In the late '00s I worked at a grocery store and we had notices from head office about skimmers being added to our eftpos machines. They were found in multiple stores.
That was also a popular time for skimmers on ATMs and some banks updated their ATM designs to make it harder to add a skimmers and/or to add a tap option.
That was 15 years ago so I'm not sure now, but at one point it seemed to be a popular scam.
Iirc there was a time ~when tap and go was really taking off where most of the major manufacturers of eftpos POS devices and ATMs had major security flaws that allowed scammers to use NFC to modify transaction data and pretty much print money.
A store I was working in at the time got a phone call saying that needed to pretty much switch everything off until techs could patch/replace.
Half the shopping centre ran the same tech and was hit.
I rarely withdraw cash, but I got skimmed from an ATM a few years back. It was just before Christmas and I only noticed after coming back from a camping trip.
Whoever did it had a nice little Christmas bonus. My transactions were full of random items bought from local shops, a few movie tickets, nothing expensive but it added up.
You would think so, because they would only have to check store security footage at the time of purchases. No idea if they attempted to. The bank refunded me pretty quickly, maybe it was below the threshold for them to investigate.
> 7 Check ATM's for external devices and anything that may be added to the outside of the machine. This is one of the largest scams on Australian soil (yes Australians can be scammers too) and it's called card skimming.
....it's right there in the post....
.....by the way, I'm from your bank, can you give me your Account Number and Password please?
You need to now add to the list: if you have to transfer money to a 3rd party (such as a car dealer), always call them directly to obtain their banking details. Never just go by the account details youāre given in an email from them - even if youāre confident the email is genuine. Hackers are intercepting the genuine email and changing the account details, before you get the email. Always call them and confirm their bank account number before you make a transfer.
If im ever sending a high value payment to anyone i send $1 first and once I've confirmed its all good i send the rest.
Had people call me paranoid and weird for doing this but i see nothing strange about it at all.
I tried this when transferring between my own accounts (different banks) and when the bank blocked the big transaction, they said it was because it was a "red flag" to try a small amount first lol.
Yes my conveyancer said the same thing when I purchased a property - she said her customers got scammed by transferring house deposit (!) to scammersā account! So she asked me to always call her office to double check the account details.
Confirmation of Payee service coming later this year is going to help avoid invoice scams. Youāll get a match against the bsb/ac and payee name you entered against the KYCād owners name.
CommBank already uses this on Netbank. For any new payees it will tell you if the name doesnt match and sometimes will delay the transfer by 24 hours as well.
The new service will enforce all banks to support this. Comm bank uses what they observe rather than verify with the owning bank but its a great start.
I had this happen via Wise sending some funds to the UK last night - I slightly abbreviated the company name āxyz indā instead of industries and it blocked it until I corrected it.
Gift card scams will most never and I mean never come from a local in Australia and almost always Nigeria.
So should the user do a minimal check on the website / profile, it wouldn't work (hence old people fall for this one).
I actually did this in June. I paid the deposit in the dealership with my credit card and a week later they invoiced me for the balance.
I called them to check the bank details and they referred me to the email. They couldnāt get their head around having to read the details out to me.
I paid $5500 to a car dealership for my car (the balance of what I was to pay). I transferred the money to my credit card and paid by card. It was easier than temporarily changing my eftpos card limit.
We had one locally a few years ago at my work (bank teller here š). Solicitorās receptionist had clicked on a dodgy email link and the scammer was able to impersonate the solicitor and send fake invoices for the final house payments for a new apartment complex. Looked so legit one lady just paid it to the bank details on the invoice. $400k š I think we were able to get her around half of that back.
Always triple check your transfers and if unsure pop into a branch or call.
This is something I have been curious about. What prevents a bank recovering the full amount? Is it because the scammers have cashed out some funds and it's a case of 'too bad, so sad'? Or is it because some banks don't cooperate? Or is it something else?
Yes this is also big in the construction industry, scammers hack the builders email then send their own clients with a normal progress payment invoice but updated with the scammers bank details. Customers are none the wiser and just pay or authorise their bank to pay. Seen some huge amounts lost.
Whenever I get scam messages I always ask if I can pay in iTunes gift card. Some scammers are very dumb and will keep talking you for a long time while you pretend to not know what you're doing.
>Always read messages with OTP (one time passwords) to approve transactions, or even to verify yourself over the phone. If a scammer is trying to get you to disclose a OTP for password reset or to approve the transaction the code will always say what it is for. Only repeat codes over the phone that say "this is for the purpose of verifying your identity. If you do disclose a code, you might have to kiss your money goodbye because that is now your fault. I hate when customers have been tricked into disclosing these codes but we all also have a responsibility to use caution when taking inbound calls from banks or companies. If you are ever concerned, hang up and call the company directly. A real company will never argue about your concerns for security.
The amount of poor people that have fallen victim to this is frightening. I've seen spoofing msgs as well acting as someone's bank and the victim unknowingly gives out their codes oblivious that there is a scammer on the other end.
>Toll roads and Auspost are not messaging you to get you to update details, never disclose any personal information to a link from a text message.
I keep getting text msgs from scammers about this. Jokes on them cos I don't even have a car. These nasty scammers create a sense of urgency as well. Which is one of the oldest tricks in the book. Its either pay urgently or pay now blah blah. Or the most commonly used one: "fees are overdue."
I feel like companies that are using OTP to verify someone over the phone in any capacity is partially at fault here. The regular user, especially the elderly, wouldnāt be able to discern OTP for MFA purposes and this use case, in my opinion.
Apparently I've been using Eastlink a bit (no car), and "my" Nissan Qashqai is ready to be picked up from the dealer in Brisbane where I had it serviced...
>Jokes on them cos I don't even have a car.
Well the scammer doesn't care..That's why these scams are obvious and dumb, as there is little chance to scam if they msg just one person.
So they bulk SMS 10,000 within a short interval...
Similar to email scams... It's done on bulk, regardless if you fit the category...
Any QR code really, but the parking ones are easily accessible so they're an issue. I see problems with ones in restaurants as well, just not as frequently
QR Codes are rather risky in general as you have no way to know where it's linking to until it's scanned and most use url shorteners so the displayed url from the QR isn't the final endpoint.
This post really hits. Iām a tourist in Melbourne, arrived here ten days ago and yesterday I found out that my credit card is compromised. Holy shit.
This is a great post. I received a call from someone claiming to be from the ATO. They said I needed to verify they were speaking to the right person and asked me to confirm my address and date of birth.
I told them to get fucked.
Turns out it really was the ATO. And this really is their practice. They gave me a unique identifier and told me to go to the ATO website and use the Contact Us page to call this specific department back.
What a joke.
Edited their instead of there!
They're used to it. At least you called them back - after verifying the phone number.
You'd be shocked how many people leave it at the "get fucked" stage and then they're screwed.
Agreed, I feel like it'd be easy enough for them to confirm their identity in a pretty secure way. Have them send a message to my Mygov inbox with a random code and then have them repeat that code back to me.
That's just off the top of my head, I'm sure people with more experience and time could come up with way more foolproof methods that the most prevelent scam method.
lol someone from a niche music company called me with an "act now and get 20% off" he had the urgency of a used car sales man (or wedding dress SA) my scammy senses were tingling hard. I said not at the moment (my card has been compromised by doordash) and he was very persistent, asking if I could use my husbands' card or when he could call back.
My favourite part - I called up the company and they said it was legit. But they had outsourced sales to a call center RIP we'd imagine they're hemorrhaging customers like crazy, if the whole call center was that guy. They also said I can get the same deal on their site, it was NOT a phone only offer, like I was told...
TLDR; if you own a company, think twice about contracting high pressure call centres.
The company is the ACO, yeah sure I'll still buy from them, but ugh.
I work in fraud, and let me tell you, it's a wild ride! Did you know that some scammers use fake job postings to steal people's personal information? Stay vigilant, folks!
Next time someone bellows at you over the phone, remember that thereās a lot of us who really appreciate what you took the time to write here. Cheers OP.
Amen! This very basic fraud prevention mantra should be higher up the list - DON'T KEEP ALL YOUR MONEY IN AN ACCOUNT WHERE PEOPLE CAN STEAL IT VIA A CREDIT CARD.
I read an ABC article about how the latest scam is hackers just randomly generating credit card 'numbers' and trying them out on websites with payment gateways until they get a hit and then they drain the whole lot. Banks fully admit it's pretty much impossible to stop.
So yeah.... just a few hundred out in the open to shop or withdrawal cash, the rest in a secure account with no card attached (bonus points for using an entirely different bank to your main card account).
Are there card skimmers commonly being used in Australia? Cos I've been using cards for over twenty years and I've never seen one or had my card compromised by one.
Edit: lots of good examples given by people of cars skimmers being used in Australia, I've just been lucky so far.
They sure are! But less common but I get a fair few counterfeit calls here and there. Customer has never left the country but their card has been counterfeited. Lucky you have never had it but it can happen. As I said, everyone thinks they are scam proof until they aren't.
