The Hunted Cyber team’s tips for staying safe from scams

Published by CyberCX on 11 August 2023

If you own a smartphone or use the internet, it is all but guaranteed that you have encountered a scam. It could be a phone call claiming to be from your bank that doesn’t feel right, or an email seeming to be from a friend, asking you to click on a dodgy looking link.

Unfortunately, technology-enabled scams have become far too normalised and prevalent in the digital age, as scammers continually innovate and find new ways of targeting innocent end users at scale.

In fact, two-thirds of Australians aged over 15 years or older were exposed to scams last year.[1] With the number of reported data breaches in Australia also continuing to rise – a 26 per cent increase in the second half of last year[2] – knowing how to protect yourself from scams has never been more important.

Simply put, every data breach that sees personal information dumped onto the dark web means that savvy scammers have more material to work with when it comes to impersonating your bank, telco, family, or friends.

Fortunately, there are some steps you can take to minimise your risk of being scammed. Fresh from their work tracking and tracing Fugitives across Victoria in season two of Network Ten’s record-breaking program Hunted Australia, we asked members of the Hunted Cyber team, Jason, Vikki, Jay, and Carter for their top tips to stay safe from scams online.

The Cyber team at Hunted HQ in Melbourne

Drawing on their formidable skills and knowledge across ethical hacking, digital forensics and open-source intelligence, here’s what these CyberCX experts had to say:

• Have a strong and unique password for each website or application – It’s tempting to use the same or similar passwords to save time. But really, this only makes it easier for scammers once they have access to one of your passwords. To best protect yourself, use different passwords for every account, don’t base this on any public information about yourself (like your children of your favourite sports team), and use longer passwords in favour of complex ones.

• Use a password manager to store your passwords securely – The easiest way to have a strong and unique password for each website or application is to use a password manager. Consider also disabling password auto-fill to minimise the risk of credential compromise.

• Implement multi-factor authentication (MFA) wherever it is available – MFA essentially creates a second layer of security when logging into an application or website. While MFA can come in the form of an email or an SMS, an authentication app should generally be the first choice. While a scammer might get your password, they still have to pass the second hurdle of MFA, making it significantly harder for criminals to use your credentials.

• Log out of websites and applications when you are finished using them – Logging out of your accounts when you’re not actively using them might feel like an extra burden when using social media, but it makes it harder for criminals to impersonate you or access your personal information if they have physical access to your device. Logging out of your accounts is also essential when you are using a shared computer.

• Double check when making payments to new accounts – Threat actors will commonly attempt to monetise compromised email accounts by manipulating invoices or bank details so that victims deposit payments into an account controlled by the scammer, not a legitimate business. A quick phone call to double check these details can ensure your payment arrives where intended. With email compromises remaining a common threat to businesses and individuals, it’s best to avoid sending sensitive information via email altogether.

• Do not open emails, messages, or take phone calls from people you don’t know – Between July and December last year, 88 per cent of data breaches involved contact information, such as individual’s names, home addresses, phone numbers, or email addresses.[3] Scamwatch also found that the clear majority of reported scams come from phishing attempts.[4] For cyber security experts these statistics reinforce a clear message: do not open emails, messages, or take phone calls from anyone you don’t know, and never, ever click on suspicious links. Spoofing – where an email or phone call appears to come from a legitimate source – is also a common tool in the scammers’ arsenal, so always think about what you are being asked for carefully.

• Don’t trust someone just because they have some of your personal information – With millions of Australians exposed to data breaches in the past few years, increasingly your personal information can be scraped from the dark web and presented back to you by scammers seeking to gain your trust. However, CyberCX’s open-source intelligence experts will also tell you that scammers can find out a lot about you from social media and Google.

• Never provide passwords or other security information over the phone, SMS, or via a provided link – Legitimate banks and telecommunications companies won’t ask you to verbally provide your password over the phone. Nor will they ask you to do so by reply text message or by clicking on a link they send you.

• Update your device’s software and security – Always ensure your device is running the latest version of its operating system, and that you have anti-virus software enabled and up to date.

• If in doubt, hang up – If you are speaking to someone on the phone and it feels suspicious, hang up and re-establish the correspondence through different means. If you were speaking to a friend, contact them via a different platform. If you were speaking to your bank, call them back on a legitimate number from their website.

CyberCX’s Jason Edelstein and Carter Smith in action at Hunted HQ

For more information on scams and staying safe online, check out these helpful resources:

• Australian Cyber Security Centre: Spotting scams
• Scamwatch: Protect yourself

You can also catch Jason, Vikki, Jay, and Carter demonstrating their expertise on the Hunters Cyber team in Hunted Australia season two on Ten Play here: https://10play.com.au/hunted

Authors: Jason Edelstein, Vikki Grouios, Carter Smith, Jay Banerji

[1] Australian Bureau of Statistics – 13.2 million Australians exposed to scams – February 2023

[2] Office of the Australian Information Commissioner – Notifiable Data Breaches Report: July to December 2022

[3] Office of the Australian Information Commissioner – Notifiable Data Breaches Report: July to December 2022

[4] National Anti-Scam Centre – Scamwatch: Scam statistics

We are hiring! CyberCX currently have open offensive roles in penetration testing, adversary simulation, and AppSec for Australia and New Zealand. If you are interested in working with the largest and most capable team in the region in a fun, rewarding, and challenging environment, please send your CV to [email protected]