Think first then dial
 
Triple Zero
Police, Fire, Ambulance
in an emergency
 
131 444
Police Assistance Line
for non-urgent police assistance
 
1800 333 000
Crime Stoppers
report crime anonymously

Scams and cybercrime

Scams themselves are not new (think Nigerian prince), but the tactics and methods being used to carry out scams are continually evolving. Traditionally scams have been conducted via phone and mail, and while these are still prevalent, our reliance and use of new  technologies, such as the internet and email,  also presents scammers with additional opportunities to reach potential victims and obtain your personal information.

By being smarter with your data, verifying the source or knowing how to spot scams you can help protect yourself from losing your identity, your reputation or your life savings.

Scams could impact you

The evidence

The ACCC reports that Australians lost over $634 million to scams in 2019. This is a 30% increase compared to 2018 when $489 million was reported lost. Australians made 167 797 reports to Scamwatch in 2019 and although there was 5% fewer reports received than in 2018, financial losses increased by 34%.

Losses by scam type

Based on the combined ACCC data, the greatest losses in 2019 by type of scam were:

  • $132 million lost to business email compromise scams
  • $126 million lost to investment scams
  • $ 83 million lost to dating and romance scams.

Phone has been the most common contact method for scammers since 2011, with over 40% of scams received by this method alone in 2019. In 2009, 13% of all scams were received by email, but by 2019 that had reduced to 2%.

Know the scam

What's new?

Bill discount scam (added October 2020)

Joan received a phone call, at a time when she was feeling overwhelmed by the number of bills she had, from a service that offered to pay her bills for her at a discounted rate. Joan’s friend had given this service her details and had used it herself.

Joan was a little suspicious but decided to try it out with one of her almost due bills. Joan provided the service with the details of the water bill and they immediately paid it. She even contacted SA Water and was able to confirm that her account had been paid.

Joan was very pleased and provided the service with her other outstanding bills, which were all duly paid off. Joan just had to go to the bank and put the discounted amount, in this case 80%, of the bill into an account provided by the service. This saved Joan a lot of money.

Almost a month later Joan received a stack of bills from her providers, all of which were overdue. She contacted them and was told that the payments had been made with a stolen credit card and the money refunded to the financial institutions. The credit card company executed a chargeback to the utility company, reversing payment of the settled bill using the stolen credit card.  The bills were then re-issued back to Joan and that's when she realised she was scammed. Joan was liable for bills and all overdue fees and had lost the money she paid to the service.

This scam, known as a “Bill Discount” scam is relatively new in South Australia.

Classified scams (added August 2020)

In August 2020, Dave from Salisbury listed his car on Gumtree for sale for $13,500. Dave was contacted by someone interested in purchasing the car. They agreed a price of $13,000 and the ‘buyer’ attended Dave’s address to look at the car.

The buyer attended with three other men and after driving the car were happy to purchase it. Dave agreed that a bank transfer of the money was acceptable. The buyer asked Dave to put his bank details into the buyer’s online banking app. A few minutes later, with Dave having been distracted by the other members of the group, the ‘buyer’ then showed Dave a receipt showing the successful  transfer of $13,000.

The buyer and his three mates then left in possession of the car. A few days later Dave noticed that the money had still not arrived in his bank account. He attempted to contact the buyer without success. It appears as though the buyer had blocked Dave’s number preventing him from making contact.

This type of scam is known as ‘Classifieds Fraud’. There are two distinct types of Classifieds Fraud.  The most common is where the victim believes they have purchased an item, transfers the money, but never receives the goods. The second type – like this example – is the opposite where the victim is selling something and the scammer convinces them that they have paid and takes possession of the goods, but the money never arrives.

There are several ways that this can be done; in this instance it appears the scammer has created a fake transfer receipt suggesting the money transfer was successful. Another common method is via Paypal payment where the scammer cancels the transfer after the victim sees the successful transfer notification.

Police recommend not handing over possession until you are satisfied the funds are cleared and in your account and that the transfer cannot be cancelled.