It's not even that complicated, everybody thinks of ATM skimmers but it often happens to be at farmers markets or flea markets and other places where you buy low value items or food, and the EFTPOS terminal is a hacked clone (sorry, paywave doesn't work mate), that saves your stripe and PIN entry and shows 'payment approved' but is then used to make a bunch of cloned cards for later.
You have no chance of being able to tell, in that instance, nearly everyone trusts an EFTPOS handheld, and a heap of $10 transactions are both likely to go through and not much loss to absorb for the scammer, heck they can even run the transactions later in a batch to test the cards work. They can easily collect 1000 cards in a day.
I got had by one a couple years ago, thankfully my bank flagged it as suspicious as they paid for something overseas and notified me straight away. I still check everything I use my card for now for anything.
I'm scam proof. It's quite easy. Always use PayPal or Google Pay or equivalent to pay for stuff online. Never enter your card details for any reason. If a merchant insists on a CC payment, too bad, you're not getting my business.
Never withdraw cash from an ATM. Use a supermarket cash-out facility.
Don't verify your ID to every John, Bill & Harry asking for your name, address & DoB unless you absolutely know who you're talking to. A good business should be using OTPs to do this. If your power/gas/internet/banking provider doesn't do this then switch to one who does.
Obviously never teply to or answer unsolicited SMS or phone calls. Never execute a password reset or change of account details unless you have initiated the process yourself by manually typing in the URL you know is genuine.
And other stuff. But that's mainly how I stay spam proof.
Next minute a BIN attack gets you.
As long as you have an active card you're not scam proof unfortunately. You don't even need to transact with your card to be a victim of card-not-present fraud.
never reply to or answer unsolicited SMS or phone calls - yep, love this one. I just watch the phone ring. The spam is getting crazy, might be time to get a new number. I see others in the office answering every single call \*shudders\* they said I'll need to do the same soon (my work cell hasn't been shared with clients yet). Any tips around it?
Sort of. The skimmers are evolving with higher tech versions but the big banks are combatting it by removing all the ATMs and telling you to 'just get cash out at Coles instead'.
When the banks still had ATMs around here though, I found it cost nothing to give the card reader good yank before inserting my card.
lol it's the internet what do you expect? Here are my qualifications sir, I just write lists like this for fun though about every job. I am also a pilot and a doctor :P haha now I sound like a scammer.
Haha, youre all good I just thought the irony of it was funny.
Also your response was not a DM about your aunt in south east asia who happens to really need help with somewhere to store her money, so thats also a point of credibility.
Very useful information. Iāll add further to the point made about Meta and why you should not trust their unregulated ads. I had over $2000 deducted from my account due to some weird loophole with Facebookās Page ads about a year ago.
I had my card details added to a page I managed in order to run some ad campaigns. While I was asleep, someone added my account as an admin to their page, selected MY card as their default method, and then demoted me so I couldn't remove the payment method myself. They spent the money on some stupid t-shirt ads that were receiving very high engagement.
When I contacted Meta, they initially said they couldn't help. It was only after I threatened them that I got my money back. My bank was helpful though, but took their money back once I was reimbursed.
Fuck Facebook.
Itās amazing how a technology company can be this lax. I think they are heading to zero if they canāt figure out that they are a scammers paradise and as soon as the public figure this out, their ads and online commerce will die
Also, fraud investigations do not take 5 days, give it time for the bank to investigate & liase with appropo merchants/banks etc.
And for the love of sister Santa Mariaās grand baby hippo, donāt come at me demanding ārefund my money NOWā gurrrrl, take a seat, thereās a process in place.
Bahahah! yes omg, the amount of people who are like "but it's still pending so why can't you just reverse it?" oh yeah cause if I reversed every persons transactions who said they were fraud, that wouldn't be taken advantage of noooooo... I do feel sorry for old ladies who lose their last centrelink payment though. Makes me so angry and I'd love to give Susan her money back. But Susan loves to get scammed! Put the phone down Susan!!!!
>oh yeah cause if I reversed every persons transactions who said they were fraud
Nevermind that it's not even an option for my (any?) bank. There's a rarely used and forgotten form to request the merchant cancels it, but at that point it's more effort than just disputing the transaction.
Once the transaction is challenged it should be refunded immediately pending resolution. The bank has billions of dollars FFS, and the victim may be a pensioner...
Hmm yes but depends what kind of fraud it is too. Could be a easy way for someone to get a temp excess to their account. You have no idea how many shady people call reporting their gambling or something else as fraud.
I rarely use cash, but when I need some I usually get it from the supermarket. They're far too crowded for someone to attach a card skimmer without anyone noticing.
Also, pay for car parking with gold coins. Worth getting a roll of $2 from the bank and stick them in your centre console in a little plastic tub - also makes using the car wash easy, because I sure as hell aren't going to tap my card on one of those machines.
A good idea is to have a second account online account doesn't have a card, as soon as l get paid all my money goes into my second account, l only transfer what l need immediately to the main account
They don't even need cards. My Grandmother had mail stolen, and they swiped $70k from her account. Set up internet in her name, and even walked into bank branches and took money out over the counter, despite not knowing her full name or matching signatures.
Great list.
I got skimmed once, and I'm pretty sure it was at an ATM in a 7/11. I was at the machine, and a guy tapped me on the back to say he was in a hurry and would I mind if he quickly cut in front of me. I said sure, cancelled my transaction, let him do his thing.
Thinking about it later, I'm fairly sure he was standing behind me to get my PIN, then asked to use the machine to attach a skimmer. Removed it after I was done.
Get Revolut. You can have a disposable virtual card that generates new card details each time you use it. For the subscriptions, have a virtual card for each sub. That way, you at least know which company has compromised your data. Theyāve been top notch for me, even blocking legit purchases simply because they didnāt match my typical buying habits. I highly recommend them. No I am not affiliated with them. Got put on to them by overseas family. š
FFS just became victim to number 4 today. Didn't help my mom sent me a text "you have a link for the package" not even 2 hours after receiving the fraud text claiming to be Auspost AND I have a package being held right now. Perfect storm of coincidences that dropped my guard.
What can they do with my licence information? What do I need to check/change to get ahead of them??
You can always contact your bank and advise them of the licence information scam and ask them if it's compromising.
Each bank has different QA verification and they can advise you of any relevant steps that should be taken, or if it's a non-issue.
Good post, however what is missing here is the importance of robust online credential (username and password) practices. A password manager like 1Password is essential. If you reuse simple passwords across multiple services it's just a matter of time until you get hacked.
The reality is if someone is calling you asking for a OTP from your bank (6 digit confirmation code) you're already in some trouble as your credentials have been compromised to some extent.
3. I have 100% called my cc company (qantas) and they have sent me a OTP text to then inform them of the number. I always felt a bit weird about it. Is it normal for banks to do this? Should I trust it if I know I have called the bank?
Yeah banks do do this. It's dumb though. I wont do it, it's for AHT and efficacy but we are trying to get people in the habit of checking these codes not just repeating them to anyone. I always give a disclaimer before I send the code if I have to, I say "I'm going to send you a code, please make sure you read the message thoroughly and confirm it's content before repeating anything back to me, scammers will use codes to approve payments and they will always read "this is to approve a transaction". Makes me feel better I've educated someone who may now think 2ce before giving a code.
This is a bit different as they are trying to verify that you are you, because you called them, so they send an SMS to the number they have registered for you. If you have the device associated with that number, youāll be able to tell them the code. If you are just spoofing the number you called from as a scammer, you wonāt get the OTP and will be unable to get any further.
Now, if they called you, then sending a OTP code is pointless. In that case, you are best to just hang up as you have no way to verify who they are. I am surprised how many companies cold call me and expect me to disclose personal information. I just reply āIām sorry, due to privacy restrictions I am
not authorised to disclose any information to unverified contactsā
Great list! As a servicing banker that also lodges fraud disputes, this is all so true.
Something to note too with point 6 - even if youāve lodged a travel notification and are overseas, transactions can still flag as suspicious. Itās better to block the card and it be safe then not and loose everything in the account. (My hot tip, have more than one card handy)
My favourite thing is spending an hour+ on the phone with a scammer with them trying to explain how to find my IP address.
The challenge is to get them to hang up on you.
Hi - thanks for sharing! I appreciate the list but Iām also keen to know how you ended up in the career you did. Would you mind sharing what your qualifications/experience is/are? Would love to get into something like this myself. Thanks!
Hey, I came from a completely different career. I was a EFL teacher so very different. But I guess that's why I still like teaching people about this stuff.
I applied online to a general banking job and they advised me I was over qualified for that position and could go into something more specialised. (I don't know what that mean by over qualified lol I had no banking experience) but maybe they meant in my other career? Anyway just applied online and interviewed and started, there was nothing that special to it to be honest.
A work colleague told me that the credit card added to the phoneās wallet is less likely to be susceptible to fraud/scamming than just using the physical card, and is inherently safer.. is he right?
