Fraud Watch

Stay informed

Fraud Watch is an initiative of the Credit Union aimed at keeping members in touch and up-to-date with the latest scams and financial crimes.

Here we will throw a spotlight on any emerging trends in financial crimes and provide you with access to the most up-to-date information about protecting your accounts and identity through our "Related Links" section.

You can also access a comprehensive list of terms, tips and tid-bits about common scams and how best to protect yourself from becoming a victim of cyber crime.

The best advice we can give you – is simply to stay informed.

"Spotlight" on Smartphone Security

Using your smartphone has become a popular and convenient way to access internet content while you are away from home. Unfortunately, this means your iPhone, Blackberry or other internet enabled mobile phones are increasingly being targeted by fraudsters wishing to gain access to your personal details. The below tips can help you keep the personal details you have stored on your smartphone safe and secure: 

• Never store passwords on your smartphone
Many people still try to hide passwords or PIN numbers within the body of text or phone numbers. However, despite how cleverly you may think you’ve concealed them, criminals know what to look for and where. It’s always best to commit these security details to memory and not record them anywhere this includes ticking applications that remember them automatically.

• Turn off tethering, Wi-Fi™ and Bluetooth when not in use
The most likely way your smartphone can be compromised is by downloading malicious software (malware) concealed in a file or application. Your Wi-Fi™ and Bluetooth™ are the entry point to your smartphone. When activated they are constantly scanning for other signals trying to connect – criminals can exploit this to send malware to your smartphone without your knowledge. Tethering also gives access to your computer, so if you don’t need to connect, switch them off and close the door.

• Only use  Wi-Fi™ hot spots that are reputable and password protected
If you connect to a shared Wi-Fi™ hotspot, you are completely dependent on the security of the host network. If the network is unsecured, fraudsters can hijack it, give their own network a similar name and fool you/your smartphone into connecting to theirs instead. Here they can spoof all kinds of websites and trick you into divulging your personal details.

• Installation of smartphone security software
Once you connect your device to the internet vulnerabilities from fake phishing sites as well as viruses increase. Today security software tailored specifically for smartphones is available in the marketplace. It is important though, as with your home PC, to keep protections and software up to date and current. Ensure you “Activate smartphone security settings and password protection” and familiarise yourself with the features of your smartphone.

• Programs that can remotely wipe data if you lose your smartphone are now available
These are useful to stop any personal data being accessed by persons who may misuse it. Find out how they work and how you can activate them.

• All smartphones have built-in security features…
Such as auto locking and password protection. While it may seem like a bit of an inconvenience at times, these physical security measures are your first line of defence in keeping your smartphone and your personal details safe.

• Don’t be tempted to ‘jailbreak’ your smartphone as this makes it vulnerable to malware
If you crack the manufacturer’s security on your smartphone, you not only make your warranty invalid but you make it much more vulnerable to attacks by cyber-criminals.

• Limit the amount of personal information on your phone
Criminals are interested in more than just your Internet Banking details. Any kind of personal information can be used to steal your identity and commit other kinds of fraud. They can apply for credit cards, personal loans – even mortgages, using your credentials. By being careful about the information you have stored on your smartphone you can protect your identity in case of theft or loss.

• Make sure you delete all personal details if you sell or discard your smartphone
If you sell or discard your smartphone, it’s crucial you delete all personal information first. This can include SMS messages, emails, photographs, contact details and Internet links. Criminals can use such information to commit fraud against you, or by pretending to be you.

• Never open attachments or download applications from untrusted sources
Criminals use infected documents and applications to spread their malware and compromise victims’ smartphones. Never open an attachment or download an application from a person or website that you don’t know or have doubts about.


Fraud terms, tips & tid-bits 

Click on the links below to learn more about common scams or go straight to the "Protect Yourself" section to find out the best ways to reduce the risk of becoming a victim of cyber-crime.

• Phishing
• Viruses (including trojans, spyware, zombies and worms)
• Spam
• Credit & debit card fraud
• Protect yourself:
  • Backing up your files
  • Running patches
  • Firewalls
  • Spam
  • Password security
  • Verified by Visa
  • Protecting your identity
    
    

Phishing

‘Phising’ is the latest form of online fraud. Most commonly, the term ‘phising’ is given to any email that entices the recipient to hand over personal details that could be used to access their personal information or accounts. The emails usually appear to be sent from someone you recognise or trust.

