be – and the law isn’t protecting you

"I felt duped": 95-year-old loses $1.6 million in bank scam