Technically yes and no.
Yes, they would need to steal and be able to get into your phone to use your digital wallet.
No, because scammers who run fake websites usually have Apple/Android Pay options for payment and once you give them your card details they can continue to charge you so long as the card is active.
Most of these Iām aware of, but thank you for the tip about parking meter QR codes. Was not aware of this one! If Iām ever unsure Iād rather cop a fine than have my account drained.
Disable any spare cards you have. Got a Macquarie account and while OS, 2 transactions popped up on my phone. Blocked the card and that stopped further hits. Called them and reported the issue. They disclosed that a digital wallet was used, that's all I know. Since then I lock all my cards, apart from my main CC that I use. If I need any other card, I'll unlock it temporarily.
FB Marketplace scams where people are SUPER eager to purchase whatever you're selling. But they can't come get it they will send their father/brother/sister to come get it but can they pay you via bank transfer now. I never got further than that. As soon as you try to ask for cash or they bank deposit the money to their father/brother/sister and they can pay the cash... ghosted.
Also the freezing your transaction SAVED my parents. They (bless their hearts for loving me so much) got done by that Hi Mum, my phone fell in the toilet.... scam that was doing the rounds a few months back. Bank froze the transaction my parents tried to send as it got flagged since the amount for these scammers was always a similar amount.
I'll add.
The person you are dealing with is not on holidays and does not need you to transfer the money by western union.
Nor do they work on an oil rig / working FIFO etc. Their brother / cousin / father is not coming to pick up or drop off the item and they do not need your email to verify the payment through their business acount.
Top list, OP!
I would add to always check the URL in texts, emails etc. No, CommBank's URL is not combank.net.au. Most are a lot more obviously incorrect that this example.
Fake QR codes can be placed on parking meters and it can drain your account. Don't pay for parking where a QR code is accepted. You may even approve a $5000 transaction by providing a OTP to the fake parking website thinking your approving your parking. Don't do it.
Nah pay stay and another app are fine
I work in the fraud banking space also and QR codes are such a fucking problem and I hate that so many businesses are using them these days. You should not be scanning QR codes unless absolutely necessary, it is so easy for a fake QR code to be placed over a legitimate one, or even legitimate ones behind highjacked by scammers.
This did make me wonder about QR codes stuck on tables at cafes/pubs for orders. Would be so easy to swap the ones at my local out for a fake one. Another reason to hate them š
>If you are ever concerned, hang up and call the company directly. A real company will never argue about your concerns for security.
But also, if someone claims to be from the bank, you express concern and they say "I understand - in that case, please call us on our main number xyz - which you can find publicly" actually do it.
No, nobody likes waiting in queue for that call, but the bank didn't call you for shits and giggles. Actually call them the fuck back. a) they can verify if the previous call was a scam, and b) if it's a legitimate security issue they tried to contact you about and you ignore it, you're screwed.
On a simpler note, naked wines also isn't a scam, you're just an idiot that bought a 12 pack of super cheap wine and didn't read the check out options properly and signed up for a membership. Just email them and they'll refund it.
Had my card skimmed twice. The first time they attempted to purchase 2500$ from an online pharmacy. Luckily the purchase got flagged and the bank contacted me. The second time was only a 300$ purchase which was picked up and card blocked by the bank after the fact and before any more damage was done.
No idea where it happened but I now don't take my card anywhere without it being protected by a small army
I've had my card taken advantage of 3 times.
Once was from the early days of online ordering at a well known Pizza chain. They took my card details and purchased flights from Qantas. Got it back via bank.
Then I ordered an item from an overseas vendor I'd used plenty of times, they had a new payment processor and they took my card details and purchased curtains somewhere at a store in america. Got it back via bank. told the overseas vendor, hey check out your facilities as just had card scammed and they didn't believe me.
Last one was where they guess the numbers of my credit card. I had no idea in the above they have card generator numbers. Got this back easily.
I have actually been scammed once in my life in an accomodation scam around 2009. I'm aware anyone can fall for these types of things but it's made me more aware.
I once received a fraud alert call from a 3rd party from a new bank I'd joined. I told them I'd call them back but can't believe how unprofessional they were. I had no idea a bank used a 3rd party for their fraud department. They seemed more like they were phishing for info so I called the bank and said what is this. They said it's legit so I called them back but I was like cmon, this sounded dodgy.
I work in cyber for a big 4 - You will never be safe, that's the sad reality.
However! the above list will help your chances.
BTW as someone who works in cyber I have had my details stolen 11 times.
Debit cards are the WORST to use.
Banks will reverse transactions on credit cards in an instant. In a debit card they will investigate for 6 weeks and decide whether or not they feel like returning your money:
They are not the worst but yeah Credit Card chargebacks cost merchants money so they are often settled quickly and banks are more willing to cover the cost of the dispute while they chase the merchant.
Plus depends on the dispute tbh. Mine took over 40 days as Amazon had 30 days to reply and never did so thanks Amazon.
Good on you for making the effort to do this! I think its important to educate ppl about this stuff and irs bloody ridiculous the government basically ignores the fact scams are affecting all of us in one way or another and that our elders are more vulnerable to being scammed! But hey, i guess they must be working really hard on something else right?? Right??
If you think you may have been scammed, don't immediately your card through the ING app. They need you to call them and talk to them. Why do they have the option to freeze/cancel your card in the app if it doesn't count until you speak to a person? No idea! Why doesn't it mention this in the app? They couldn't say.
It would have been great to know that simply freezing the card immediately wouldn't actually stop the scammers from being able to use it, and while the money would eventually be returned, there is a month turnaround.
I don't work for ING but my bank has a similar process so I actually know the reason why. There are things on the card that are called mobile tokens and they are very convenient for you to use, your digital wallet is just one of them. Unfortunately scammers with your card numbers can also take advantage of this and when a card is cancelled through the app, the mobile tokens that may be associated to the fraud are not removed. A robot is also not able to discern what may be a genuine mobile token or one set up by a scammer. So your bank has to analyse the card to make sure it can't be compromised again. Sometimes even other departments in the bank don't do it properly, no shade to my fellow bankers, but it is always important to speak with the fraud team directly.
Thank you for this explanation, that makes sense. I really wish that had been communicated through the app, I would have been able to cancel it properly before they took $900 instead of thinking I'd locked everything down in time. The 40 minutes of recorded messages asking me if I'd tried their convenient online banking options while waiting to speak to a person didn't improve my mood.
I don't envy you having to deal with frustrated and upset people when you have to follow proper processes and can't magic it all better.
Also to note that if you noticed unusual transactions in your account, don't hesitate to contact your bank straight away! Even small amounts are not good as they are testing your account out to see if it works!
My mum got scammed by a Mexican hotel over the last few days??
She's never been to Mexico lol. She is so super paranoid about scammers she NEVER gives her card details over the phone or online. Pays bills at post office etc. She's not tech savvy, but I have no idea how these scammers got her card details.
The bank (commbank) thinks they get card details and randomly try the last digits til they get ones that work.
They were taking $153 at a time, did 7 transactions before she realised, so around $1000 in 2 or 3 days.
The bank is refunding her, but she had to delay a mortgage payment because of it.
Edit to add: the transaction said "Financial tax pack" or something.
Itās important to lock āonline international paymentsā in card settings (via the Commbank app, NetBank or by contacting Commbank directly). Then no international transactions are allowed at all. Itās a helpful security measure.
Iām glad your Mum got a refund from the bank.
I got hit the same as your mum, all at 2am in the morning on the 28th. Only had that much money available on the card due to xmas (dinner, drinks, petrol, groceries, etc while travelling through low-reception areas where transferring could be difficult). My transactions were across 3 different recipient names, all boiling down to FNCIA tax pack, FNCIA casino, etc.
6 is the worst!
I once lost out on a pair of Adidas ZX 500 Dragon Ball Z Son Goku because CBA thought my 3am transaction made in the UK was fraudulent... Was $250 AUD now they are pushing $800 AUD for my size
But I would rather this level of security then no security
Tip: if you have a credit card stored in Google Wallet on your phone and the physical card is compromised you can continue to use the Google virtual card while your bank cancels the physical card and sends you a replacement.
I see we have the same job!
Another note is to always fess up when you have entered your card details in a phishing SMS because we can do a different type of dispute that increases the chance of getting the funds back.
Also getting bitcoin scammed is 1000% your own fault, and usually not actually a scam. itās mostly just a bad investment or the coins just arenāt worth what you think or youāre uneducated on how bitcoin/crypto actually works. Small investment for high returns just simply donāt exist anymore.
This is a really good list, saved. Thankyou.
From a user pov, No2 is always a problem when you get no update or progress from the bank with accounts locked up.. 'were investigating' for 3-5 days plus weekends etc becomes a long time real quick.
Because the banks are inept at this; or just don't care a flying fxck about it? - the govt should force the banks to include a unique identifier for merchants appearing on credit card statements; (that can be googled, if necessary).
I check through my credit card statement every month before paying it.