IMPORTANT INFORMATION: Queenslanders will NEVER ask you for your security information via email. If you receive an email, purportedly from Queenslanders, asking for confirmation of your personal details, contact us by phone immediately.

A phishing email may contain links that redirect you to the fraudster’s fake website. These websites can look identical to the real (i.e. legitimate) website.  These website copies are called “spoofed” websites, and often include identical logos, formatting and design elements.

Spoofed websites will prompt you to enter your account details, passwords and other identification – the “phisher” has then caught you! It may be weeks before you notice that anything is amiss with your accounts. You may then notice your account balance is lower than you thought, or your credit card statement has strange items charged to it. If this happens to you, notify us immediately.

IMPORTANT INFORMATION: Queenslanders will NEVER spontaneously email you a live link to any website.

Viruses

Viruses come in many different forms; however, they are all nasty programs that can infect your computer and cause chaos. Virtually all viruses and many ‘worms’ only spread once you open or run an infected program.

IMPORTANT INFORMATION: Never open any email attachments unless you were expecting them and you are aware of the file contents. If you are unsure about any file you receive either delete it or contact the sender to confirm the contents before you open it. Viruses can also be transmitted via software you download from the Internet, so make sure any software is legitimate and clean before you download it to your computer.

Email transmitted viruses

Copies of virus-laden emails are sent to everyone in your email address book. Recipients unwittingly infect themselves when they open email they think is safe because it comes from a familiar sender. The process then repeats.

Worms

Like a virus, a worm is designed to copy itself from one computer to another, but it does so automatically by taking control of features on the computer that can transport files or information. Once you have a worm in your system it can travel alone. Because worms don’t need to travel via a ‘host’ program or file, they can also tunnel into your system and allow somebody else to take control of your computer remotely. When new worms are unleashed, they spread very quickly and can clog networks.

Trojans

These are programs that appear to be useful, but instead compromise your security. Trojans cannot spread or reproduce by themselves but they can cause a lot of damage to their host computer. Trojans spread when people are lured into opening a program because they think it comes from a legitimate source.

Zombies

Once your computer has been turned into a ‘zombie’, it will spew out spam emails to hundreds and thousands of people. These emails can cost you a lot of money if you are on a broadband account which charges for uploads and downloads.

Spyware

This is unwanted software installed on your computer to gather information from your files without your knowledge. It usually enters your computer as a software virus or from the installation of unreputable programs. Unwanted software or spyware may make your computer behave strangely: you may see pop-up advertisements even if you aren’t browsing the Web or your Web browser’s settings may have changed. Spyware may not cause damage to your machine, but will scan for personal and confidential information such as sensitive business information or your credit card details.

Spam

Electronic junk mail. More than just annoying, Spam often contains viruses and other nasty material. Spam can be hard to avoid, but installing anti-Spam software is a great start. Many email programs have built-in filters that can help you separate Spam from the email you really want, or you can contact your Internet Service Provider (ISP) and ask for their help.

Credit & Debit Card Fraud

A crime involving the unauthorised use of your credit or debit card details in order to access funds from your card account. Your card could be compromised if it is lost, stolen, or used for payment on unsecure or fraudulent websites, so it pays to be vigilant about how and where you use and store your cards. ’Skimming’ is another way your card account can be violated – this is when the information contained on a card’s magnetic strip is illegally obtained – usually downloaded by criminals via the Internet – and encoded onto a counterfeit card. A skimmer device can be as small as a pager and can be worn on a person’s belt or situated beside a cash register (think of a tiny EFTPOS machine). One quick swipe is all that’s needed to copy your card’s details.

TAKE ACTION!

5 Quick Steps for protecting your accounts online:

1. Install virus protection and firewall software and update it regularly.
2. Don’t open email attachments from unknown sources.
3. Don’t install or run programs of unknown origin.
4. When not in use, turn off your computer or disconnect from the network.
5. Keep your operating system and all applications updated (known as “patching”).

(Source: Microsoft Corporation)

Protect yourself 

Regular computer maintenance is essential to a clean computer. Click on the links below to read more about:

• Backing up your files
• Running patches
• Firewalls
• Spam
• Password security
• Verified by Visa
• Protecting your identity
  

Backing up your files

Back-up your files on a regular basis to ensure important files and information aren’t lost in the event of a system corruption. The easiest way to do this is to burn your files to a CD using back-up software.

