Disclosure Statement: Durand Financial Services Pty Ltd and its advisers are authorised representatives of Fortnum Private Wealth Ltd ABN 54 139 889 535 AFSL 357306. General Advice Warning: The information contained within this website does not consider your personal circumstances and is of a general nature only. You should not act on it without first obtaining professional financial advice specific to your circumstances.
By Gavin Klose
This story is very dear to me.
I hope that it can help someone close to you avoid becoming yet another victim of these evil acts.
Across Australia, a huge number of scam thefts have occurred, thanks to online con artists’ latest ploy–the gift card scam.
This is a ploy so convincing that even hardened sceptics can be fooled, and, unfortunately, this is exactly what happened to somebody close to me–a retiree I’ll call ‘Paulette’ (not her real name).
Paulette had been receiving many obnoxious and even the occasional ransomware emails every day for over a year. They annoyed her, but she wasn’t really worried about them, so she ignored them.
However, her Internet service slowed down way past the point of annoyance. In retrospect, that decrease in speed may have been partly due to malware that found its way onto her computer. But at that point, all she knew was that she needed faster service.
She did what anyone would do–she called her Internet and email provider–Telstra Platinum–for help to restore her service to an acceptable speed. During the call, she mentioned that she had received some ransomware emails over the past few months. Telstra suggested she look into a faster computer and maybe a new email address.
Was it Telstra?
Two days later, she received a call. It was Telstra–or so the caller told her (Note, however, that the caller didn’t say he was from ‘Platinum Support’–the first red flag). The sympathetic caller instructed Paulette to open some links to give him remote access to her computer, so he could help her diagnose the issue.
It was then that the caller ‘discovered’ that she had about 8,500 “corrupt” emails. In reality, he probably was the one who had put these there in the first place!
Then, he said to her, ‘To catch these thieves, you’ll need to buy Google Play gift cards RIGHT NOW!’ He assured her that Telstra would reimburse her for her expense.
Though she was still in her night gown, he told her time was of the essence. He instructed her to get dressed and head out to the store to buy the cards. The call was made on her mobile and she was told to stay on the line throughout the entire process.
She thought this request a bit strange, but she believed that since he was from Telstra, he knew what he was doing. She first went to Target and bought dozens of gift cards whilst the call stayed live in her handbag.
The caller then asked her to provide the access codes on the back of each card. The caller said he needed more cards to make the sting happen, so she went to Woolworths, where they had higher-value Google Play gift cards.
Alert Woolies staff workers blow the whistle
It was there–at Woolworths–that an alert checkout worker stopped Paulette, warning her that she might be being scammed. This was the second red flag.
The con artist, though, had already warned Paulette that it was vital that she not tell anyone about what they were doing because, as he put it, ‘the hackers will know and the sting will not work.’ Since he had forewarned her to tell suspicious store workers ‘No, this is not a scam. I am buying these as gifts for my family’, that’s exactly what she said to the checkout clerk.
On her computer, the caller showed her (again, by his remote access) that Telstra had put money into her account. Later, the police told Paulette that deposits are easy for online thieves to fake.
Following this, she went to another Woolworths and bought more gift cards. Again, a staff member warned her that she might be the victim of a scam. She went back to the car, where the caller was again waiting for her to read out the access codes over her mobile phone. The caller told her to get some more.
So she went back in and made sure that the same staff member did not see her. Another staff member, however, warned her–but the adrenaline had kicked in, and she kept going. She felt convinced that this was a real sting operation. She felt as if she were on a secret mission.
Then the caller told her that he had what he needed for now so she asked him for a number to call him back on later. He provided her with a number that appeared to be from somewhere in Victoria (also easy for scam operators to fake).
When she called him back at the number he provided, no one answered.
That’s when the penny dropped. It was like somebody clicked their fingers, and she snapped out of a hypnotic spell.
Immediately, she called the actual Telstra Platinum support team. They confirmed that they had not called her. They warned her to call her bank and freeze her accounts immediately.
Which she did. While a bit shell-shocked, she visited with friends later that day. After she told them her story, they offered to go with her to the police station to report it.
Then, she contacted both Woolworths and Target. Only Woolies, however, took the situation seriously. In fact, they already had a procedure in place and made a report, providing the police with all of the access codes Paulette had provided the scammer with.
Her bank is conducting a full investigation and will do everything in their power to retrieve any other funds that the cyber-thieves may have stolen from her account.
Unfortunately, it is unlikely Woolies will be able to refund the cards because Paulette had already given them the access codes. Stunned, Paulette realised that she had been the victim of a scam–and she could do nothing about it.
