By now you’ve probably seen the headlines. It’s all over the papers, major websites and nightly news. There’s an epidemic of text message scams impacting innocent Australians.
You might have seen one. You might have even received one. And I dearly hope not…but you might be a victim of one.
These are deceptive and ingenious scams. And let’s call this what it really is; a cyber attack.
If you’re not up to speed with this disturbing cyber attack, then you will want to read this before it’s too late.
How the scam works
What’s happening is you receive a text message with a link. This link genuinely appears to be from your bank. It’s incredibly hard to see that it’s what we call a ‘phishing’ attack (I’ll explain ‘phishing’ in a moment).
When you click on the link it opens a webpage. This webpage has a brilliant design. Now this is a scam, but the detail and effort taken to make these fake websites look legit is impressive. It shows you the lengths cyber attackers will go to, to fleece you of your money.
Anyway these websites you go to are fake. There is only one way to tell the website you go to is different from a real online banking log in.
It’s all in the URL. Now the URL is the webpage address that lives in your web search bar.
Often you only see the shortened version of a URL. Or just the name of the site.
For example if you go to CBA’s Netbank in Safari (Apple’s internet browser) all you see is ‘Commonwealth Bank of Australia’ with a little padlock at the start of it.
But if you click on the name — the URL — at the top of your browser, you will get the full length version of the URL. In the case of Netbank, the full URL is, https://www.my.commbank.com.au/netbank/Logon/Logon.aspx
NOW THIS BIT IS IMPORTANT
Take note, the URL above is what a real internet banking URL looks like. You should go to your real online banking login, it doesn’t matter which bank you’re with.
Do it right away. Open a new browser, go to it, and click on the URL. Have a look at what a real online banking URL looks like. You might even want to copy it and paste it somewhere. Whatever. Just get familiar with what a legitimate URL looks like.
What this will help you do is to identify any malicious URL sites that you might inadvertently go to. They will look different to this — it’s hard to predict exactly what they’ll read like, but it will be noticeably different.
It’s one of the most basic and simple ways to know if you’re on a malicious website that’s trying to ‘phish’ your crucial security details from you.
Now this leads me to ‘phishing’.
What is Phishing?
Phishing, whether by email, text message or even physical mail is designed to take you to a fake site where you enter your security information. The moment you type in a box the site records your keystrokes. Then you’re a victim. It’s that easy. You don’t even need to click or hit enter. Most of these fake phishing sites use what’s called a ‘keylogger’. That way all you have to do is type and the cyber attacker has your details.
If you have got one of these text messages do not go to the link. But if you do go to the link accidentally, then just click on the URL have a look at the full URL and see if anything looks suspicious or out of place. And if you’re ever in doubt then do not follow the instructions — EVER!
Your bank will never actively ask you to log into your internet banking. They will never actively call you and ask for all your security information. If they do, hang up and you call them back. It’s never rude to say ‘no’ to someone asking for crucial security details over the phone or via text message.
When you’re dealing with your finances or banking here’s the number one rule to follow.
You initiate the first contact — always.
If your bank calls you and asks for any security information, say NO. Ask for a reference number then you call them back. If they say they don’t know what you’re on about, then you’ve avoided being scammed.
If you ever get a text message from your bank asking you to do something, DON’T DO IT. You call them and ask what it’s in reference to — if they say they don’t know what you’re talking about, then you just avoided being scammed.
Apply these simple rules to your online activity and you’ll go a long way to staying safe online. Don’t be a victim. Be your own online champion.