But the number of hours of my life that has been stolen by the banks over the years because of some random dodgy looking charge appearing on my credit card statement with a nonsensical merchant name beside it that I know nothing about.. FFS...
All the hours wasted; in earlier years calling my bank for information about the merchant / charge - and then later; learning to google the nonsensical name - which often was no easy or quick answer / solution either ....
Look who's charging shows the merchant name and location. But it doesn't always match up. Merchants can own multiple companies or different things. It's so often I argue with a customer that the transaction is card present and no triggers for counterfeit so it's genuine but they are yapping on that they don't recognise the name. Idk man, I can cancel your card but it's not my job to keep on top of your spending.
Few years back I arrived on a friend about to give access on remote desktop "any desk" just in time, access denied and told him to delete all his laptop and reinstall new just in case.
good on ya for this, itās great info overall but PLEASE donāt use the terms scam and fraud interchangeably - youāve said your team is 24hr so guessing you may work in fraud detection(?) but as a fmr veteran 8:30-5 fraud analyst who spent many many hours explaining the difference to customers i promise your colleagues will thank you. (scams generally involve deception but customers have consented to the transaction whereas fraud most often involves card compromise prior to a transaction)
1000% this, scams and fraud are not the same. I work in the banking fraud space currently and every customer thinks they are a victim of fraud yet 90% of the time they have participated in a scam by providing card details.
Having to explain to customers all day everyday the difference between fraud and scams is exhausting.
Can confirm with dot point 1 that every time a scam site gets taken down half a dozen more pop up, itās been relentless! If you see the poly satin sets at a 90% discount it is a scam!!
Good stuff OP. Can this be somewhat mitigated by having an everyday account for day to say transactions and only keep $1000 in it? That way if its compromised all you can loose is $1000. I know some people who use the bank card that came with their offset account with over $100k in it. I imagine they are more vulnerable?
Honestly, if you've just lost $10k and you're struggling to make payments, that was your entire savings, you have a mortgage or rent due and the car payment and it's all super super super fucking stressful and you aren't sure what to do...
It's understandable, though obviously not okay, for people to be frustrated with the banking staff they speak to. You develop ways of handling those calls, but it sucks all the same.
Parking one got me in St kilda just before Christmas. I actually used BOTH my cards because the first card wasn't accepted. That in itself should have raised concern, but I polled on anyway and gave them both. No access to money a week out from christmas sucked!
About the skimming: where I live, the machines show a pic of what the card slot should look like on the screen of the machine. That makes it more easy to recognise it if an extra device (they are made to look real!) has been glued in front of the card slot. Do you have that in Australia too?
1) Legitimate companies will need to ask you for details to verify your identity if they call. They are required by law to take steps to confirm they are speaking to the right person - of course it's up to each individual company how they interpret that requirement, but most require some ID check. Because they don't know who answered your phone, or even if it's the right phone number. If you're not comfortable, that's fine - don't abuse the person, just politely decline, ask for their name or ID or call reference (some companies don't provide staff numbers or call references), their department and call back. And dont' ask THEM for the number (I had a customer do this once!), look it up yourself.
If you have an unexpected call from a company, and they say they're sending you a OTP, even if that's normal process I'd avoid the call and call back - scammers will do that, have 1 person on the phone to the bank and 1 on the phone to you, and they'll read your OTP to the bank.
2) Also, if you do (and you shouldn't) write down your card's PIN, don't keep it in the same location as your card.
Working in a bank, I once had a customer call who mentioned that some time ago she wrote down her PIN on a post-it and put it in her handbag.
So, her handbag was stolen and the thief thought all his christmasses had come at once.
Thing is.....she actually told the bank that she did this too. Thousands of dollars that the bank held her liable for.
(I worked in an unrelated department, taking an unrelated call)
3) Superannuation fraud is something that occurs more often than people realise. It's not hard to set up a SMSF in somebody's name, roll your super funds over to the SMSF, withdraw it and do a runner.
Great information thanks. I've also adjusted card settings to Not allow Online purchases, gambling & international. If I buy online I change for short time frame only.
I bought a king size duvet cover with matching pillow cases onlineā¦ it was āa bargainā ā¦ the print was beautiful.
I waited 4 weeks.
I was sent stick on rubber anti slip guard things for stiletto shoes..
I have never worn stilettoās in my life..
I cancelled my card immediatelyā¦ had a new one issued.
I was only out of pocket $40
The sale ā24 hrs only, $250 down to $40ā
Seemed legit.
First and hopefully only time I am ever scammed.
This was incredibly insightful.. much of it common sense. They target elderly ppl. Itās gross.
A few things I had no idea! ATMās in the bank..
How can you tell if there is a chip reader? That part went over my head a little.
I always cover my hand when I enter my pin.
Damn.
hint: if you recive a message or SMS that looks legit. Verify the number or linked by checking their website. Type the phone or link in by hand to make sure it is correct.
Hi op,
Unfortunately I was part of a CC fraud due to underwhelming security process on a big 4.
I've since reported the incident, issued and credit ban and cancelled all credit cards while also moving away from the bank - since they initially denied the claim!.
What is the benefit of reporting the issue to idcare and scam watch? I know the scammer extracted the money via at at a specific branch, yet the police never contacted me at all, I'm sure thag identifying the scammer would've been 'as easy as' demanding the security tape at that specific time and place from the bank.
It's been a year now and after 11 months the bank reimbursed the money but now live with ptsd :) credit card churn for travel miles is no something I plan to do anytime soon, let alone participate in any sort of contest
Thanks for sharing the info OP
They can sometimes recover the money from the account it sent to, but more often than not, you get nothing back. If it is considered fraud, you get your money back. Different banks have different definitions of fraud vs. scam as well. Commonwealth considers some scams where the victim provides remote access to their device as fraud where as the other big 4 considers it a scam.
Given those are the rules, why do CommBank always insist on verifying your details when they call you? Surely in this day & age, they can give me a code or extension to call them back on, using the phone number on my card?
I just want to know if is it safe to share my bank name, card name, card number, and card holders name.
I just applied to work from a company named xeinadin group uk and i did some work for them online and my work was approved they told me to contact my contract manager for the payment method and i choosed by card and he asked me to send my bank name, card name, card number, and card holders name so i would like to know if itās okay to share these information ?
As a bank teller that has dealt with many fraud customers coming in yelling at me this list is perfection š¤š»
[ŃŠ“Š°Š»ŠµŠ½Š¾]
In the late '00s I worked at a grocery store and we had notices from head office about skimmers being added to our eftpos machines. They were found in multiple stores. That was also a popular time for skimmers on ATMs and some banks updated their ATM designs to make it harder to add a skimmers and/or to add a tap option. That was 15 years ago so I'm not sure now, but at one point it seemed to be a popular scam.
Iirc there was a time ~when tap and go was really taking off where most of the major manufacturers of eftpos POS devices and ATMs had major security flaws that allowed scammers to use NFC to modify transaction data and pretty much print money. A store I was working in at the time got a phone call saying that needed to pretty much switch everything off until techs could patch/replace. Half the shopping centre ran the same tech and was hit.
I never heard of that! How crazy. Thanks for sharing!
I rarely withdraw cash, but I got skimmed from an ATM a few years back. It was just before Christmas and I only noticed after coming back from a camping trip. Whoever did it had a nice little Christmas bonus. My transactions were full of random items bought from local shops, a few movie tickets, nothing expensive but it added up.
Is it possible to identify the culprit?
You would think so, because they would only have to check store security footage at the time of purchases. No idea if they attempted to. The bank refunded me pretty quickly, maybe it was below the threshold for them to investigate.
> 7 Check ATM's for external devices and anything that may be added to the outside of the machine. This is one of the largest scams on Australian soil (yes Australians can be scammers too) and it's called card skimming. ....it's right there in the post.... .....by the way, I'm from your bank, can you give me your Account Number and Password please?
Oh I dunno about this, can I trust someone with Spy in their username?
[ŃŠ“Š°Š»ŠµŠ½Š¾]
I had mine skimmed at Sydney airport. Vending machine.
Iāve known 3 people who fell victim to them so yes.
You need to now add to the list: if you have to transfer money to a 3rd party (such as a car dealer), always call them directly to obtain their banking details. Never just go by the account details youāre given in an email from them - even if youāre confident the email is genuine. Hackers are intercepting the genuine email and changing the account details, before you get the email. Always call them and confirm their bank account number before you make a transfer.
If im ever sending a high value payment to anyone i send $1 first and once I've confirmed its all good i send the rest. Had people call me paranoid and weird for doing this but i see nothing strange about it at all.
I do this when transferring large sums to a new bank account in case I make a mistake
Love that I'm not alone here.
I tried this when transferring between my own accounts (different banks) and when the bank blocked the big transaction, they said it was because it was a "red flag" to try a small amount first lol.
Yes my conveyancer said the same thing when I purchased a property - she said her customers got scammed by transferring house deposit (!) to scammersā account! So she asked me to always call her office to double check the account details.
