Cautionary tales of online fraud

Cybercrime is becoming an increasingly sophisticated ecosystem of activity. In fact, according to recent data, if the profits of cybercrime were measured as a country, it would be the third largest economy in the world after America and China.

Scammers are constantly finding new ways to deceive people out of money and personal information. In this article, we explore the cautionary tales of the top five scams Aussies fell victim to in 2023.

• The investment scam
• The romance scam
• The false billing scam
• The phishing scam
• The job scam

The investment scam

Tech enthusiast Tom has about $15,000 in savings for a rainy day. Obsessed with the latest updates on Silicon Valley start-ups and crypto news, he is regularly poring over investment blogs and forums for news.

One day, Tom sees a post about a ‘guaranteed’ cryptocurrency investment opportunity, promising high returns with minimum risk. After reading testimonials of success from other supposed backers, Tom decides to invest $8,000 from his rainy-day fund.

Two days later, Tom visits the site to see how things are going. The website is no longer available, and a 404-error message keeps popping up. Tom checks his account; his money is officially gone.

The lesson: if an offer is too good to be true, it almost always is.

What are the warning signs of an investment scam?

Some red flags to look out for include:

• false advertising, which might include fake celebrity endorsements and testimonials
• pressure to invest now, instilling a fear of ‘missing out’ if you don’t act quickly. Promises of a guaranteed return on investment
• obscure payment options like gift cards, wiring money abroad or to a personal account, or offering to assist with opening a cryptocurrency wallet

What can you do to protect yourself from an investment scam?

While we don't want to rain on your parade, if the returns on an investment seem too good to be true – they probably are. Before diving headfirst into any fast-moving investments, do your research. A simple Google of the brand or company can sometimes be enough to work out whether something is legitimate, or you can check the company you’re looking at is registered with the appropriate regulators and holds all relevant licences and credentials.

Don’t provide any personal details over the phone. Instead, contact the business directly to ask questions about the opportunity to understand if it’s legitimate.

The romance scam

Freelance graphic designer Anna lives alone and works remotely. She decides to give online dating a go and connects with ‘James’, an Australian man who claims to be working overseas.

After several weeks of heartfelt conversations, James asks Anna for financial help. You see, he needs to fly to Australia to see his sick grandmother, but his money is tied up internationally and he can’t access it right now. Plus, with a flight home, the two might also be able to meet. Swayed by her feelings, Anna sends him the $3,000 for his flight.

The next morning, Anna wakes up to find no regular morning text from James. She clicks on his social media profile, but the username no longer exists. Putting two and two together, Anna frantically calls her bank.

The lesson: don’t put your full trust in someone you’ve never met.

What are the warning signs of a romance scam?

While online dating is all about spotting red flags early on, here are some more to consider, beyond whether the banter is good or not:

• A suitor only has a few photos on their profile, with most images looking like model/glamour shots.
• Fast-moving declarations of love or affection.
• Often claim to work away, either serving in the military, on an oil rig or mine, or are a celebrity.

What can you do to protect yourself when online dating?

It’s important to be careful with what you post online and what you choose to make public on your social media accounts. What you publicly share of your personal life can be used by scammers to better understand you. Some other things to be careful of when online dating include:

• Avoid sending money or gifts to a romantic interest you haven’t met face to face before.
• Try to approach any situation with rational decision-making, no matter how caring and affectionate the person comes across.
• Be wary of any inconsistencies in stories, for instance if they tell you they’re an only child, and then mention their ‘brother’ or ‘sister’ in another conversation.
• Talk to someone you trust about your new love interest and pay attention if your friends or family express their concern.
• Google their name and pictures to see if their details have been used elsewhere or check online for stories they may have shared to verify any information they’ve given you.

The false billing scam

University student, Liam, recently moved out of home for the first time with two mates. Liam set up the house’s internet when they moved in, so his name is on the account.

One afternoon, Liam receives an urgent text from the apparent internet provider claiming a $200 set-up fee is now overdue. There’s a link to settle the bill immediately. Not wanting to interrupt the house’s Wi-Fi connection and stressed that he’d missed a step when connecting the service, Liam quickly clicks the link and enters his credit card details to settle the bill – he’ll tell the boys about it later.

