It’s important to understand how fraudsters try to trick you.

Online fraud

Fraudsters place ads online that purport to be selling an item at a bargain price. In most cases, these "sellers" are located overseas, although they may pretend to be locals. Once you have paid your money to them, they disappear, and you cannot trace them or the transaction.

An example

You see a great car online that’s being advertised for half the market price. You try to contact the seller. They will only deal with you by email (because they're located overseas). You agree to buy the car, and they insist that you use Western Union to transfer the money to their account. Once the transaction has gone through, you don’t hear from them again.

What you can do

• Be very wary of goods that are priced well below market rates – particularly big ticket items like cars and boats.
• Never use a money transfer to pay for an item
• Make sure you speak to the seller on the phone, and wherever possible, don’t pay until you see the item in person.

You’ll find a lot more information about online scams at the ACCC’s scam-watch website: www.scamwatch.gov.au.

SMS scams

How it works

Fraudsters use SMS to trick sellers into paying fees into their account. They do this by pretending to buy an item, and then saying they’ve got fees or other costs that need to be covered by the seller before they can pay for the item. The seller pays for these "fees" and then never hears from the "buyer" again.

An example

You receive an SMS from a new buyer, who's really keen on the motorbike you've advertised on Tradingpost. They tell you that they’re located in Singapore, but they’re really keen on the bike and that they’ll pay for it by PayPal and have it shipped. After the deal has been struck, you receive a payment confirmation email – it looks like it's from PayPal, but it's actually fake. The email says that the payment will be cleared to your bank account when you pay an additional fee for shipping. It includes a link to make the payment, and insists on money transfer. You pay the additional fee, only to find that the shipping company was bogus, and your money has disappeared.

What you can do

• Tradingpost requires that all buyers and sellers are located in Australia. If you receive an SMS from a buyer outside Australia, call us immediately on 1300 138016, or email us at investigations@tradingpost.com.au
• Do not respond to SMS messages from international numbers.

Phishing

How it works

Phishing is an email scam. Fraudsters pretend to be from a trusted organisation, and send you an email often requesting that you verify your details, or log-in to check your personal information. They include a link that often closely represents the website of the organisation they’re impersonating. Once you enter your username and password, the fraudster will use this information to access your actual accounts.

Some emails contain a program that installs itself on your computer, and then records your passwords and user names as you access your legitimate accounts.

An example

You receive an email pretending to be from Tradingpost, asking you to update your details urgently. When you click on the link in the email, you’re taken to a website that looks just like Tradingpost, but in fact, is a fake. You’re asked to verify your username, password and credit card details. These details are collected by the fraudster, who uses them to commit other online crimes.

What you can do

To protect yourself from phishers:

• Don’t open attachments or follow links in emails from people you don’t know.
• If you receive an email from a bank or other trusted organisation, don’t click on the links in their email to verify your account details. If you believe there is a legitimate reason for you to log in, then open your browser and type their web address in directly.
• Don’t use the same username and password for many accounts

Remember, Tradingpost will never send you an email asking you to verify your details or log into the site.

Pharming

What it is

Like phishing, pharming uses a fake website to collect your details. However in this case, the fraudster redirects victims to the bogus site, even if they type the correct address into their browser.

What you can do

Make sure your virus software is installed and up to date. Many programs are able to detect bogus sites and warn you before you enter your username or password.

Malware

What it is

Malware is software that installs itself on your computer. Often it’s used to collect your username, passwords and other sensitive information, which it then passes on to an online criminal. Other times it might install a virus on your system that can spread to your friends’ computers. Malware is distributed by:

• Attachments in emails from someone you don’t know, or spam emails
• Emails from infected computers (these could be your friends’ machines)
• From websites that are often linked from emails sent to you
• Infected files that are shared or downloaded from the internet.

Often, this software works quietly in the background, so many people don’t realise they’ve downloaded it.

What you can do

• Make sure your anti-virus software is up-to-date
• Scan your system using anti-virus software regularly
• If you receive an email from a friend that appears odd or out of character, do not open any attachments
• Delete spam messages without opening them
• Never open attachments in emails from people you don’t know.

Bots

What they are

Bots are little programs that allow people to control your computer and use it for criminal purposes, such as sending spam and phishing emails, or hosting bogus websites. Computers that are controlled in this way are called “zombies”. Bots do not spread on their own. Usually they are installed by malware or a malicious website, or emailed from an infected machine.

What you can do

• Make sure your virus software is able to detect and remove malicious bots
• Scan your system regularly

Spam

What it is

Spam is electronic junk mail. It’s a common way to receive malicious software, and is primarily used by scammers to trick people into giving them money.

Often these messages offer something that’s too good to be true – lottery winnings, or large sums of money for helping the sender move funds out of their native country (see Nigerian 419 Scams). In many cases they purport to be able to sell drugs that would usually require a prescription (pharmaceutical scams), but are usually a front for a fake online pharmacy.

What you can do

• Rule one – if an offer is too good to be true, it is.
• Look for warning signs:
  • The subject title of the email has nothing to do with the products on offer.
  • The words in the email are spelt incorrectly or have apostrophes and spaces in the middle of the words. This is done to try to avoid anti-spam filters.
• Delete spam unopened, and under no circumstances click on any links or attachments.

Further reading

Scamwatch – this is the ACCC’s anti-scam website with lots of useful resources on the latest scams, and what you can do to protect yourself. http://www.scamwatch.gov.au/content/index.phtml/tag/Scamwatch/