Cryptocurrency investment scam (added July 2020)

In March 2020, a man in his seventies became a victim of an investment scam after he transferred over a million dollars in cryptocurrency out of his superannuation account. The elderly victim received a cold call from a cybercriminal claiming to be the director of a leading trading brokerage who persuaded him to trade with him online.

Initially the victim invested small amounts of money with some success. He was later encouraged to invest larger amounts with the promise of higher returns. Over a period of three months he transferred a total amount of $1,102,700 into an online trading account. The victim later discovered that all the money was missing from the account and the company had ceased all contact with him.

SAPOL advises members of the public to do some research and consider seeking independent advice when considering an investment. Police ask people not to be pressured into opening digital wallets as scammers often target people who are unfamiliar with the process. Remember, just because an investment has an apparent celebrity endorsement, it does not mean it is safe.

Rental scam (added July 2020)

In July 2020, a member of the public seeking to rent a property viewed an attractively priced listing on a popular social media platform. The potential renter requested a face to face meeting through the post to view the property but they were advised that due to COVID 19  it was not possible.  The potential tenant was asked to transfer a bond to secure the property together with the first week's rent before handing over keys to which they agreed to do. After the money was transferred there was no further contact made and all the money was lost and never recovered. The posting was in fact a fake and the image had been obtained from an official real estate website.

Avoid using social media to view properties for rent or sale, instead use reputable real estate websites and view the property in person before parting way with any money. Whilst this particular scam relates to rental properties, the same advice applies for holiday rentals, classifieds and other goods purchased online.

Tax scam (added July 2020)

Tax time is here, and so are the scammers. South Australia Police has released a Avoid being scammed this tax time flyer so that you know how to protect yourself this tax season.

To see some case studies involving tax related scams, click on the Threat of arrest heading below.

SA Police and Crime Stoppers have released this video on one of the latest scams circulating in South Australia.


Real life local stories in South Australia

The following are reports recently received by South Australia Police. While some of the names and suburbs have been altered for privacy reasons, the modus operandi of the scam is real.  Scammers regularly change their methods and messages so it is important to keep up to date with local scams.

Classifieds, discounts and refund scams

Incident One

In May 2020, a 40-year-old male received a phone call from his telecommunications provider. They informed him that because he had been a loyal customer, they could offer him a 30% discount on his bill. Interested in the discount, the male verified his identity by providing his personal details. Shortly after he received an SMS with a one-time code, which he read to the caller to approve the discount. It turns out the caller was not from his telco provider and was in fact a scammer. The scammer used the information provided to purchase a brand new phone, which he sent directly to himself.

SMS one-time PINs are used to verify that you are who you say that you are. This additional security feature works by sending a code to your phone, confirming that you have physical possession of the device. These codes usually relate to online interactions, so do not give this code to anyone, even someone asking for it over the phone.

Incident Two

In May 2020, an educational institution received an email from a parent advising they had transferred money for the enrollment of their child into the institution’s account, but now needed it refunded. Citing compassionate grounds; that their child was ill, needed surgery and could no longer attend the facility, they requested a refund for the money deposited, but into an account other than that from which it was original paid. As the educational institution continued to correspond with the parent, it became apparent that the ‘parent’ did not seem to know basic details. The Accounts Manager became suspicious and reported the incident.

This type of scam is known as refund fraud, whereby scammers try to move money by receiving refunds paid into accounts different to those the money was deposited from. Usually the money was either not theirs to begin with, or the refund is completed prior to the original funds clearing, meaning the victim is left out of pocket. We advise institutions and organisations to refund credit card payments back to the original credit card, and to not refund any money until you have confirmed the money has cleared.

To make a report visit cyber.gov.au

Find out more about how scam works from scamwatch.gov.au

Threat of arrest scams

Incident one

In April 2019 Rose from Morphett Vale received a phone call from an unknown number that showed an area code outside of South Australia. When Rose answered the phone a male informed her that he was a federal agent from the ATO and that she owed $1,000. The ‘agent’ told Rose she had less than an hour to clear this debt otherwise police would arrest her and that he had a warrant ready to go. He then told her to call her local station to confirm this information. The caller supplied Rose with the number for her local station (which was correct) after asking her what her local station was.

