I fell for a scam recently. It was one of those phishing emails, set up to look like something they’re not, leading to a landing page that usually asks you for credit card or personal details. In this case, it was a Woolies email about a “survey that I’d done”, arriving only days after I’d completed an actual Woolies Rewards survey. Thankfully, the odd URL and the occasional spelling error in the landing page roused my suspicions, so I noped out and ran a malware/virus scan to be safe, all the while cursing out people who do this sort of thing to make a living. Seriously. Scams have been getting more elaborate with time. There’s a popular ATO phone scam going around, where you get threatening robocalls about owing money to the ATO. There’s the usual Auspost ones about parcels that don’t exist, and more.
Three of the most common types of scams, according to Gizmodo, are:
- SIM Swap scam: Someone impersonates you by convincing your carrier to redirect your cell phone number to their phone. Depressingly easy to do, apparently. You can protect yourself by reducing your reliance on SMS two factor authentication and relying on apps like Google Authenticator instead. Be vigilant about warning signs like loss of data or call functionality. Call your carrier to ask about their security measures.
- Phishing messages: Fake emails and messages. Sometimes, even opening an email can get you, even if you don’t click on a link. Keep your virus protections up to date and don’t feel too bad if you get caught out: remember, Jeff Bezos himself recently got hacked via phishing message from the Saudis. True story.
- Fake calls: These can be depressingly effective even if you’re vigilant. Check the spam/phishing pages of the company purportedly calling you to see if the scam is listed. Google the script that the caller is using. Google the phone number they’re calling you from. People online are very good at listing scammers.
For further help, here’s how you can defend yourself.
Nothing Good Ever Happens–The Cynicism Protection Against Scams
Money doesn’t just drop out of the sky for most people. People don’t randomly pass away in another country and leave you money, and speaking as someone who used to practice as a solicitor, we sure as hell wouldn’t email you about it if there were a million dollars at stake. Apply a healthy degree of cynicism toward anything you read online: whether it’s “Congrats, a $50 Woolies voucher!” or “I write to you to say that your uncle has passed away and left you assets from his estates” and you will hopefully be fine. A healthy spam filter also tends to work out for us. Another thing you could do is: where possible, i.e. if it’s just for a survey or wifi access or whatever, don’t provide anyone with your real email address. I swing between putting down a random 123@123.com address myself, or, if I’m feeling particularly vindictive that day, Donald Trump’s.
By the same vein of ‘don’t trust everything you read’, websites telling you that X payment didn’t go through, or Y account got locked are often phishing emails. You can check whether they are by reading the emails carefully: sometimes there are hilarious spelling errors. Phishing emails are often from odd addresses, or ask you for personal details. Instead of clicking through any links or worse, any attachments, just log in directly to the account in question and check from there.
Some scams work by throwing you off-balance, either by threatening you or claiming to be from a friend who’s lost their passport/wallet in another country. This once happened to my Mum: a friend emailed her through their actual email address, asking for money to be wired to a strange account, because they were in Barcelona and had lost their passport. Mum happened to also be in Barcelona at that time, however, so she called the friend’s phone to tell them that if they needed help, she was already in the same city–only for the friend to tell her that their email had been hacked, and that some of their family members had already fallen for the scam before they could put a stop to it.
Finally, as a form of self-care: report the emails. I don’t know if this ever amounts to anything, but I love forwarding every Paypal phishing email to Paypal’s designated reporting account.
Sometimes People Are Just Asshats
The most asshat scams I’ve seen recently are the bushfire scams, pretending to raise money for the families of firies and such. How much of a total bastard do you have to be to try and profit off mass tragedy? Via the ABC:
The Australian Competition and Consumer Commission (ACCC) told the ABC they had received 86 reports of bushfire-related scams since September of 2019, including 20 calls to the scams hotline on Tuesday.
The rise in reported scams comes as authorities have begun to ask people to donate cash rather than goods, as a surplus has built up and is causing distribution issues.
The scams reported include:
- People impersonating relatives of victims and requesting money via text messages or phone calls
- Calls or websites impersonating charities and crowdfunding pages impersonating charities
- People doorknocking, saying they or loved ones have been impacted by the bushfires
Check whether a charity is registered by searching the Australian Charities and Not for Profits Commission, and be wary of gofundmes from sources that you can’t trust.
