The crucial lines of defence against scams and cyber attacks
“If you ever receive a message that doesn't seem accurate or correct, always take additional steps to validate it before you do any of the actions being requested of you,” – Jess Bottega, ANZ’s Fraud Analytics Senior Manager.
Data security has never been more important for consumers and businesses. As more and more activities are conducted online, the scale of the threat and the need to be vigilant has increased exponentially.
Worldwide spending on information security and risk management technology and services was forecast to jump 12.4 per cent to $150 billion last year, according to research firm Gartner.
ANZ is increasing its investment and focus on this area, working to educate retail and business customers on how to manage the threat and what to look out for.
The bank must ensure it can protect its systems, networks and data from digital attacks, according to Jess Bottega, ANZ’s Fraud Analytics Senior Manager. However, everyone can benefit from putting cyber security protocols in place because cyber attacks can take many forms and have far-reaching consequences for consumers and businesses.
Once cyber criminals have obtained compromised information or data from a customer, they can use it for several purposes including identity theft, Bottega said. This can include opening accounts fraudulently under a customer's name or carrying out what is known as “social engineering”.
“A cyber security attack can result in anything from identity takeover, social engineering or the loss of important and personal information like family photos, passwords or log in credentials,” Bottega says.
“Social engineering is using the information they've obtained to emotionally manipulate a customer into providing information or doing a transaction on their behalf.
“Once these cybercriminals have access to this information, you may start to see that you receive an influx of calls from seemingly legitimate companies like the Australian Taxation Office, NBN, Amazon, asking for additional personal information so that they are able to commit identity fraud through the banks.
“When we think about cyber security from a business aspect, businesses heavily rely on cybersecurity measures because of the way and the nature that they work with data. And an incident can have devastating impacts on their businesses and their customers.”
The most important thing consumers or businesses should do is to remain vigilant to receiving unsolicited or unfamiliar phone calls or emails, Bottega says. This may include getting notifications from your bank that seem suspicious or unfamiliar transactions on your bank statements.
“If you start to see things like your social media accounts being opened or people contacting you out of the blue in relation to something that may not make sense, it may mean that someone's obtained some of your personal information from somewhere,” Bottega says.
Luckily there are some easy and common-sense tips consumers and businesses can follow to help keep their data secure. The first thing people need to be aware of is they're the first line of defence, she says.
Here are some steps Bottega says will help customers better protect themselves against scams and cyber attacks.
Passwords and two-factor authentication
We recommend regularly changing your password and not having the same password across multiple platforms. A lot of services today, such as your social media or your email account, also allow for you to register for two-factor authentication. That means is if there is an unfamiliar log in from somewhere you haven't seen before, you can be sent a code to authenticate yourself.
This creates an additional layer of security if someone was attempting to access your social media or your email using the password only. You would receive that notification and know your password had potentially been compromised.
Anti-virus software and privacy settings
One thing people forget about is installing antivirus software. This software provides a significant amount of protection from suspicious malware both on mobile devices and laptop computers.
We also recommend keeping privacy and security settings locked down on social media. Given the information we share on our social media these days, it's important to keep that restricted and not open to the public. We want to prevent someone viewing your social media account and obtaining information that may help them commit fraud.
Suspicious phone calls, texts, emails
Be aware you may be contacted via the phone or email or even social media from scammers looking to elicit additional information. Recently we have seen an increase in the so-called "Hey Mum" scam.
This involves a customer being contacted by someone claiming to be their child and advising their mobile phone has been damaged or lost and asking for money to be transferred. If you ever receive a message that doesn't seem accurate or correct, always take additional steps to validate it before you do any of the actions being requested of you.
If you do receive a call from a company, the best thing to do if you are unsure is to hang up and call the number listed publicly on that company's website.
This will ensure you're speaking to the right person before you give out any personal information. It's really important to also regularly check your bank accounts. If you see any unfamiliar or suspicious activity, contact your bank immediately.
Check credit reports
Consumers are entitled to regular copies of their credit report. You can use this to identify if someone has applied for lending products in your name, which is a key indicator of identity fraud. If that has happened, contact the bank in question for more details.
Business email compromise
If you are a business keep an eye out for any unfamiliar emails advising you account details may have changed. Scammers often hack into the emails of legitimate companies and then send customers emails with new account details to transfer the money. Always pick up the phone and contact the company you're paying to make sure that email is accurate and their account details indeed have changed.
Locking down cyber threats