Whilst Rose was on the phone, she missed a call from a number that appeared to be from her local station - it showed the number and suburb where the station was located. She called the number back by pressing the call back button. Rose then listened to the automatic message that her local station plays before being put through to an officer. But Rose was not calling her local station, and it was not a member of South Australia Police that she was talking to. It was the scammer posing as a federal agent who had spoofed the caller ID on Rose’s phone. Even though it looked like she was calling the police, she had called the scammer back at an unknown location.

Rose followed the instructions she was given to pay the debt, attending a local store that sold gift cards, purchasing the amount she ‘owed’ and sending the details through a separate phone app that she was told to download. Rose lost $1000.

Incident two

Listen to the arrest scam here

In February 2019, Debra from Grange received a phone call from someone alleging to work for a government agency. The caller advised Debra that she had in excess of $5000 worth of outstanding fines, and that if she didn’t pay it back, she would be arrested. Debra was convinced that the fines and threat were real, because upon providing the caller with the details of her local police station, she received a phone call from the Henley Beach Police Station phone number. Debra bought over $2000 worth of gift cards and provided the caller with the card numbers as she was told to. Debra then bought some more gift cards, but a staff member at the shop she was in told her she might be getting scammed. This staff member saved Debra from losing another $2000 to the scammer.

Incident three

Tom received a phone call from someone who identified themselves as working for a government agency. The caller advised Tom that he had an unpaid tax debt and that if he failed to pay it immediately, he would be arrested. Tom queried the caller, stating that he used Peppers Accounting to lodge his tax returns. The caller asked for the phone number of the accounting firm which Tom provided. Tom was convinced that his debt was legitimate, as shortly after, he received a phone call from the Peppers Accounting phone number. Tom followed the caller’s directions, purchasing a large sum of gift cards and passing the card numbers onto the caller. It turns out that the phone calls were in fact from scammers and not the agencies they stated. The scammers used a tactic called ‘phone spoofing’ which is where they change the incoming caller ID to appear as though it was coming from the accounting firm. Tom was not able to recover the money he spent on gift cards.

To make a report visit cyber.gov.au

Find out more about how this scam works from scamwatch.gov.au

Dating and romance scams

Karen lives in Adelaide. Over two years ago she started a relationship with a person living overseas. Karen put $50,000 into his bank account which she thought was going towards his education. When Karen travelled overseas to meet her online partner in person he didn’t turn up. She has ceased all contact with him but she has been left emotionally broken and $50,000 poorer.

To make a report visit cyber.gov.au

Find out more about how this scam works from scamwatch.gov.au.

Computer hacking/remote access scams

Incident one

A 64-year-old woman from Eden Hills was contacted on her landline telephone by someone purporting to be from Telstra. The caller said there was a security breach on her laptop and they needed to fix it. The victim provided remote access to the laptop which in turn allowed the offenders to access her files and online banking. The offenders also convinced the victim to photograph and upload to the computer her ID including driver's licence and Medicare Card.

Whilst accessing the computer, the offenders showed the victim that they had deposited $6000 into her account. Subsequent checks with the bank show there was no such transaction. The victim, in the belief that there was someone else’s money in her account has proceeded to follow the offender's instruction to attend a supermarket and purchase Google Play cards. The scammers warned the victim that the store would advise her it was a scam and to make an excuse about them being for children/grandchildren.

The victim was also told that she would receive a call from Bitcoin, asking if she had been forced to create the account to buy Bitcoin and to say no. She was told to supply them with an email address that the scammer had created in her name and to ask for Bitcoin and XRP for $600.

It turns out that the ID the victim uploaded to her computer at the request of the scammers, was used to open a Bitcoin wallet in her name without her knowledge. In total, she lost $3800 to the scammer.