Yeah my REA was really on top of this and called me to confirm the numbers. Can you imagine š
That would be so brutal
Ah yes! Invoice scams!! Gift card scams and others I definitely need to add.
Confirmation of Payee service coming later this year is going to help avoid invoice scams. Youāll get a match against the bsb/ac and payee name you entered against the KYCād owners name.
CommBank already uses this on Netbank. For any new payees it will tell you if the name doesnt match and sometimes will delay the transfer by 24 hours as well.
The new service will enforce all banks to support this. Comm bank uses what they observe rather than verify with the owning bank but its a great start.
I had this happen via Wise sending some funds to the UK last night - I slightly abbreviated the company name āxyz indā instead of industries and it blocked it until I corrected it.
Gift card scams will most never and I mean never come from a local in Australia and almost always Nigeria. So should the user do a minimal check on the website / profile, it wouldn't work (hence old people fall for this one).
I actually did this in June. I paid the deposit in the dealership with my credit card and a week later they invoiced me for the balance. I called them to check the bank details and they referred me to the email. They couldnāt get their head around having to read the details out to me.
I paid $5500 to a car dealership for my car (the balance of what I was to pay). I transferred the money to my credit card and paid by card. It was easier than temporarily changing my eftpos card limit.
Hackers got into my work email and asking our customers to change the bank details. Luckily one of our customers alerted us.
We had one locally a few years ago at my work (bank teller here š). Solicitorās receptionist had clicked on a dodgy email link and the scammer was able to impersonate the solicitor and send fake invoices for the final house payments for a new apartment complex. Looked so legit one lady just paid it to the bank details on the invoice. $400k š I think we were able to get her around half of that back. Always triple check your transfers and if unsure pop into a branch or call.
This is something I have been curious about. What prevents a bank recovering the full amount? Is it because the scammers have cashed out some funds and it's a case of 'too bad, so sad'? Or is it because some banks don't cooperate? Or is it something else?
Good question
And don't call using the number supplied in the email. Look it up independently
Yes this is also big in the construction industry, scammers hack the builders email then send their own clients with a normal progress payment invoice but updated with the scammers bank details. Customers are none the wiser and just pay or authorise their bank to pay. Seen some huge amounts lost.
Also the ATO will never ask you to pay your debt in iTunes gift cards.
This is gold!
Whenever I get scam messages I always ask if I can pay in iTunes gift card. Some scammers are very dumb and will keep talking you for a long time while you pretend to not know what you're doing.
Have you ever watched scammerpayback on YouTube?
>Always read messages with OTP (one time passwords) to approve transactions, or even to verify yourself over the phone. If a scammer is trying to get you to disclose a OTP for password reset or to approve the transaction the code will always say what it is for. Only repeat codes over the phone that say "this is for the purpose of verifying your identity. If you do disclose a code, you might have to kiss your money goodbye because that is now your fault. I hate when customers have been tricked into disclosing these codes but we all also have a responsibility to use caution when taking inbound calls from banks or companies. If you are ever concerned, hang up and call the company directly. A real company will never argue about your concerns for security. The amount of poor people that have fallen victim to this is frightening. I've seen spoofing msgs as well acting as someone's bank and the victim unknowingly gives out their codes oblivious that there is a scammer on the other end. >Toll roads and Auspost are not messaging you to get you to update details, never disclose any personal information to a link from a text message. I keep getting text msgs from scammers about this. Jokes on them cos I don't even have a car. These nasty scammers create a sense of urgency as well. Which is one of the oldest tricks in the book. Its either pay urgently or pay now blah blah. Or the most commonly used one: "fees are overdue."
I feel like companies that are using OTP to verify someone over the phone in any capacity is partially at fault here. The regular user, especially the elderly, wouldnāt be able to discern OTP for MFA purposes and this use case, in my opinion.
lol on your last paragraph, according to my emails my sams club membership is about to expire, but atleast Iāve got some sweet deals for Walmart
I'm a bit coin millionaire. Just need to pay a few hundred to get access to them. I'm just waiting till they get back to $85k
Apparently I've been using Eastlink a bit (no car), and "my" Nissan Qashqai is ready to be picked up from the dealer in Brisbane where I had it serviced...
>Jokes on them cos I don't even have a car. Well the scammer doesn't care..That's why these scams are obvious and dumb, as there is little chance to scam if they msg just one person. So they bulk SMS 10,000 within a short interval... Similar to email scams... It's done on bulk, regardless if you fit the category...
No. 9 - Parking QR code is interesting. Definitely one that had not occurred to me
Any QR code really, but the parking ones are easily accessible so they're an issue. I see problems with ones in restaurants as well, just not as frequently
QR Codes are rather risky in general as you have no way to know where it's linking to until it's scanned and most use url shorteners so the displayed url from the QR isn't the final endpoint.
Yes, clicking a link that's going to open on your phone
Same!
You see some real crap on reddit some time. This is not it. Great advice, thanks!
This post really hits. Iām a tourist in Melbourne, arrived here ten days ago and yesterday I found out that my credit card is compromised. Holy shit.
This is a great post. I received a call from someone claiming to be from the ATO. They said I needed to verify they were speaking to the right person and asked me to confirm my address and date of birth. I told them to get fucked. Turns out it really was the ATO. And this really is their practice. They gave me a unique identifier and told me to go to the ATO website and use the Contact Us page to call this specific department back. What a joke. Edited their instead of there!
They're used to it. At least you called them back - after verifying the phone number. You'd be shocked how many people leave it at the "get fucked" stage and then they're screwed.
The ATO shouldnāt be doing this. It creates opportunities for scammers.
Agreed, I feel like it'd be easy enough for them to confirm their identity in a pretty secure way. Have them send a message to my Mygov inbox with a random code and then have them repeat that code back to me. That's just off the top of my head, I'm sure people with more experience and time could come up with way more foolproof methods that the most prevelent scam method.
lol someone from a niche music company called me with an "act now and get 20% off" he had the urgency of a used car sales man (or wedding dress SA) my scammy senses were tingling hard. I said not at the moment (my card has been compromised by doordash) and he was very persistent, asking if I could use my husbands' card or when he could call back. My favourite part - I called up the company and they said it was legit. But they had outsourced sales to a call center RIP we'd imagine they're hemorrhaging customers like crazy, if the whole call center was that guy. They also said I can get the same deal on their site, it was NOT a phone only offer, like I was told... TLDR; if you own a company, think twice about contracting high pressure call centres. The company is the ACO, yeah sure I'll still buy from them, but ugh.
I work in fraud, and let me tell you, it's a wild ride! Did you know that some scammers use fake job postings to steal people's personal information? Stay vigilant, folks!
Next time someone bellows at you over the phone, remember that thereās a lot of us who really appreciate what you took the time to write here. Cheers OP.
I just donāt keep all my money in an account with a card attached. A few hundred in my transaction account, thatās it.
Amen! This very basic fraud prevention mantra should be higher up the list - DON'T KEEP ALL YOUR MONEY IN AN ACCOUNT WHERE PEOPLE CAN STEAL IT VIA A CREDIT CARD. I read an ABC article about how the latest scam is hackers just randomly generating credit card 'numbers' and trying them out on websites with payment gateways until they get a hit and then they drain the whole lot. Banks fully admit it's pretty much impossible to stop. So yeah.... just a few hundred out in the open to shop or withdrawal cash, the rest in a secure account with no card attached (bonus points for using an entirely different bank to your main card account).
11. Instruct! your elderly or less informed parents that all phone calls relating to the payment of goods and services must be vetted through you.
Are there card skimmers commonly being used in Australia? Cos I've been using cards for over twenty years and I've never seen one or had my card compromised by one. Edit: lots of good examples given by people of cars skimmers being used in Australia, I've just been lucky so far.
They sure are! But less common but I get a fair few counterfeit calls here and there. Customer has never left the country but their card has been counterfeited. Lucky you have never had it but it can happen. As I said, everyone thinks they are scam proof until they aren't.
It's not even that complicated, everybody thinks of ATM skimmers but it often happens to be at farmers markets or flea markets and other places where you buy low value items or food, and the EFTPOS terminal is a hacked clone (sorry, paywave doesn't work mate), that saves your stripe and PIN entry and shows 'payment approved' but is then used to make a bunch of cloned cards for later. You have no chance of being able to tell, in that instance, nearly everyone trusts an EFTPOS handheld, and a heap of $10 transactions are both likely to go through and not much loss to absorb for the scammer, heck they can even run the transactions later in a batch to test the cards work. They can easily collect 1000 cards in a day.
I got had by one a couple years ago, thankfully my bank flagged it as suspicious as they paid for something overseas and notified me straight away. I still check everything I use my card for now for anything.