After hitting pay, Liam goes back to the text message and notices a couple of spelling mistakes, the text came from a different number too. Only after paying in a rush, does he realise he’s been scammed.

The lesson: take a beat before responding to urgent bills.

What can you look out for to spot a false billing scam?

False billing, or a business email compromise, sees a scammer impersonating or intercepting the email account of a trusted business. Some tell-tale signs you may have been approached by a scammer in this instance:

• The request for payment comes with a sense of urgency, or unusual payment method like wire transfer or gift cards.
• The email address the bill is sent from might look a bit different to the business’ legitimate contact details, or there might be spelling errors in the body of the email.
• The bill includes ambiguous fees or vague descriptions, with unexplained charges.

What can you do to protect yourself from a false billing scam?

If you ever receive an ‘urgent’ email for a bill you don’t recall or a charge you don’t recognise, the best thing you can do is contact the provider directly.

This is helpful on two fronts – firstly, you will be able to verify whether the charge is fraudulent, and secondly, if the provider's information has been intercepted, it will help save other people from falling victim too.

The phishing scam

Business owner and parent, Prue, checks her emails over breakfast one morning to see an ‘urgent’ message from her bank.

It alerts her to suspicious activity on her account, with a link so she can verify her identity. Concerned, Prue taps the link and immediately provides her bank account’s login details and phone number. She thinks the URL looks a bit strange but doesn’t give it much thought.

Later that day, Prue goes to pay for the weekly grocery shop, but her transaction is declined. She opens her banking app to see multiple unauthorised transactions from her account, that have drained all the funds.

The lesson: if it walks and talks like one, it’s probably a phish.

What are the signs you have received a phishing email?

• The message is sent from a public email domain. Legitimate organisations will typically not send you emails from a free webmail service.
• The domain name is misspelt.
• The email is poorly written.
• It includes suspicious attachments or links.
• The message creates a sense of urgency.
• The messages asks you to log in to your bank account.

What can you look out for to check if you’ve received a phishing email?

Here's a phishing checklist you can run through next time you receive an email that looks a bit suspicious:

• Do you know the email sender?
• Are there any attachments?
• Does the email request your personal information?
• Are there spelling or grammatical errors in the email?
• Does the email address you by your name, or do they use something generic like, ‘customer’?
• Does the email have any links? And if so, when you hover over the link does the URL look legitimate?

If you receive an email from a business or company you already have an account or relationship with, and it contains any of the above elements – contact that business directly before providing any further information.

The job scam

Charlie recently graduated from his business degree and is eagerly job hunting when he sees a remote marketing position offering a high salary and flexible hours.

Charlie breezes the interview, and the ‘employer’ offers him a job on the spot, with one condition: they require a one-time payment of $500 for training materials to help set him up for remote work. Charlie isn’t sure if this is normal but he is keen to get started, so he borrows his dad’s card to pay the $500.

After a few days, Charlie hasn’t received the materials or any confirmation of his payment. He emails the hiring manager to check in but the message fails. After no luck calling the business number, Charlie discovers the job posting was a scam, and he’s just lost $500 of his dad’s money.

The lesson: be cautious of a job that asks you to pay them.

How can you identify and avoid a job scam?

• Look out for promises of ‘easy money’ or benefits that seem unrealistic.
• Be cautious of receiving a job offer for a role you never applied for.
• Never share sensitive, personal information (bank details, passwords, payment for ‘background checks’) without verifying whether the offer is legitimate.
• Be wary of poor grammar or communication that lacks proper formatting or feels rushed.
• Steer clear of job offers from email addresses that don’t use a company domain, instead having a generic ‘@gmail.com’ or ‘@yahoo.com’.
• Never pay for a job opportunity, training, or background check.

We’re here to help

BOQ's dedicated Fraud and Scam Operations team helps protect customers against fraud and scams or recover funds if customers fall victim. We want to make everyone more aware of scams, and how you can protect yourself.

If you want to keep informed on the latest trending scams, or want to report fraudulent activity on your account, visit our Scams and Fraud assistance page for more information.

Fraud and scams assistance