Patches

Make sure you update your operating system and software applications regularly. Software manufacturers attempt to fix problems with their products with small software programs called ’patches’. These patches are generally free to download. If you’re running Windows, go to Microsoft’s website and click on “Windows Update”, this will tell you what patches you need to install. If you’re running Macintosh OSX, click on “software update” in the “systems preferences” panel. This will check for available updates.

Firewall software

If you’re connected to the Internet you need Firewall protection – this is especially so if you are a broadband customer. Firewall software is a valve that only lets desirable traffic get through and stops any unwanted or malicious connections. Make sure you read the manual and set your preferences appropriately.

Virus Protection

The best protection is anti-virus software that attempts to trap viruses before they get to your computer. The software scans all incoming information looking for patterns or definitions that match known viruses. Anti-virus software needs to be kept up-to-date. Make sure you regularly log onto the manufacturer’s website and download updates.

Spam Protection

Keeping Spam at bay is essential to block viruses and phishing scams. Reputable anti-Spam software will detect possible Spam and move it to a separate file for you to later review. You can also subscribe to a Spam-trapping service. These services act as a filter, removing dodgy email before it gets to your inbox. Ask your Internet Service Provider (ISP) if it offers any anti-Spam filters.

Don’t reply or buy anything from Spam emails. Never contribute to a charity from Spam mail. Don’t forward chain email messages, as these may be hoaxes or even a virus delivery system. Plus you lose control over who sees your email address. Spammers also use chain letters to gather email addresses. To check on the legitimacy of a chain letter, visit the Hoaxbusters website hoaxbusters.ciac.org

It is also important to hide your email address from Spammers. When you sign up for free offers, order something online, or enter a contest, many Spammers will access and use these address lists. Here are some tips to help hide your address:

1. Set up an email address dedicated solely to Web transactions. There are many free mail services available. 
2. Only share your primary email address with people you know.
3. Disguise your email address – use a disguised address whenever you post to a newsgroup, chat room or bulletin board. For example: you could give your email address as [email protected] using “0” (zero) instead of “o”. A person can interpret your address, but the automated programs that Spammers use cannot. 
4. Watch out for checked boxes – when you buy things online, companies sometimes pre-check boxes to indicate that it’s fine to sell or give your email address to third parties. Un-check these boxes if you don’t want the company to contact you.
5. Review privacy policies – when you sign up for web-based services, review the privacy policy closely before you reveal your email address. The privacy policy will outline the terms and circumstances regarding if or how the site will share your information.

Password Security

• NEVER tell anyone your passwords or PIN.
• NEVER give your passwords or PIN to anyone.
• Memorise your passwords or PIN.
• Don’t use the same PIN for all your cards.
• Change your passwords regularly, say, every few months.
• Don’t use something obvious as your password, e.g. your surname, birthdate, spouse’s name.
• Don’t keep your password recorded near your account details or cards. Don’t record your password in an obvious place such as your wallet or address book.

Verified by Visa

Verified by Visa is a service that lets you use a password and Personal Assurance Message (PAM) with your Queenslanders Credit Union Visa card. Your password is as easy to use as your PIN at an ATM – and it means you’re the only one who can use your Visa card to make purchases over the Internet from participating merchants. For added security, your PAM confirms that you are connected to a legitimate website, and that your card is being authenticated by your credit union. For more information about Verified by Visa click here.

Credit & Debit Card and Identity Protection

• Protect your passwords and PIN using the rules above.
• Never respond to requests for personal information via email. If in doubt, call the institution that claims to have sent you the email.
• Visit websites by typing the URL into your address bar – never follow the links to a website from an email message.
• Check your statements and call us immediately if you see anything suspicious on your statement.
• Don’t let your card out of your sight at any time – when paying your bill at a restaurant, follow your card and keep it in your sight.
• Watch the cashier as they process your payment to ensure they don’t swipe it through any other device other than the EFTPOS machine.
• Card Skimming doesn’t only occur in Australia – be equally careful overseas.
• Always sign your card as soon as your receive it.
• Make sure your mailbox is secure or lockable.
• Tear up all credit card receipts and pre-approved credit card offers into small pieces before you throw them away. Keep your billing statements in a safe place.
• When using your card online, make sure you are using a secure website or have registered for Verified by Visa.
• If possible, don’t enter sensitive information while using a public computer at a library or Internet café. Make sure you log out of websites instead of just closing the browser window or typing in another URL. Don’t leave the computer unattended with sensitive information on the screen. Delete the temporary files and your Internet cookies.