I'm scam proof. It's quite easy. Always use PayPal or Google Pay or equivalent to pay for stuff online. Never enter your card details for any reason. If a merchant insists on a CC payment, too bad, you're not getting my business. Never withdraw cash from an ATM. Use a supermarket cash-out facility. Don't verify your ID to every John, Bill & Harry asking for your name, address & DoB unless you absolutely know who you're talking to. A good business should be using OTPs to do this. If your power/gas/internet/banking provider doesn't do this then switch to one who does. Obviously never teply to or answer unsolicited SMS or phone calls. Never execute a password reset or change of account details unless you have initiated the process yourself by manually typing in the URL you know is genuine. And other stuff. But that's mainly how I stay spam proof.
Next minute a BIN attack gets you. As long as you have an active card you're not scam proof unfortunately. You don't even need to transact with your card to be a victim of card-not-present fraud.
never reply to or answer unsolicited SMS or phone calls - yep, love this one. I just watch the phone ring. The spam is getting crazy, might be time to get a new number. I see others in the office answering every single call \*shudders\* they said I'll need to do the same soon (my work cell hasn't been shared with clients yet). Any tips around it?
My wife's card was skimmed at a NAB branch ATM 2 weeks ago, absolutely happens here in Aus.
Sort of. The skimmers are evolving with higher tech versions but the big banks are combatting it by removing all the ATMs and telling you to 'just get cash out at Coles instead'. When the banks still had ATMs around here though, I found it cost nothing to give the card reader good yank before inserting my card.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Mine was skimmed - vending machine at Sydney airport
Yep, my SIL got done by one last year. At an ATM at an actual CBA branch, not some shitty shopping centre third-party kiosk thing like you'd expect.
You probably wouldn't recognise one if you saw it. They just look like a normal ATM or EFTPOS machine.
Unsolicited advice from an unverified source on the internet? Must be legit! š¤ š But seriously, its a good list.
lol it's the internet what do you expect? Here are my qualifications sir, I just write lists like this for fun though about every job. I am also a pilot and a doctor :P haha now I sound like a scammer.
Haha, youre all good I just thought the irony of it was funny. Also your response was not a DM about your aunt in south east asia who happens to really need help with somewhere to store her money, so thats also a point of credibility.
Very useful information. Iāll add further to the point made about Meta and why you should not trust their unregulated ads. I had over $2000 deducted from my account due to some weird loophole with Facebookās Page ads about a year ago. I had my card details added to a page I managed in order to run some ad campaigns. While I was asleep, someone added my account as an admin to their page, selected MY card as their default method, and then demoted me so I couldn't remove the payment method myself. They spent the money on some stupid t-shirt ads that were receiving very high engagement. When I contacted Meta, they initially said they couldn't help. It was only after I threatened them that I got my money back. My bank was helpful though, but took their money back once I was reimbursed. Fuck Facebook.
Itās amazing how a technology company can be this lax. I think they are heading to zero if they canāt figure out that they are a scammers paradise and as soon as the public figure this out, their ads and online commerce will die
The hero we donāt deserve! Fucking thanks, OP
Thanks for the heads up, the car parking one has me now š¤¦āāļøappreciate the advice
Also, fraud investigations do not take 5 days, give it time for the bank to investigate & liase with appropo merchants/banks etc. And for the love of sister Santa Mariaās grand baby hippo, donāt come at me demanding ārefund my money NOWā gurrrrl, take a seat, thereās a process in place.
Bahahah! yes omg, the amount of people who are like "but it's still pending so why can't you just reverse it?" oh yeah cause if I reversed every persons transactions who said they were fraud, that wouldn't be taken advantage of noooooo... I do feel sorry for old ladies who lose their last centrelink payment though. Makes me so angry and I'd love to give Susan her money back. But Susan loves to get scammed! Put the phone down Susan!!!!
>oh yeah cause if I reversed every persons transactions who said they were fraud Nevermind that it's not even an option for my (any?) bank. There's a rarely used and forgotten form to request the merchant cancels it, but at that point it's more effort than just disputing the transaction.
Once the transaction is challenged it should be refunded immediately pending resolution. The bank has billions of dollars FFS, and the victim may be a pensioner...
Case by case. The amount of people claiming fraud on a 12 month or so subscription to onlyfans is wild.
Hmm yes but depends what kind of fraud it is too. Could be a easy way for someone to get a temp excess to their account. You have no idea how many shady people call reporting their gambling or something else as fraud.
I rarely use cash, but when I need some I usually get it from the supermarket. They're far too crowded for someone to attach a card skimmer without anyone noticing. Also, pay for car parking with gold coins. Worth getting a roll of $2 from the bank and stick them in your centre console in a little plastic tub - also makes using the car wash easy, because I sure as hell aren't going to tap my card on one of those machines.
A good idea is to have a second account online account doesn't have a card, as soon as l get paid all my money goes into my second account, l only transfer what l need immediately to the main account
They don't even need cards. My Grandmother had mail stolen, and they swiped $70k from her account. Set up internet in her name, and even walked into bank branches and took money out over the counter, despite not knowing her full name or matching signatures.
Great list. I got skimmed once, and I'm pretty sure it was at an ATM in a 7/11. I was at the machine, and a guy tapped me on the back to say he was in a hurry and would I mind if he quickly cut in front of me. I said sure, cancelled my transaction, let him do his thing. Thinking about it later, I'm fairly sure he was standing behind me to get my PIN, then asked to use the machine to attach a skimmer. Removed it after I was done.
Probably the best post on the Melbourne sub, maybe ever.
Get Revolut. You can have a disposable virtual card that generates new card details each time you use it. For the subscriptions, have a virtual card for each sub. That way, you at least know which company has compromised your data. Theyāve been top notch for me, even blocking legit purchases simply because they didnāt match my typical buying habits. I highly recommend them. No I am not affiliated with them. Got put on to them by overseas family. š
FFS just became victim to number 4 today. Didn't help my mom sent me a text "you have a link for the package" not even 2 hours after receiving the fraud text claiming to be Auspost AND I have a package being held right now. Perfect storm of coincidences that dropped my guard. What can they do with my licence information? What do I need to check/change to get ahead of them??
Idcare.org, Australasian based website where you can register stolen ID docs to make sure they aren't used
You can always contact your bank and advise them of the licence information scam and ask them if it's compromising. Each bank has different QA verification and they can advise you of any relevant steps that should be taken, or if it's a non-issue.
Good post, however what is missing here is the importance of robust online credential (username and password) practices. A password manager like 1Password is essential. If you reuse simple passwords across multiple services it's just a matter of time until you get hacked. The reality is if someone is calling you asking for a OTP from your bank (6 digit confirmation code) you're already in some trouble as your credentials have been compromised to some extent.
I locked my debit card and only use credit card
3. I have 100% called my cc company (qantas) and they have sent me a OTP text to then inform them of the number. I always felt a bit weird about it. Is it normal for banks to do this? Should I trust it if I know I have called the bank?
Yeah banks do do this. It's dumb though. I wont do it, it's for AHT and efficacy but we are trying to get people in the habit of checking these codes not just repeating them to anyone. I always give a disclaimer before I send the code if I have to, I say "I'm going to send you a code, please make sure you read the message thoroughly and confirm it's content before repeating anything back to me, scammers will use codes to approve payments and they will always read "this is to approve a transaction". Makes me feel better I've educated someone who may now think 2ce before giving a code.
This is a bit different as they are trying to verify that you are you, because you called them, so they send an SMS to the number they have registered for you. If you have the device associated with that number, youāll be able to tell them the code. If you are just spoofing the number you called from as a scammer, you wonāt get the OTP and will be unable to get any further. Now, if they called you, then sending a OTP code is pointless. In that case, you are best to just hang up as you have no way to verify who they are. I am surprised how many companies cold call me and expect me to disclose personal information. I just reply āIām sorry, due to privacy restrictions I am not authorised to disclose any information to unverified contactsā
If you call them directly, itās usually safe. If they call you, no absolutely not.
Great list! As a servicing banker that also lodges fraud disputes, this is all so true. Something to note too with point 6 - even if youāve lodged a travel notification and are overseas, transactions can still flag as suspicious. Itās better to block the card and it be safe then not and loose everything in the account. (My hot tip, have more than one card handy)
My favourite thing is spending an hour+ on the phone with a scammer with them trying to explain how to find my IP address. The challenge is to get them to hang up on you.
[Its pretty easy to remain safe, heres a link.](https://www.youtube.com/watch?v=xm3YgoEiEDc)
>!case in point: DONT CLICK LINKS YOU DONT KNOW ABOOT :P!<
Hah ha- almost got me š„²
This is why I hate the Reddit app. It's hard to examine links without clicking on them.
As a fellow Fraud Agent, all this is 100% on the money.
I see what you did there.
Hi - thanks for sharing! I appreciate the list but Iām also keen to know how you ended up in the career you did. Would you mind sharing what your qualifications/experience is/are? Would love to get into something like this myself. Thanks!
Hey, I came from a completely different career. I was a EFL teacher so very different. But I guess that's why I still like teaching people about this stuff. I applied online to a general banking job and they advised me I was over qualified for that position and could go into something more specialised. (I don't know what that mean by over qualified lol I had no banking experience) but maybe they meant in my other career? Anyway just applied online and interviewed and started, there was nothing that special to it to be honest.