Still, sometimes you can do everything right but still get scammed. Card scanners are everywhere, card data can get secretly recorded when you use it, or, like me, you could just get your wallet stolen on a crowded train out of a cake show. Nowadays, the scary thing is to get your ID stolen–cards can be replaced quickly or stopped through an app, but people can easily wreck havoc with an ID card. The only thing you can do is to make sure you are on internet banking apps that’d allow you to quickly monitor every transaction, and just try to be more careful. There are ways to protect yourself against card scanners: see the last section below for more.
Some businesses or people you meet might offer you products or services that feel too good to be true. Even if they don’t, or even if the business feels legit, before you commit to providing any place with your details, do at least a quick Google of them online. Check the News tab on Google. Search them over social media. This should give you a better idea, from online information, what the business is and whether they’re legit.
Ensure that the people in your company are also aware of basic safety procedures. A large corporate business we know once was nearly scammed of millions of dollars: a Hungarian scammer had hacked their emails and had sent a phishing email over to one of their large clients, asking them to make their next payment to a Hungarian account. Thankfully, the client’s accountant became suspicious and contacted the business directly to ask why the bank details had changed so dramatically. Stay suspicious and you’d stay safe.
What Does This Have to Do with Advertising?
As people grow increasingly suspicious of the things they read and see, legitimate businesses can run afoul of this increased scrutiny. If your branding looks dated (or doesn’t exist), you might run into legitimacy issues — people might think that your products/services, particularly if they’re expensive, are not what they appear. Your branding and brand collateral should look as though they suit the target market that they’re aimed at, in order to deepen public trust in your brand.
Further, ad agencies should be careful to ensure that the collateral they produce on behalf of their clients is as ethical, truthful, and non-misleading as possible. Even the suspicion of a scam can taint a brand forever. For example, with regard to our Lamattina client, when creating their Instagram content, we were careful not to put forward facts that we could not be completely sure were backed by a verified, trusted medical source. This, accompanied with branded visuals and language, as well as a popular Instagram campaign, created a healthy level of engagement with the campaign over its run.
Things To Do Right Now
You can do the following things right now to protect yourself if you’re concerned about scams:
- Ensure that you use a password manager of some kind. Don’t use the same password for everything: ideally, you use a randomly generated separate password for everything, one that you change every 2 weeks. There are apps out there like LastPass that will make this easier for you, and which integrate into your browser and phone.
- Use a third-party authenticator. Google Authenticator is great, and works with programs like Twitter and Amazon. If you want to go to the next level, use a physical key, like Yubico. We’re too lazy for this however, but it’d probably become a measure that grows more popular with time.
- Check websites like have Have I Been Pwned to see if your details were on any hacked databases. Change the passwords on those.
- Use RFID wallets to prevent your cards from being scanned. I use a Bellroy myself, a beautiful, supple, slim wallet that still works to protect my cards.
- Check ATMs before you use them to see if a card scanner has been fitted over the slot. It’s called ATM skimming, and it’s how people can gain access to your card details while you use an ATM. Wiggle the card intake to see if it’s been fixed, and check it for glue marks. Check overlooking items (like brochure boxes etc) for anything that might look like a hidden camera. Does the keypad look weird? Is it sticky, or stiff, or does it look like it can be levered off the ATM? Is the card slot taking forever to take your card? Are there strange people hovering nearby? Be careful.
- Sites like Deleteme claim to remove your personal details from databases that you’ve been on, but we’re not entirely sure about handing over key information to a website just so that it will remove it from other sites. Deleting old accounts from sites you no longer use is a good habit, though.
- Stop posting personal information on public sites like Twitter. Using information that many people freely place on the internet, people can often hack into your accounts by being able to answer questions like the name of your mum.
- Don’t pick up calls you don’t recognise immediately. Google the numbers.
- Don’t respond to strange calls asking you for personal details. Hang up and call the direct number.
- If something is too good to be true, it probably is.
Best of luck, and stay vigilant.