The Optus and Medibank hacks provided Australians with a stark reminder that we’re all at risk from data theft and other forms of cyber crime, including scams designed to separate us from our hard-earned cash.
Australians made 286,000 reports to the Australian Competition and Consumer Commission’s Scamwatch service in 2021, and reported losses of $324 million. In 2022, those losses have increased significantly, reaching $381 million by September.
Malicious online activity has been on the rise around the world since the onset of the COVID-19 pandemic. As individuals began spending more of their work and leisure time online, cyber criminals stepped up their efforts to steal from the unwary, via phishing campaigns, identity theft and other digital trickery.
So, what can you do to protect yourself and reduce the risk of having your personal data or money stolen? Maria Papadoulas, Citi cyber security leader, and Ajay Unni, CEO and founder of digital safety consultancy Stickman Cyber, share some tips to help you outsmart online scammers.
1. Choose strong passwords
Passwords can be the only thing that stand between hackers and your email, bank and other online accounts. Yet many people don’t put enough effort into choosing unique letter, number and symbol combinations. Passwords such as 123456, qwerty123 or the names of your children or pets may be easy to remember, but they’re also easy for hackers to crack.
Get creative, Unni says. “Many sites specify a minimum eight characters, but you can go over that. Try using phrases like ‘5daysRun2work!’ that are quite complicated but not too difficult to remember.”
And however strong your passwords, they shouldn’t be ‘set and forget’. Changing them regularly – some experts recommend three monthly – will help you stay a step ahead of cyber criminals. And while it may be tempting to use the same memorable password across all your accounts, doing so is a mistake.
“Reusing passwords can allow a hacker to access your entire digital life,” Unni warns. “Choose a unique, strong password for each of your accounts.”
A password management app, such as LastPass, 1Password or Dashlane, can help you to keep track of your various log-ins.
2. Set up a PayID
Payment redirection scams are becoming increasingly common. Typically, hackers will impersonate a business or its employees and request customers’ upcoming payments be directed to a fraudulent account.
The PayID facility can help thwart these scams. It links an identifier, such as a telephone number, email address or ABN, to an individual or organisation’s bank account. Having this PayID in place allows people to validate that the account they’re paying money into is genuine.
It’s free to set up your own PayID, via your bank. Doing so makes sense if you want to receive electronic payments from people who aren’t well known to you, Papadoulas says.
“Having a PayID means you don’t have to share your bank account number and BSB with third parties in order for them to transfer money to your account.”
3. Monitor your accounts regularly
Unusual account activity can be a sign you’ve been scammed. That’s why it pays to enable alerts and notifications in the settings of your Citi Mobile® app.
“Choosing to be notified whenever a withdrawal is made from your account will help you to stay informed and take immediate action, should a suspicious transaction occur,” Papadoulas says.
You can also use your Citi Mobile® app to lock your card temporarily if you suspect your credentials have been compromised. This stops new purchases, without affecting recurring payments like direct debits.
4. Avoid unknown callers
Many scams start with a phone call. It may be from someone telling you you’ve won money or a prize, threatening you with a fine or the disconnection of a service if you don’t take urgent action, or pretending to work for a telco, utility or other trusted organisation. The end goal is inevitably the same: to trick you into handing over personal details, money or both.
Not answering the phone unless you recognise the number or have it in your contacts list is the surest way to avoid being sucked in.
“Direct these calls to voicemail so you can verify they’re legitimate before responding,” Unni says. “And if you do answer the call, don’t ever give away any information that’s personal to you, or pay for anything over the phone – tell them you’ll call the company back later to discuss.”
5. Use multi-factor authentication
These days, many organisations that interact with customers online offer the additional protection of multi-factor authentication (MFA). The term refers to a security measure that requires an individual to provide more than one proof of identity before they can gain access to their account.
Whether the company you’re dealing with has an authenticator app, an email or SMS verification service, a physical token or something else, if there’s an option to switch on MFA then you should always do so, Unni says.
“The enhanced security it provides makes it that much harder for cyber criminals who’ve gotten hold of some of your personal information to pretend to be who they’re not.”
6. Remain alert
Scammers can be persistent, plausible and very persuasive. Staying alert and informed is the best way to stay out of their clutches.
“The golden rule is, don’t respond to emails, phone calls or texts before you’ve thoroughly verified them,” Unni says. “Remain sceptical and scammers will find it much harder to take advantage of you.”
Remember that Citi Consumer Business representatives will never ask you for your account or online banking User ID and password or one time PIN via email or phone. So never disclose this information to anyone by phone or email!