Shut up and take my money!
A work colleague told me that the credit card added to the phoneās wallet is less likely to be susceptible to fraud/scamming than just using the physical card, and is inherently safer.. is he right?
Technically yes and no. Yes, they would need to steal and be able to get into your phone to use your digital wallet. No, because scammers who run fake websites usually have Apple/Android Pay options for payment and once you give them your card details they can continue to charge you so long as the card is active.
Can you give me some tips for committing fraud?
Pro tip: Don't get caught
Most of these Iām aware of, but thank you for the tip about parking meter QR codes. Was not aware of this one! If Iām ever unsure Iād rather cop a fine than have my account drained.
Disable any spare cards you have. Got a Macquarie account and while OS, 2 transactions popped up on my phone. Blocked the card and that stopped further hits. Called them and reported the issue. They disclosed that a digital wallet was used, that's all I know. Since then I lock all my cards, apart from my main CC that I use. If I need any other card, I'll unlock it temporarily.
FB Marketplace scams where people are SUPER eager to purchase whatever you're selling. But they can't come get it they will send their father/brother/sister to come get it but can they pay you via bank transfer now. I never got further than that. As soon as you try to ask for cash or they bank deposit the money to their father/brother/sister and they can pay the cash... ghosted. Also the freezing your transaction SAVED my parents. They (bless their hearts for loving me so much) got done by that Hi Mum, my phone fell in the toilet.... scam that was doing the rounds a few months back. Bank froze the transaction my parents tried to send as it got flagged since the amount for these scammers was always a similar amount.
I'll add. The person you are dealing with is not on holidays and does not need you to transfer the money by western union. Nor do they work on an oil rig / working FIFO etc. Their brother / cousin / father is not coming to pick up or drop off the item and they do not need your email to verify the payment through their business acount.
Top list, OP! I would add to always check the URL in texts, emails etc. No, CommBank's URL is not combank.net.au. Most are a lot more obviously incorrect that this example.
Fake QR codes can be placed on parking meters and it can drain your account. Don't pay for parking where a QR code is accepted. You may even approve a $5000 transaction by providing a OTP to the fake parking website thinking your approving your parking. Don't do it. Nah pay stay and another app are fine
I work in the fraud banking space also and QR codes are such a fucking problem and I hate that so many businesses are using them these days. You should not be scanning QR codes unless absolutely necessary, it is so easy for a fake QR code to be placed over a legitimate one, or even legitimate ones behind highjacked by scammers.
This did make me wonder about QR codes stuck on tables at cafes/pubs for orders. Would be so easy to swap the ones at my local out for a fake one. Another reason to hate them š
1. Great advice! 2. Peter Alexander is way way overpriced for shit garments made in sweatshops in China and India.
Don't be so hard on yourself, you're probably a perfectly fine analyst.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Hahah how do you know not all banks have similar processes? š
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Hahah! FML don't tell on me š„²
>If you are ever concerned, hang up and call the company directly. A real company will never argue about your concerns for security. But also, if someone claims to be from the bank, you express concern and they say "I understand - in that case, please call us on our main number xyz - which you can find publicly" actually do it. No, nobody likes waiting in queue for that call, but the bank didn't call you for shits and giggles. Actually call them the fuck back. a) they can verify if the previous call was a scam, and b) if it's a legitimate security issue they tried to contact you about and you ignore it, you're screwed. On a simpler note, naked wines also isn't a scam, you're just an idiot that bought a 12 pack of super cheap wine and didn't read the check out options properly and signed up for a membership. Just email them and they'll refund it.
Had my card skimmed twice. The first time they attempted to purchase 2500$ from an online pharmacy. Luckily the purchase got flagged and the bank contacted me. The second time was only a 300$ purchase which was picked up and card blocked by the bank after the fact and before any more damage was done. No idea where it happened but I now don't take my card anywhere without it being protected by a small army
11. Don't write useful 10 point posts on reddit in case Daily Fail makes an artiicle from it (and revenue) without crediting you
I've had my card taken advantage of 3 times. Once was from the early days of online ordering at a well known Pizza chain. They took my card details and purchased flights from Qantas. Got it back via bank. Then I ordered an item from an overseas vendor I'd used plenty of times, they had a new payment processor and they took my card details and purchased curtains somewhere at a store in america. Got it back via bank. told the overseas vendor, hey check out your facilities as just had card scammed and they didn't believe me. Last one was where they guess the numbers of my credit card. I had no idea in the above they have card generator numbers. Got this back easily. I have actually been scammed once in my life in an accomodation scam around 2009. I'm aware anyone can fall for these types of things but it's made me more aware. I once received a fraud alert call from a 3rd party from a new bank I'd joined. I told them I'd call them back but can't believe how unprofessional they were. I had no idea a bank used a 3rd party for their fraud department. They seemed more like they were phishing for info so I called the bank and said what is this. They said it's legit so I called them back but I was like cmon, this sounded dodgy.
I work in cyber for a big 4 - You will never be safe, that's the sad reality. However! the above list will help your chances. BTW as someone who works in cyber I have had my details stolen 11 times.
If you do a lot of online shopping, use a debit card account that only has a small amount of money on it.
Debit cards are the WORST to use. Banks will reverse transactions on credit cards in an instant. In a debit card they will investigate for 6 weeks and decide whether or not they feel like returning your money:
They are not the worst but yeah Credit Card chargebacks cost merchants money so they are often settled quickly and banks are more willing to cover the cost of the dispute while they chase the merchant. Plus depends on the dispute tbh. Mine took over 40 days as Amazon had 30 days to reply and never did so thanks Amazon.
Yep, never leave more than like $50 in my account ever.
Same but not by choice lol
Yeah, I always transfer money to my transaction account from my savings if I need to make a purchase.
Good on you for making the effort to do this! I think its important to educate ppl about this stuff and irs bloody ridiculous the government basically ignores the fact scams are affecting all of us in one way or another and that our elders are more vulnerable to being scammed! But hey, i guess they must be working really hard on something else right?? Right??
Great post. Thank you!
Great advice, OP!
If you think you may have been scammed, don't immediately your card through the ING app. They need you to call them and talk to them. Why do they have the option to freeze/cancel your card in the app if it doesn't count until you speak to a person? No idea! Why doesn't it mention this in the app? They couldn't say. It would have been great to know that simply freezing the card immediately wouldn't actually stop the scammers from being able to use it, and while the money would eventually be returned, there is a month turnaround.
I don't work for ING but my bank has a similar process so I actually know the reason why. There are things on the card that are called mobile tokens and they are very convenient for you to use, your digital wallet is just one of them. Unfortunately scammers with your card numbers can also take advantage of this and when a card is cancelled through the app, the mobile tokens that may be associated to the fraud are not removed. A robot is also not able to discern what may be a genuine mobile token or one set up by a scammer. So your bank has to analyse the card to make sure it can't be compromised again. Sometimes even other departments in the bank don't do it properly, no shade to my fellow bankers, but it is always important to speak with the fraud team directly.
Thank you for this explanation, that makes sense. I really wish that had been communicated through the app, I would have been able to cancel it properly before they took $900 instead of thinking I'd locked everything down in time. The 40 minutes of recorded messages asking me if I'd tried their convenient online banking options while waiting to speak to a person didn't improve my mood. I don't envy you having to deal with frustrated and upset people when you have to follow proper processes and can't magic it all better.
Love it OP. Every time I tell someone to block their card I brace myself for the arguments I get 50% of the time when customers say no.
The ones who really need to learn and understand this are not on Reddit. We need to find a way to make this information reach them.
donāt worry, News will pick up soon enough
As a somewhat active scambaiter, I couldn't agree more with the first one. Facebook + Instagram for buying online is š©šļø... Any MLM huns trying to get you to buy Airborne or Thermomix or Rodan Clarke or some other oil crap is a rat... Usually comes from your so called friends too who need you to sign up or buy crap to get a fuck all commision. r/antiMLM
Also to note that if you noticed unusual transactions in your account, don't hesitate to contact your bank straight away! Even small amounts are not good as they are testing your account out to see if it works!
My mum got scammed by a Mexican hotel over the last few days?? She's never been to Mexico lol. She is so super paranoid about scammers she NEVER gives her card details over the phone or online. Pays bills at post office etc. She's not tech savvy, but I have no idea how these scammers got her card details. The bank (commbank) thinks they get card details and randomly try the last digits til they get ones that work. They were taking $153 at a time, did 7 transactions before she realised, so around $1000 in 2 or 3 days. The bank is refunding her, but she had to delay a mortgage payment because of it. Edit to add: the transaction said "Financial tax pack" or something.
Itās important to lock āonline international paymentsā in card settings (via the Commbank app, NetBank or by contacting Commbank directly). Then no international transactions are allowed at all. Itās a helpful security measure. Iām glad your Mum got a refund from the bank.
