Sunday, November 30, 2014

Don't let the Gringe steal Christmas.

 With Christmas just around the corner, SCAMwatch is reminding consumers to watch out for scammers taking advantage of the Christmas rush to leave you out of pocket and a present. 

Online shopping can be a great way to purchase presents, but unfortunately scammers also like shopping online too – for victims. Scammers set up fake websites with offers on popular items at prices well below the normal going price. These websites can be easily mistaken for legitimate online retailers with sophisticated designs that look just like the real thing. They may even use a ‘.com.au’ domain name or fake Australian Business Number (ABN).  However, the deal will end up being too good to be true, with the scammer taking your money and leaving you empty handed with a gift that never arrives.

Another common scam at this time of the year is the fake parcel delivery scam, where scammers jump on the Christmas mail rush by emailing Australians pretending to be from a legitimate parcel delivery service such as Australia Post or FedEx. These emails, which may be personalised with your name and address, inform the recipient that they missed a parcel delivery at home, with instructions on how to retrieve the package attached to the email. 

However, it is an executable file (.exe) and once opened, will install ransom-ware on your computer. Ransom-ware is a type of malware that restricts access to the computer system that it infects, and demands a ransom be paid to the creator(s) of the malware in order for the restriction to be removed. Even if you pay the ransom, there is no guarantee your computer will be unlocked and you’re likely to be up for expensive repairs to your computer and the loss of your data.

Another variation of the scam is where the scammer will offer, for a fee, to redeliver a parcel that doesn’t exist. The ‘courier’ will offer to re-deliver the parcel at a convenient time if you pay a fee of $10 to $30 via wire transfer or credit card. If you transfer money, you’ll never see it again. If you give your personal financial details, you’re accounts have been compromised.

Don’t let online scammers dampen your festive spirit this Christmas. Whether you’re going online to buy a present or to the post office to pick one up, make sure that the business or courier is the real deal.

How these scams work


Fake website scams
  • While shopping online for Christmas, you come across a website selling products for great gifts.
  • The product will often be a popular item, such as a smartphone, tablet or camera, at a really cheap price.
  • The website may appear to be authentic, with a sophisticated design and content. It may even appear to be an Australian based business, with a ‘.com.au’ domain name and an Australian Business Number (ABN), which could have been stolen from a legitimate company.
  • When you go to pay for your purchase, the site only offers you to pay via money order or wire transfer, rather than a secure payment method.
  • If you go ahead with the ‘purchase’, you will never receive the product, or see your money again.
Fake delivery scams
  • You are contacted out of the blue over the phone or via email from someone posing as an employee from a legitimate parcel delivery service.
  • If you are contacted via email, it may look like the real deal, complete with a legitimate company’s logos and branding.  The sender may also claim to be from an authentic-sounding section of the company e.g. the ‘FedEx Delivery Department’.
  • The scammer will claim that they have been unsuccessful in delivering a parcel to you; however, for a small fee, redelivery can be arranged. The scammer will provide a range of reasons as to why the initial delivery failed, such as the parcel being too large or no one being home at the time of the delivery. The scammer will ask for you to pay the fee by handing over your bank account details, or by sending money via international wire transfer.  If you transfer money, you’ll never see it again.
  • Alternatively, consumers are told that they missed a parcel delivery at home and information on how to retrieve the package is attached to the email. However, it is an executable file (.exe) and once opened, will install ransomware on your computer.
  • Ransomware is a type of malware that restricts access to the computer system that it infects, and demands a ransom be paid to the creator(s) of the malware in order for the restriction to be removed. Even if you pay the ransom, there is no guarantee your computer will be unlocked and you’re likely to be up for expensive repairs to your computer and the loss of your data.

Protect yourself

  • If you come across a website with an offer that sounds too good to be true, it probably is.
  • If a shopping site only offers you to pay by money order or wire transfer, steer clear - it’s rare to recover money sent this way. Only pay via secure payment methods – look for a web address starting with ‘https’ and a closed padlock symbol.
  • Remember – these days, it’s easy for a scammer to create a professional looking website or email. Double-check the email or website (URL) address, look for grammatical errors (a tell-tale sign of a scammer!), and if you have any doubts, don’t do anything such as respond, click on an attachment, or purchase something – no matter how good the offer is.
  • If you are suspicious about a ‘missed’ parcel delivery, call the company directly to verify that the correspondence is genuine. Independently source the contact details through an internet search or phone book – do not rely on numbers provided.
  • Do not click on links or download files in emails you  receive out of the blue; especially if they are executable (.exe) files or zip files. These files are likely to contain malware.
  • Regularly back-up your computer’s data on a separate hard drive so this can be easily re-installed if your computer is infected by malware or ransomware.
  • If you think you have been scammed, contact your financial institution immediately. If the scammer has posed as a legitimate company, you should also report the incident to them.
  • No comments: