Types of scams and fraud

An investment scam is where scammers convince you to invest in high return investments. The investments vary widely and may be in shares, real estate, bonds, mortgages, options or foreign currency trading, bitcoin, even betting syndicates and foolproof prediction software.

Scammers may claim to be bankers, stockbrokers, financial planners or other investment professionals, they may seem knowledgeable on investment matters and even send you links to legitimate looking fake websites and prospectus documents. Often the account name you are directed to pay differs to that of the investment company.

Online investment scams have been known to use celebrities’ names and pictures (without them knowing) to endorse their schemes.

Signs this may be a scam

• The return on an investment sounds too good to be true - Always research before any investment, fully understand the risks. Get independent financial advice from your accountant or financial adviser.
• You are told you can access your Super before you retire - It is illegal to access your super early under normal circumstances and the taxation office can apply penalties if you do.
• You are put under time pressure to invest or subscribe now - Do not act immediately. Check financial advisors are registered via the ASIC website.
• You are offered software that can predict sports or racing events or financial markets for high returns - Caution! No person or computer software can predict the future reliably.
• You are offered support to help you invest via remote access to your device – Do not download software or an app that shares remote access to your device. Scammers use this to access your personal and financial information.

Remember

• If it seems too good to be true, it probably is! Be suspicious of investment opportunities that promise a high return with little or no risk.
• Do not give your personal or financial details to unsolicited callers or reply to emails, SMS or advertisements offering financial advice or investment opportunities.
• Always do thorough research on apps, investment companies or advisors, and check for a valid Australian Financial Services Licence. Always look up the organisation's official information or website yourself, do not use any links you may receive via emails, pop ups, or advertisements.  You can visit moneysmart.gov.au to check the list of 'Companies you should not deal with.
• Do not let anyone pressure you into making decisions about your money or investments. Always seek a trusted second opinion.
• Install and keep security software up to date on all devices. Do not open suspicious texts, pop-up windows or emails – just delete them.

A business email compromise scam, commonly known as a BEC, is when a business receives a legitimate looking email, from a supplier or someone in their business, requesting an urgent payment, payment of an invoice to a new account or update of account details.

Scammers may contact you via a compromised email account, which could belong to a customer, supplier or even your own email account. Or it could appear to come from a similar looking address. A conversation may even be initiated by SMS.

Using these methods, scammers wait for the opportunity to trick you into initiating or redirecting large payments.

Signs this may be a scam

• You receive an email/invoice from someone associated with your business requesting you update their account number - Do not make any changes until you have verbally verified the request with the business directly, using a number you have sourced yourself. Do not use the contact information provide in the suspect email, call or SMS.
• A CEO, executive or senior manager requests an urgent payment, or payment to a specific account - Pause and verify. Always verbally confirm any requests for urgent payments or account changes, received via email, regardless of who the sender is.
• A supplier or employee advises you they have not received payment - Do not make any more payments until you investigate the payment history and emails, to check if there were any requests made to amend account details.

Tips

• Train your employees regularly on how to spot scams.
• Empower them to verbally question any request and check details are correct.
• Use multifactor authentication and dual payment approvals where available.
• Always verbally confirm any requests for urgent payments or payments to updated account numbers.

A remote access scam is when someone contacts you and as part of their conversation, requests you download software or an app that shares remote access to your device.

Remote access scammers are after access to your computer or mobile, which will enable them to see the information on your device. Once access is shared, scammers often coerce you to sign into internet banking and perform transactions. They may also use this access to steal your personal data or gain access to your friends and family’s information.

Signs this may be a scam

• Someone contacts you needing assistance to catch hackers, fix NBN or computer issues, help with secretive tasks or to provide a refund - Hang up. Legitimate organisations will not require your assistance with any of these scenarios.
• An unexpected caller is asking to access your device by downloading software (e.g. Team Viewer, Any Desk or Quick Support). They may ask you not to tell anyone - Do not follow their directions. Just hang up.
• A caller is asking you to logon to Internet Banking or share your Secure codes - Hang up. Never logon to Internet Banking if you are sharing access to your device. Never share your Secure codes with anyone.
• A caller asks you to make transactions, or 'refund' a deposit you see in your account and coaches you what to say to the bank - Do not make any payments or action any refunds. Always be honest with the bank so they can help protect your money.

Tips

• Never provide remote access to an unsolicited caller.
• Verify the call is genuine by calling the company on a publicly advertised number, not on a number provided by the caller or in an SMS or pop-up window.
• Never share your Internet Banking passwords or Secure codes with anyone.

A dating or romance scam is where scammers gain your trust by pretending to have strong feelings for you and then asking you for money, your personal details or to transport money or goods for them.

Romance and dating scammers are generally after your money, however they may also be after your personal information for identity theft or to unwittingly carry out illegal activities such as money laundering.

