Hook, line and sinker: What happens when you're 'phished'
Advertisement

Hook, line and sinker: What happens when you're 'phished'

Years of laughing at my mum for sharing fake Coles surveys on Facebook and clicking on suspicious links in emails from "Telkstra" have blown up in my face.

I’m a Gen Y who was fortunate enough to ride the information technology wave from the very beginning. Ever since age five I’ve sat atop my microchip throne laughing maniacally as every new virus and phishing scam scraped all it could from the less computer-literate members of society.

Spam is a daily occurrence.

Spam is a daily occurrence. Credit:Hamish Hastie

I’ve always taken pride in my ability to navigate the dark and murky areas of the internet. Those same areas make my baby boomer parents and their friends shiver every time they switch on their computer.

But my bulletproof digital confidence has been shattered by an ever-evolving digital underworld and my smugness has turned into empathy.

Advertisement

It’s time I made a confession.

About 18 months ago I fell for a phishing scam and it’s been a pain in my arse ever since.

For those unaware what phishing is, the Australian Competition and Consumer Commission’s Scamwatch describes it as: “Attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers."

This includes dodgy emails, text messages, phone calls and even scam websites masquerading as well-known government organisations or brands.

The latter is what finally got me.

One Saturday afternoon early last year I decided to conduct some research into sound bars. The first thing I did was punch "JB Hifi" into the Google machine.

I clicked the first link under the Google ad section that always appears above actual search results because it read: "JB Hifi Electronics."

Instantly I was taken to a site that looked exactly like the normal JB Hifi site, yellow and black everywhere with the usual products for sale.

Before I could click anywhere a very professional looking text box appeared, asking me whether I would like to do a consumer habits survey to go into the draw for a chance to win a $500 voucher.

Alarm bells rang but they were muffled. I thought to myself;' "I clicked an ad on Google and the site behind this text box is definitely the JB Hifi site. Retail is struggling so it makes sense they might want to know more about their customers' spending habits."

Without much more thought I clicked the link. I have been questioning my intelligence ever since.

I filled in my name, phone number and email and completed a few questions until I got to the end of the survey.

This is where I got real dumb.

At the end of the survey there was no mention of how I would hear if I won the voucher; so I filled in the survey four more times. I’ll accept any and all online vitriol for this.

I finally decided to abandon the survey and click through to the site. This is when it dawned on me that I’d been had.

The site wasn’t a site at all but rather a very high-resolution screenshot of the actual JB Hifi website.

My heart sank and within minutes I started getting my first text messages and emails.

My details were on a scammer list and there was nothing I could do about it.

By the end of the week my email spam folder was chockers with offers of Ukrainian brides and penis-enhancement medication.

I’d received on average three calls a day from random numbers across the country and 10 text messages from people purporting to represent all manner of Australian businesses and government agencies.

The offending text messages from 'Australia Post'

The offending text messages from 'Australia Post'Credit:Hamish Hastie

I began blocking them systematically but 18 months later I’m still receiving the odd call here and there as my spam inbox grows ever larger.

My beloved email and personal phone number, which I’ve had since age 16, are dirty now and no matter how much I scrub them they’ll never get clean.

The biggest shock of all, and what prompted this article, came last week when I received three text messages from Australia Post offering me to, lo and behold, fill in a survey.

I’m hyper-aware of phishing communications and usually dismiss them without half a sniff but these texts arrived in the same message thread on my iPhone as actual Australia Post notifications.

If scammers can now appear alongside an organisation’s legitimate communications channel, then the record $340 million that Australians lost in 2017 from scams is going to keep blowing out.

Once your details are on the list there is nothing you can do about it, short of getting a new email address and phone number.

An ACCC spokesman told me once a scammer has your information people will often notice a spike in scam emails and messages because their information is often sold to other scammers.

"Due to the ‘fly-by-night’ nature of many scammers, it is extremely difficult for law enforcement agencies to track them down and take action against them," he said.

"This is further complicated by the fact that most scammers are based overseas."

The spokesman said scammers were able to appear as Australia Post in my text messages through a tactic called 'spoofing', but offered no insight into how this was done.

"It’s difficult to say in many instances how scammers may impersonate a number," he said.

"Scammers will often 'spoof' phone numbers to add credibility to their scam.

"Spoofing a phone number allows them to look like they’re a particular sender when they’re not."

An Australia Post spokeswoman said they were aware of the survey scam and advised customers to delete the messages.

"We will never ask customers to send an email containing any personal or financial information including any form of ID, passwords, credit card details or account information," she said.

I haven’t lost any money from my mistake and would never put my financial details on a site that I’m not buying ill-fitting clothing from, but this phishing attempt caught me hook, line and sinker.

It’s a cliché but prevention is the best cure so rather than laugh or sigh at someone struggling to sort dodgy from non-dodgy communications like I used to we should all help each other.

ACCC Scamwatch tips to avoid phishing scams:

  • Treat communications they receive with a healthy level of scepticism. If you can’t recall ordering something through the post, this should set off alarm bells that a scammer may be contacting you.
  • Educate yourself by visiting scamwatch.gov.au following @scamwatch_gov on Twitter and subscribe to Scamwatch radar alerts to keep up to date with advice for avoiding the latest scams affecting the community.
  • If you’re suspicious it always pays to contact the organisation directly through a contact you independently source yourself.
  • If you think you have given away financial information, contact your bank immediately to let them know.
  • Once a scammer has your email your best defence is to simply delete emails that look suspicious.

Hamish’s tips:

  • Don’t fill in dodgy online surveys.
  • Don’t fill in dodgy surveys five times in quick succession.
  • If you don’t recognise a number, Google it. You will generally find lots of complaints on reverseaustralia.com if it’s dodgy.
  • If it is a dodgy number, block it. Do this systematically and the calls will eventually stop coming.
  • Do the same for numbers you receive dodgy text messages from.
  • Check and double-check any internet advertising you hover your mouse over.
  • You can try and systematically block all the spam emails but they just keep coming. Just be thankful you have a spam filter and resist the urge to enlarge your penis.

Hamish Hastie is a Fairfax Media business reporter writing from the WAtoday offices in Perth. He was raised in Armadale in Perth's south east and covered the area for four years at the Examiner Newspaper before a stretch writing for the Chamber of Commerce and Industry WA's business magazines.