Email scams rise 100%

26 February 2006

Credit unions across Australia have committed not to approach members asking for private financial details by phone or email following a 100% increase in fraudulent email approaches to Australians in just two years.

Leanne Vale, Fraud Prevention Manager with the Credit Union Industry Association (CUIA), said phishing emails, which aim to trick consumers into revealing their personal banking details, have grown from around 100 per month in December 2003 to around 16,800 per month at the end of 2005.[1]

“Your credit union will never ask for your password, pin number or personal banking details in an email, an on-line message or in an unsolicited phone call, so don’t hand them over to anybody,” Ms Vale said.

Emails which ask for these details – known as phishing – contain dangerous viruses which pass on any keystrokes you use – including your password and pin number – to the fraudsters who then clean out your bank account electronically.

“The fraudsters are not selective – they will raid your day-to-day account, retirement savings account or even access the redraw facility on your mortgage.”

Ms Vale said the best protection is to ignore any online or email message that asks for banking details – no matter how professional it looks.

“Many banks and credit unions are introducing measures to help beat the fraudsters. Using a mouse rather than keystrokes is also helpful,” she said.

“But regardless of the level of technological security, the best way to stay safe while surfing is to ‘slam the spam’. Phishing scams rely on someone taking the bait, so the best defence is delete any unsolicited emails without opening them.”

Ms Vale said the CUIA is working with a number of Federal and State/Territory Governments through the Australian Consumer Fraud Taskforce and the Australian High Tech Crime Centre to help credit union members combat crime and keep their money safe.

“Credit unions offer a different kind of banking which ensures that credit unions have an active role in educating their members about fraud, and are available to respond quickly in the event of fraud occurring,” she said.

Identifying phishing emails:

• They are not personally addressed to you, but rather to “Dear [bank] customer”.
• They usually have a sense of urgency, often saying that your account will be closed down unless you respond.
• They contain a link which looks like a link to your financial institution.

Top 10 tips to stay safe while surfing:

1. Never open an email if you don’t know who it’s from.
2. Delete any unsolicited emails without opening them.
3. Never click on a link in an email saying it is from your bank or credit union.
4. Never click on a link to your account or institution – always type in the “url” address yourself.
5. Turn off your broadband after use. Criminals use open bandwidths to exploit vulnerabilities in programs and to upload keyloggers.
6. Keep your firewall and security programs on your home computer up-to-date.
7. Don’t use public computers – even those at your local library - to do internet banking.
8. If you have used a public computer for online banking, delete the history in the browser immediately and empty the trash can straight away – don’t leave details for someone else to find.
9. If you’re out and about, and need to access your account, call your credit union and ask them to check your balance or transfer money for you, rather than risk your savings.
10. If you have any questions (or believe you may have already fallen victim to a phishing scam), contact your credit union or bank.

The CUIA and its members are participating in the Australasian Consumer Fraud Taskforce’s Scamwatch Campaign, which is national month-long campaign designed to raise community-awareness about scams and fraud prevention.

_________________________________________

[1] Based on figures used by the Australian Institute of Criminology

Leanne Vale is a former fraud officer with the Federal Police and now leads the fraud fighting efforts for over 130 credit unions across Australia. She is available for interviews and to provide a number of case studies about cyber-fraud activities.