Signs this may be a scam

• They try to move the conversation immediately to another messaging platform like WhatsApp - Be wary. Consider the possibility this may be a scam.
• The person expresses strong feelings for you or love after a relatively short period of time - Be wary. Do an internet search of the person. If there is an image on the site, you can do an image search through Google or TinEye.
• They ask you for money, access to your banking or your personal details to help them out - Do not pay/receive money or give personal details to someone you have not met in person. Avoid emotions in financial decisions.
• They ask you to transfer money or deliver goods or packages - Do not do this. They may be asking you to carry out illegal activities like money laundering or transporting illegal goods.

Tips

• Never send money or give your bank or personal details to anyone you don’t know or trust.
• Never agree to transfer money or goods for someone else.
• Talk to someone you trust and pay attention to your friends or family if they are concerned about your new love interest.
• Do a reverse image search of the person’s profile picture to see if it’s associated with another name or with details that don’t match up – those could be signs of a scam.

Threat and penalty (may also be referred to as extortion) scams are when scammers threaten you with harm (physical or emotional), arrest, legal action, or other demands in an attempt to force you into handing over money.

They may claim to be from the tax office or other government agencies and threaten you with arrest, legal action or other demands to force you into handing over your money and or personal details.

Signs this may be a scam

• A caller claims to be from the police, a government agency or a company and threatens severe action, or even arrest, unless you pay a fine or fee immediately. - Do not pay. Hang up. Contact the organisation on a number you source independently.
• An email advises your online history, photos, etc will be exposed if you do not comply with a payment - Do not pay. Do not act on their requests or perform any activities that you may be asked to do. Notify cyber.gov.au/report.
• You are asked to pay an outstanding or overdue bill by gift or store cards, iTunes vouchers, wire transfers or bitcoin - Do not pay. Government agencies and trusted companies will never ask you to pay this way.
• You receive a phone call advising you will be deported if you do not proceed with the caller’s instructions - Do not act. Government departments will never threaten immediate arrest or deportation via phone or a recorded message.

Phishing is method scammers use to trick you into revealing your personal information such as passwords, account, identification details or credit card numbers.  Phishing scams could be emails, text messages, phone calls or online content.

Scammers often impersonate well known businesses that you are likely to deal with such as financial institutions, utility companies, telecommunications companies and government agencies.

They often take advantage of crises such as natural disasters or current events to try and trick you into entering your personal details. These could be bushfire or flood assistance packages or donation requests, or other time sensitive lures such as COVID-19 assistance payments, vaccination booking links etc.

Phishing scams can also take the form of fake vouchers or competitions, surveys, postal notifications, bills, account alerts etc.

Signs this may be a scam

• You are asked for sensitive personal or financial information - Do not give it to them. Ask for a reference number, then contact the business yourself separately on a trusted number to verify the call was genuine.
• You receive an email, SMS or other instruction to click on a link, pop-up, or attachment - Do not action this. If a legitimate business needs you to complete something, visit their website or log on to your account with them, by typing the address into the browser yourself. E.g. type www.bankofmelbourne.com.au
• A caller is threatening, applies time pressure, asks you to download software, or complete something in secret - Hang up. Do not act on their requests or download any software that they may ask you to.
• It just does not sound or feel right - Trust your gut instinct and separately verify the person, business or information given to you.

Identity theft is when someone has enough of your personal information to steal your identity for personal or financial gain.

With enough information scammers may be able to access your bank accounts, apply for loans in your name, take out phone plans or other contracts, buy goods in your name, access other private or sensitive information or even impersonate you to trick your family or friends.

Lost personal information also leaves you more susceptible to future scams or fraud, as stolen personal information is often sold illegally.

Signs this may be a scam

• You are asked for your personal information - Do not give it to them. Ask for a reference number, then contact the business yourself on a trusted number to verify the call was genuine.
• You receive an email, SMS or other message with instruction to click on a link, pop-up, or attachment - Do not action this. If a legitimate business needs you to complete something, visit their website or log on to your account with them, by typing the address into the browser yourself. E.g. type www.bankofmelbourne.com.au
• You receive a notification about a new banking, lending or financial service in your name - Contact the lender or service provider immediately. Check your credit report using a reputable credit reference bureau.
• Your mailbox has been broken into or you notice mail missing - Put a lock on your mailbox. Change to electronic statements. Shred any sensitive documents you no longer need.

Malware, short for malicious software, is a common method cyber criminals use to access your devices, service or network. Malware is often hidden in links or attachments, in emails or SMS, but can also be downloaded via malicious advertisements, unauthorised software installations or even infected apps.

Malware is used to gain access to your data which cybercriminals may use for financial gain. This data could be anything, such as your banking details, healthcare records, personal emails, or passwords. The possibilities of what sort of information can be compromised have become endless.

Viruses, trojans, spyware and ransomware are all types of malware.

Signs this may be a scam

• An email, text or other message asks you to open an attachment or has a link to an internet site - Be wary. Is it from their usual address something they would usually send, does it feel right, and does the link address look right?
• An internet site offers free software, games, music, movies or videos - Be wary. These sites may load malicious software onto your device.
• Someone contacts you unexpectedly and asks you to download software or access your computer - Do not follow their directions, download software or give someone access to your device.
• Signs you may have Malware: Your browser redirects your searches. You get frequent pop-up warnings. Your computer is slow.
  Take your computer to a professional IT technician for assistance.