Incident two

Joan from Marion received a phone call on her mobile phone from a man claiming to be from her telco, offering to fix her slow internet connection. Joan was asked by the caller to download and install an app on her mobile phone that she was unfamiliar with. Joan complied with this request, installing the application without hesitation believing she was speaking with a legitimate representative of her telco. Joan was told that she had to transfer a small sum of money to the telco, but that it would be returned to her bank account immediately. Joan complied with this request, which provided the caller with all of her banking details as the application she had installed allowed ‘remote access’ to her phone. This essentially meant the caller could see everything on Joan’s screen and even control her device. When Joan checked her bank balance she saw that her bank account had been emptied. The caller was in fact a scammer and not a representative of any telco.

Incident three

Charles from Mount Barker answered a call on his mobile phone from a person claiming to be a telco technician. The alleged technician told Charlie that he had a virus on his computer and to fix the issue; he needed to unlock the computer and follow a link provided by the technician. Charlie, concerned that he had a virus, followed the instructions allowing the technician access to his computer. Charlie has since realised that he has had nearly $10,000 withdrawn from is personal bank account. The caller turned out to be a scammer and not a representative of any telco.

Incident four

Rosemary received a phone call from someone identifying themselves as an employee of a telco provider. They asked if she had been experiencing issues with her internet, which she had, and stated that if she downloaded software they would be able to take a look at it for her. Rosemary followed the caller’s instructions, which gave them remote access to her computer. The caller informed Rosemary they had located hackers in her network and needed her assistance in catching them. They transferred money into her account and requested that she go to her bank, withdraw the money and then deposit it at a non-bank remitter to a specified overseas account. Rosemary followed the caller’s instructions. It wasn’t until some days later that Rosemary realised the money that had been transferred into her account was not from the telco provider, rather from another of her own accounts, and was in fact her own money.

To make a report visit cyber.gov.au

Find out more about how this scam works from scamwatch.gov.au

Unexpected prize scam

Incident one

A 65-year-old woman received a message on Facebook Messenger apparently from a friend. It had the friend’s photo and name on it. The message advised the victim of a Facebook compensation lottery, which her friend had won, and for which the victim was eligible. The message contained a link to a claim agent. The victim was promised $35,000 if she paid a $9,500 insurance fee. While the victim paid $2578 (including $28 bank fee), she was asked to pay the rest but advised she couldn’t pay any more as she was on a pension. A few days later the victim has asked for her money back and was told the agent would start a process to refund the money. She has been in contact and is repeatedly told they are working on it. The victim finally told the agent that she wanted her money back this week, or she would go to the police. The victim has had no further contact.

Incident two

Sally was on holiday when she received a message via social media from a ‘friend’ telling her that she had won money. Sally was given a phone number to contact to find out how to claim her winnings. When she contacted the number, the ‘agent’ asked for some information including her personal details and various forms of ID, which she provided. Sally also bought $400 worth of gift cards at the request of the agent, and provided them with the card numbers. It was when the ‘agent’ started asking for more gift cards, that Sally realised she was being scammed by someone using her friend’s social media account.

To make a report visit cyber.gov.au

Find out more about how this scam works from scamwatch.gov.au

Phishing

Incident one

A 32-year-old man received an email offering a cure for the COVID-19 virus. The email contained a link that would, supposedly, take the user to a website selling a new product that cured and prevented falling ill with the Novel Corona virus. The website prompted the user to supply personal details, including full name and credit card details. The man realised that this information was valuable and fortunately did not fall for the phishing attempt.

Scammers are continuing to exploit the fear of the COVID-19 (Coronavirus). Common scams that are circulating relate to falsely advertising coronavirus-related remedies such as this one, and setting up fake fundraising initiatives. Members of the public need to be mindful that many of the fraudulent advert and product links are integrated into popular social media platforms. Emails claiming to be from legitimate health or fundraising organisations are also being used by scammers.

Incident two

A 52-year-old man, who lives within the bushfire affected areas of South Australia, received a phone call from someone claiming to be from a bank. The caller said the bank would like to give him money from the Disaster Relief Fund. To do this the bank needed their account details in order to electronically transfer the money to them. The man became suspicious and questioned the caller regarding specifics of the fund and the bank for which they claimed to represent. The caller was unable to provide adequate answers, so the victim hung up the phone. The victim rang his bank using a known number, to which they confirmed the phone call was a scam.

