Tis’ the season to be shopping, but it is also a lucrative time of year for cybercriminals. Black Friday shoppers were warned of opportunist scammers leveraging the extra influx of marketing emails. Due to recent data leaks, Medibank and Optus customers are being flooded with an increased amount of spam and phishing attempts.
During heavy retail activity such as Christmas and Boxing Day sales, more people eagerly hand over their details to websites during online purchases. This is why it’s important to make sure every site you shop is secure and that you are extra vigilant about spam and scams through both email and SMS.
SMS Scams and Spam
In 2022, ScamWatch identified the most popular scam was via SMS messages and that more and more people are finding it difficult to determine if the sender is legitimate. There are two types of messages to watch out for: scam texts and spam texts.
- Scam Texts are malicious messages designed to deceive you and steal information from you either by clicking on a link or asking for personal information. When this occurs cybercriminals generally have free reign of your phone, your personal information and your data. Therefore they can install malicious software, rack up your phone bill or sell your information on the dark web.
- Spam Texts are from legitimate businesses and organisations usually advertising a sale or gift if you purchase during peak times. These messages come with an opt-out clause such as reply STOP. If businesses fail to recognise the opt-out you can complain to ACMA.
However, technology is becoming increasingly sophisticated and it is getting harder to tell the difference between real and scam messages in your phone. Luckily the Australian government has set up a task force to investigate preventative measures to block malicious SMS messages and has allowed telcos to block messages to consumers that may cause harm.
You can also protect yourself from unwanted messages using your smartphone, which has inbuilt spam-blocking filters. These filters need to be manually turned on to be effective and some newer phones now come with built-in encrypted messaging software as well.
To turn on spam filters:
- Android users need to head to Message Settings and hit Enable Spam Filtering.
- Apple users will need to head to General Settings, select Messages and select Filter Unknown Senders.
- Additionally, you could install spam-blocking apps onto your devices such as TrueCaller and SMS Shield to provide an added layer of security.
One of the easiest ways to ensure you are not susceptible to a scam is to check the site’s security before inputting personal or sensitive information such as credit card details. To do this there are a few things you need to look for.
- HTTPS within the URL. This ensures the site has an SSL certificate and standard encryption when it comes to protecting your data. It’s important to check this on every page as some websites only pay for the home page to be secure.
- Look for the Lock Symbol. A simple way to ensure your browser is secure is to look for a lock symbol on the left side of the address bar. This visual cue indicates the site has SSL encryption installed and protects online transactions by encoding the data that is in transit.
You can also ensure complete security while shopping online by keeping your browser updated to avoid security holes.
There is a large spike in phishing emails during peak shopping periods such as Christmas. People can receive over 100 emails a day so it is important to have your guard up and to be cautious when clicking links within emails. If it looks suspicious, immediately hit Report Spam and do not click any links within the email as you could be downloading malware onto your computer.
There are some clear signs of spam emails. They generally have spelling or grammatical errors, the images are blurry, and the logo may be NQR and not in the usual spot. You can also verify the sender by clicking on the sender’s information at the top of the email. This will show you exactly where it’s come from and a legitimate email will usually include the company’s domain such as evologic.com.au instead of an imposter address, for example email@example.com.
To avoid email and SMS fatigue one of the simplest things you can do is unsubscribe. Spend an hour or two reviewing your Promotional Emails and choose which ones are of value to you. A good way to screen companies is to consider if you have bought anything from them in the last 3-12 months and if you plan to buy anything during this peak holiday season. If the answer is no, hit unsubscribe. Other emails you may be getting include app notifications and trending news stories, to stop or reduce the number of emails you receive you can log into your apps and adjust notification settings and communication preferences. By doing these two simple things you can ensure that only the emails you want are coming to your inbox. If companies fail to comply with your unsubscribe you can file a complaint with ACMA who will fine them accordingly for using your personal information without permission.
Not sure how secure you are?
If you are unsure how secure your business network is, Evologic can help identify the cyber security risks that are unique to your team and business. To get started we recommend trying our online audit tool but if you want a more tailored response about your business’s security risk, get in touch with our team for a cybersecurity audit.