You can help protect yourself and safeguard your devices with security technology:

• McAfee™ has partnered with Bank of Melbourne to offer you a 6 month free trial of its popular Multi Access program.
• Bank of Melbourne has also partnered with IBM® Security Trusteer Rapport™, an online fraud protection software – at no cost to you.

Ransomware is a type of malware that infects your system, personal or business data. You will receive an onscreen message that your files are now encrypted, with a demand for payment to restore access.

In these instances, cybercriminals are usually after payment to decrypt your files. Even if you pay the ransom, there is no guarantee they will unlock your files.

Scammers can pose as both buyers and sellers, to try and scam you out of money or items you might be looking to sell or purchase.

As a buyer, you may be tricked into paying for a product or service that may not exist or is never delivered. These are also known as online shopping scams, classified scams, health and medical product scams, mobile premium services scams, or psychic & clairvoyant scams.

As a seller, you may be tricked into believing the buyer has paid in full or even paid over your advertised amount, including sending falsified payment receipts to support their claim. The buyer may request a refund for overpayment or reimbursement for out-of-pocket expenses, or you later find the amount was not paid into your account.

Signs this may be a scam

• They may advertise on legitimate sites but ask you to pay for them outside of this site - Do not pay. Verify if this is real by checking reviews, doing internet searches, viewing goods in person, and always using secure payment options.
• You are asked to pay upfront or by unusual payment methods - Do not proceed, it’s likely they are scammers. Do not provide an up-front payment to a stranger via money order or wire transfer.
• You receive an invoice for items you never ordered or from a company you do not know - Do not pay. Contact the company on a number you source – never use the number provided.
• You receive an email or text confirming that a payment has been made - Do not rely on this as confirmation. Always logon your account to confirm funds have been received.

Job and employment scams target people looking for a new job or a change of job. They often promise a lot of income (sometimes they even guarantee it) for not a lot of work.

You may be offered a job that requires an upfront payment for training, materials or stock and the job does not exist or you are unable to earn enough to recoup your investment.

The fake employer may steal your information by requesting things like a copy of your Driver’s Licence or Passport, as part of the application process.

Signs this may be a scam

• You are requested to pay for training, starter kits or have been asked to provide extensive personal information, prior to starting your new job - Do not act. This may be a scam leaving you out of pocket or your identity stolen.
• The job requires you to find other investors/employees to make money - Do not engage. This may be an illegal pyramid scheme where profits are mainly made from new people joining the company or system.
• The job pays a commission to make transfers on a client’s behalf through your own account, cash, wire transfers or crypto currencies - Do not do this. This may be money laundering and is a federal crime punishable by imprisonment.

An unexpected money or winnings scam is when you are asked to pay money up front or give your personal details to receive money or a prize. These scams are also known as inheritance, Nigerian prince, rebate, scratchie, travel prize, lottery or unexpected money scams.

Signs this may be a scam

A person contacts you with “authentic” looking documentation saying you are owed money, an inheritance or have won a prize - Do not give personal details or pay money. Research details on the internet or only call numbers you trust.

Card skimming is the illegal copying and capture of magnetic stripe and PIN data on credit and debit cards. Skimming can occur at any bank ATM or via a compromised EFTPOS machine.

Captured card and PIN details are encoded onto a counterfeit card and used to make fraudulent account withdrawals and transactions.

Fraudsters can attach false casings and PIN pad overlay devices onto genuine existing ATMs, or they can attach a camouflaged skimming device onto a card reader entry used in tandem with a concealed camera to capture and record PIN entry details.

How to spot an ATM Skimming Device

Before you insert your card into any ATM, take a moment to check for evidence that the ATM has been compromised with a skimming device.

The three areas to inspect are:

• ATM casing
• Card reader entry where you insert your card
• PIN pad buttons you use to enter your PIN

What to look for

ATM casing

• Foreign objects attached
• Evidence of damage or tampering
• Panels that don’t fit snugly together
• Holes in the casing panel may indicate that a camera has been inserted

Card reader entry

• Any object placed over the card reader. A skimming device is often piggy backed onto the existing card reader.
• Card entry slot not straight
• Glue or tape residue around the card reader entry

Keypad

• Keypad is loose and not fitting flush with the rest of the ATM
• Keypad is a different colour to the rest of the ATM

If you see any of these signs on an ATM immediately report it to the financial institution and/or your local police station.

A foreign device is implanted into an EFTPOS machine that is capable of copying and capturing card and PIN details processed through the machine.

A compromised EFTPOS terminal can only be detected by a physical inspection. However, you may witness suspicious merchant behaviour that needs to be immediately reported to us:

Examples of suspicious merchant activity

• Your card is taken out of your sight to process a transaction
• You card is swiped more than once
• Your card is subsequently swiped through a second EFTPOS terminal

Find out how we protect you from card fraud.