Incident three

No one is immune to ‘Phishing’ emails, not even the police. Along with numerous other businesses, SA Police recently received an email claiming to be from the Australian Competition and Consumer Commission. However, on closer inspection, there were several typical warning signs that the email was in fact a scam. Have a look at the suspicious email and some of the give away signs.

Incident four

"A better service than Netflix... and it's free for Australians!"?

No, it's not. An advertisement for MovieFlix has been doing the rounds on social media, but don't be fooled, it is actually an elaborate ploy to steal your credit card details.

The phishing scam leads users to a fake article that claims to have been shared and commented on by thousands of users, along with a still photo of an apparent news bulletin. The advertisement has been picked up by Western Australia’s Consumer Protection Department and Australian Competition and Consumer Commission’s Scamwatch team and identified as a scam.

Sextortion

Incident one

Barry started speaking with a person on a dating website who stated they were an adult entertainment model. As the conversation progressed, the model got Barry to speak to her ‘manager’ requesting a booking fee to meet up with the model, but assured Barry that he would get the money back when he met the model in person. Barry transferred the money, in addition to another $200 to book a hotel room. The manager stated they never received the funds, and requested Barry transfer more, to which he refused. Barry kept chatting with the model, which lead to him sending intimate photographs of himself. On doing so, he was threatened to pay money to the scammers or they would release his photos to his family members and friends on social media. Barry did not pay the scammers the money and reported the matter to police.

Incident two

Craig received a friend request from an unknown person on social media. He accepted the request and exchanged messages with his new friend. The following day, this evolved into engaging in intimate acts. Shortly after, Craig was contacted by scammers, with attachments containing video footage and photographs of him engaging in acts from the day before. He was threatened to pay $2000 or the footage would be released to all of his social media friends.

Incident three

Bruce from Norwood received an email from an unknown person, stating that he had been filmed through his webcam whilst visiting an adult site. The email contained an old password of Bruce’s, which the scammer offered up as proof  they had gained remote access to his computer. The scammers threatened the footage would be release to family and friends if he failed to pay a sum of money. Bruce did not pay the money. No such footage existed, and the scammers had not gained access to Bruce’s computer. The scammers supplied an old password used by Bruce, which had been compromised in a data breach some years earlier.

To make a report visit cyber.gov.au

Find out more about how this scam works from scamwatch.gov.au

Investment/jobs scams

Incident one

In May 2020, a 54-year-old female received a phone call from a superannuation agent, advising her that she was eligible to access some of her super through the Government’s early release scheme in response to the COVID-19 pandemic. After confirming both her personal and account details, the agent advised her that he had successfully lodged the request for her. The female has since realised she was the victim of a scam and has had money stolen from her account. The scammers tried to withdraw additional funds but fortunately the transaction was prevented. The Government’s decision to allow early access to superannuation has helped many people through the COVID-19 crisis, however cybercriminals are taking advantage of the initiative by stealing South Australians’ Superannuation funds via the scheme.

Avoid giving out personal information over the phone, especially if you have been called out of the blue. If in doubt, hang up the phone and call the company back on a known, reputable contact number, such as one on their official website.

Incident two

Tom was looking for a job and found an advert for truck drivers on an online job searching website. The job was based out of Adelaide and appealed to Tom. He responded to the advert and received an email from what appeared to be the company he was interested in working for. They requested proof of identity and proof of residency in the form of a driver’s licence, Medicare card and/or passport and requested copies of these documents prior to his interview, which was scheduled for a week’s time. Tom attended his scheduled interview, only to be told by staff at the company that they had not advertised any positions and were unaware of the job advert. He was not the only hopeful applicant that attended for an interview.

Tom has since discovered that the ID he provided had been used to purchase several items in his name. He is currently working with his bank, companies and police to recover the costs and locate the scammers.

Incident three

Dave was contacted advising him of an amazing opportunity to invest in the gold trade. The caller went in to great detail, showing what is happening in the market currently and referred to legitimate websites as reference. Dave was impressed with what he was told and had done some online checks himself to see if they were the real deal; he couldn’t find anything untoward so decided to invest. He initially seemed to make a profit so went on to invest more than $37, 000AUD.