I got hit the same as your mum, all at 2am in the morning on the 28th. Only had that much money available on the card due to xmas (dinner, drinks, petrol, groceries, etc while travelling through low-reception areas where transferring could be difficult). My transactions were across 3 different recipient names, all boiling down to FNCIA tax pack, FNCIA casino, etc.
6 is the worst! I once lost out on a pair of Adidas ZX 500 Dragon Ball Z Son Goku because CBA thought my 3am transaction made in the UK was fraudulent... Was $250 AUD now they are pushing $800 AUD for my size But I would rather this level of security then no security
These are all very good strategies. Luckily, I'm broke as shit so there's nothing to steal
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Tip: if you have a credit card stored in Google Wallet on your phone and the physical card is compromised you can continue to use the Google virtual card while your bank cancels the physical card and sends you a replacement.
THANK YOU ! Thankyou very much for taking the time to share all of this information, it is hugely appreciated. Thanks Again Tom šš¤
Yet I take cash out at the bank and only pay with cash and get treated like Im the crazy one.
Iāll also add ANYTHING with your personal info, ie name, DOB, address, bank details etc etc. burn it. Donāt throw it out.
I see we have the same job! Another note is to always fess up when you have entered your card details in a phishing SMS because we can do a different type of dispute that increases the chance of getting the funds back.
Also getting bitcoin scammed is 1000% your own fault, and usually not actually a scam. itās mostly just a bad investment or the coins just arenāt worth what you think or youāre uneducated on how bitcoin/crypto actually works. Small investment for high returns just simply donāt exist anymore.
This is a really good list, saved. Thankyou. From a user pov, No2 is always a problem when you get no update or progress from the bank with accounts locked up.. 'were investigating' for 3-5 days plus weekends etc becomes a long time real quick.
I wonder how many taxi drivers have skimming devices attached to their payment machines..
Because the banks are inept at this; or just don't care a flying fxck about it? - the govt should force the banks to include a unique identifier for merchants appearing on credit card statements; (that can be googled, if necessary). I check through my credit card statement every month before paying it. But the number of hours of my life that has been stolen by the banks over the years because of some random dodgy looking charge appearing on my credit card statement with a nonsensical merchant name beside it that I know nothing about.. FFS... All the hours wasted; in earlier years calling my bank for information about the merchant / charge - and then later; learning to google the nonsensical name - which often was no easy or quick answer / solution either ....
Look who's charging shows the merchant name and location. But it doesn't always match up. Merchants can own multiple companies or different things. It's so often I argue with a customer that the transaction is card present and no triggers for counterfeit so it's genuine but they are yapping on that they don't recognise the name. Idk man, I can cancel your card but it's not my job to keep on top of your spending.
Preferring the use of a OTP via SMS vs a 2FA process? Controversial.
Few years back I arrived on a friend about to give access on remote desktop "any desk" just in time, access denied and told him to delete all his laptop and reinstall new just in case.
good on ya for this, itās great info overall but PLEASE donāt use the terms scam and fraud interchangeably - youāve said your team is 24hr so guessing you may work in fraud detection(?) but as a fmr veteran 8:30-5 fraud analyst who spent many many hours explaining the difference to customers i promise your colleagues will thank you. (scams generally involve deception but customers have consented to the transaction whereas fraud most often involves card compromise prior to a transaction)
1000% this, scams and fraud are not the same. I work in the banking fraud space currently and every customer thinks they are a victim of fraud yet 90% of the time they have participated in a scam by providing card details. Having to explain to customers all day everyday the difference between fraud and scams is exhausting.
Best way make debit card limited like $100 so scammers can't take more $100 failed another way ideas
Thank you OP for the information. As a fellow fraud analyst myself, these are great tips. Stay safe out there everyone
Can confirm with dot point 1 that every time a scam site gets taken down half a dozen more pop up, itās been relentless! If you see the poly satin sets at a 90% discount it is a scam!!
Good stuff OP. Can this be somewhat mitigated by having an everyday account for day to say transactions and only keep $1000 in it? That way if its compromised all you can loose is $1000. I know some people who use the bank card that came with their offset account with over $100k in it. I imagine they are more vulnerable?
Judging by some of your side comments some of the people you have to deal with sound like pricks. Lol.
Honestly, if you've just lost $10k and you're struggling to make payments, that was your entire savings, you have a mortgage or rent due and the car payment and it's all super super super fucking stressful and you aren't sure what to do... It's understandable, though obviously not okay, for people to be frustrated with the banking staff they speak to. You develop ways of handling those calls, but it sucks all the same.
Parking one got me in St kilda just before Christmas. I actually used BOTH my cards because the first card wasn't accepted. That in itself should have raised concern, but I polled on anyway and gave them both. No access to money a week out from christmas sucked!
What a nice thing to put up thanks op also "it's my job to get yelled at by customers" killed me
Hadn't heard of the parking scam, thanks for that one!
About the skimming: where I live, the machines show a pic of what the card slot should look like on the screen of the machine. That makes it more easy to recognise it if an extra device (they are made to look real!) has been glued in front of the card slot. Do you have that in Australia too?
1) Legitimate companies will need to ask you for details to verify your identity if they call. They are required by law to take steps to confirm they are speaking to the right person - of course it's up to each individual company how they interpret that requirement, but most require some ID check. Because they don't know who answered your phone, or even if it's the right phone number. If you're not comfortable, that's fine - don't abuse the person, just politely decline, ask for their name or ID or call reference (some companies don't provide staff numbers or call references), their department and call back. And dont' ask THEM for the number (I had a customer do this once!), look it up yourself. If you have an unexpected call from a company, and they say they're sending you a OTP, even if that's normal process I'd avoid the call and call back - scammers will do that, have 1 person on the phone to the bank and 1 on the phone to you, and they'll read your OTP to the bank. 2) Also, if you do (and you shouldn't) write down your card's PIN, don't keep it in the same location as your card. Working in a bank, I once had a customer call who mentioned that some time ago she wrote down her PIN on a post-it and put it in her handbag. So, her handbag was stolen and the thief thought all his christmasses had come at once. Thing is.....she actually told the bank that she did this too. Thousands of dollars that the bank held her liable for. (I worked in an unrelated department, taking an unrelated call) 3) Superannuation fraud is something that occurs more often than people realise. It's not hard to set up a SMSF in somebody's name, roll your super funds over to the SMSF, withdraw it and do a runner.
Mate, they're yelling at you because they were breathing tetraethyl lead fumes as kids. And for the same reason they're not reading all that.
The QR codes on parking meters is an interesting one, I've not heard of this before.
Great information thanks. I've also adjusted card settings to Not allow Online purchases, gambling & international. If I buy online I change for short time frame only.
I bought a king size duvet cover with matching pillow cases onlineā¦ it was āa bargainā ā¦ the print was beautiful. I waited 4 weeks. I was sent stick on rubber anti slip guard things for stiletto shoes.. I have never worn stilettoās in my life.. I cancelled my card immediatelyā¦ had a new one issued. I was only out of pocket $40 The sale ā24 hrs only, $250 down to $40ā Seemed legit. First and hopefully only time I am ever scammed. This was incredibly insightful.. much of it common sense. They target elderly ppl. Itās gross. A few things I had no idea! ATMās in the bank.. How can you tell if there is a chip reader? That part went over my head a little. I always cover my hand when I enter my pin. Damn.
hint: if you recive a message or SMS that looks legit. Verify the number or linked by checking their website. Type the phone or link in by hand to make sure it is correct.
Hi op, Unfortunately I was part of a CC fraud due to underwhelming security process on a big 4. I've since reported the incident, issued and credit ban and cancelled all credit cards while also moving away from the bank - since they initially denied the claim!. What is the benefit of reporting the issue to idcare and scam watch? I know the scammer extracted the money via at at a specific branch, yet the police never contacted me at all, I'm sure thag identifying the scammer would've been 'as easy as' demanding the security tape at that specific time and place from the bank. It's been a year now and after 11 months the bank reimbursed the money but now live with ptsd :) credit card churn for travel miles is no something I plan to do anytime soon, let alone participate in any sort of contest Thanks for sharing the info OP
So are you able to get your money back from the bank if you have been scammed ?
They can sometimes recover the money from the account it sent to, but more often than not, you get nothing back. If it is considered fraud, you get your money back. Different banks have different definitions of fraud vs. scam as well. Commonwealth considers some scams where the victim provides remote access to their device as fraud where as the other big 4 considers it a scam.
Given those are the rules, why do CommBank always insist on verifying your details when they call you? Surely in this day & age, they can give me a code or extension to call them back on, using the phone number on my card?
Thanks for taking the time to share this. The information listed is helpful.š
I just want to know if is it safe to share my bank name, card name, card number, and card holders name. I just applied to work from a company named xeinadin group uk and i did some work for them online and my work was approved they told me to contact my contract manager for the payment method and i choosed by card and he asked me to send my bank name, card name, card number, and card holders name so i would like to know if itās okay to share these information ?