Eventually Dave was contacted by his bank in February, 2019 advising him he was being scammed and to cease communicating with the investment company he had been dealing with. The bank attempted to retrieve the funds for Dave, but was unsuccessful.

Incident four

Stephanie applied for a job advertised online as a virtual administrative assistant. She was advised that she was successful in winning the position and was provided with a Skype ID and a Bitcoin Wallet. Stephanie was asked to provide her personal bank account details, which she did. She was instructed that funds for the business would be deposited into her personal bank account, and her role was to transfer that money into the Bitcoin Wallet. Stephanie followed these instructions, believing it was her job to do so, but was never remunerated for her employment as promised. When she contacted the company to query it, she was advised she had been involved in money laundering and was threatened to keep doing what she had been doing, or they would expose what she had done to Australian authorities. Stephanie alerted police to the scam and was not prosecuted.

To make a report visit cyber.gov.au

Find out more about how this scam works from scamwatch.gov.au

Business/industry email compromise scams

RTD Paving sent out invoices to various customers requesting payment. They received notification that one of the invoices had been paid, but when they checked the business’ bank account, they found the payment did not appear on their statement. They contacted the customer to query the payment, to which the customer stated they had followed the email’s directions attached to the invoice. The email attached to the invoice directed the customer to pay the funds into the business’ ‘new account’. RTD Paving advised the customer they did not have a new account, and had not sent the described email. RTP Paving’s email exchange had been compromised, allowing scammers to intercept the email, modify the banking details that the customer received and direct them to pay the invoice into the scammers account instead.

To make a report visit cyber.gov.au

Find out more about how this scam works from scamwatch.gov.au

Business/industry ransomware scam

Teddies4Kids is a large not-for-profit organisation. Last month, scammers were able to gain access to their servers by using software that tried various combinations of usernames and passwords, until a combination was successful. Once in, ransomware was installed, locking the organisation out from accessing all of their information and data across multiple States/Territories. Teddies4Kids were ordered to pay a ransom by the scammers to have their data decrypted, to which they refused to pay. The organisation lost a significant amount of its data as a result, which affected day to day operations.

To make a report visit cyber.gov.au

Find out more about how this scam works from scamwatch.gov.au

National scams and cybercrime threats

Get the latest Australia-wide information from:

Protect yourself

General advice from SA Police

Anyone can be targeted by scammers – so always be on the look out.

Scammers can be very convincing, so if something does not feel right, do not be pressured into making a decision on the spot. They will often use the tactic of short timeframes to prevent potential victims from taking a step back and looking at the bigger picture.

Go to a source of truth – If you are not sure whether the person you are speaking to is who they say they are, hang up the phone and call back the agency using a phone number you know to be true i.e. from the phonebook.

Before you transfer money or share your bank details, discuss it with someone you trust or check cyber.gov.au to see if you are involved in a scam.

Remember: If it sounds too good to be true, then it probably is.

Secure your online devices and be safe

Secure your online devices such as your phone, tablet, computer and your information by following the handy tips on the staysmartonline website.

There are simple steps you can take as an individual, family and business to avoid becoming the next victim of an online scam.

Report it and get help

If you think you may have been a victim of an incident, report it immediately by visiting cyber.gov.au/report

You should also consider contacting your bank if you have shared your information or someone has accessed your account without permission.

Find out how to recover when things go wrong on the staysmartonline website.

If you are concerned that a loved one is continuing to send money to scammers despite family/friends' attempted interventions, you may want to consider applying for a Guardianship, Administration and Mental Health Application through South Australian Civil Administrative Tribunal

Download our flyers
Watch these videos

Related information

cyber.gov.au – Australian Cyber Security Centre - provides advice to individuals, small to medium business, big business and critical infrastructure operators on how to stay safe online and links to relevant reporting portals.

scamwatch.gov.au - This site has information about current trends, comparative statistics and useful articles and other advice about scams affecting everyday Australians.