Her money–many thousands–had gone into some black hole. Maybe even somewhere offshore. She’d likely never see it again.
Paulette isn’t alone.
Scams targeted Australians to the tune of $50 million in 2018
Phone and email scams skimmed more than 100,000 Australians out of over 50 million dollars in 2018 alone, according to Government statistics. As technology gets more sophisticated, unfortunately, so will scammers.
Whilst not isolated to just these, two groups seem to be particularly vulnerable to these scams—the elderly and millennials. Despite the latter’s Internet-savvy image, they are frequently targeted and fall victim to online scams according to the Government’s ScamWatch website.
How, then, can one defeat these shifty operators?
How to protect yourself from email and phone scams
Since scammers often impersonate their support team, Telstra has created a brochure to help customers detect scam calls before they start siphoning money. First of all, Telstra advises, they never call customers about disconnection or other issues. They always notify customers in writing about technical issues. Unless you are behind in payments, they will never ask for money over the phone.
Even if you do owe the company money, it’s a good idea to look up Telstra’s number on your own and call them directly. Scammers may try to impersonate Telstra’s collections department to prey on vulnerable customers.
Avoid scams with these common-sense phone tips
- Watch out for delays in calls: Offshore scammers often impersonate Australian phone numbers. These numbers can even appear to be local ones. If you hear a delay, hang up. It’s likely a scammer.
- Ask for their direct number: If you don’t hang up, ask for their direct number, including their extension. Tell them that you’re busy. Then look up the company’s real phone number and call it instead. Again, don’t redial the caller.
- Beware of requests to buy something, especially gift cards: If the caller asks you to buy a gift card or other merchandise, it’s a scam. Hang up and call the police.
- Beware of requests for remote access to your computer or financial information, such as bank account or credit card numbers: Never give your bank account or credit card information to anyone over the phone unless 1) you initiated the call and 2) you know the company to be legitimate. Never allow anyone you haven’t called first and verified access to your computer. If a caller asks for any of these things, hang up immediately.
- Be on the lookout for calls that claim to be from the police, the ATO, or other Government agencies: Scammers often threaten victims by claiming to be a Government agency. Don’t fall for it. Hang up and then call the real government agency.
- If callers put pressure on you or ask for secrecy: This is a huge red flag. Hang up and either call someone you trust or the police right away.
Stop scammers in their tracks with these email tips
- If an email sounds too good to be true or has other suspicious details: Don’t click anything in the email. Delete it immediately. If you click on anything in the email, it can activate malware (that can spy on your personal and financial details) or ransomware (that gives them access to your computer for extortion schemes)
- Check the email address carefully: Authentic email addresses from a company will end with the company’s brand, such as @telstra.com.au or @google.com. Be sure to double-check every letter. Often, a scammer will use something you might not notice, such as @gaagle.com or @telstar.com. If in doubt, delete it and email the actual company directly.
- Don’t fall for fake, official-looking logos: Logos and sender names mean little with today’s technology. Scammers can easily replicate official logos and names. Check the sender’s email address closely. If in doubt, contact the company directly.
If You’re a Scam Victim
Don’t wait—report any scam attempt immediately. Call your bank and your local police station. If you bought gift cards from Woolies or another store, contact them. They may be able to refund some of your money as long as you haven’t given the scammer your access codes.
Though it’s unlikely you’ll get your money back, you can freeze your bank accounts so that the scammers cannot collect any more.
If You’re Unsure Whether Something’s a Scam
- Look online for similar scams: If you suspect a scam, search online for the company’s name followed by ‘scam,’ such as ‘Google Play gift card scam,’ or ‘Telstra scam.’ If you get results, your email or call probably is a scam, too.
- Check website links carefully: As you sift through search results, make sure that those you click on have the brand name directly before the ‘.com’ or ‘.com.au’. Scammers often set up fake websites that mimic those of legitimate companies. For example, ‘crowdsupport.com.au’ is authentic, but ‘telstra.supportnumbersaustralia.com.au’ is likely a scammer. It gets tricky out there, so be sure to call someone you trust to double-check for you.
- Ask someone you trust: Call someone— like the local police or the company itself—to ask whether a call or email might be a scam. Believe store staff members when they advise you that you might have been taken in by a scammer. Never, never give gift card access codes to anyone in an email or on the phone. Google and Apple, too, provide excellent resources about scams involving gift cards.
- Review the Government’s ScamWatch updates: The Federal Government provides two superb sources of information. Their scam help webpage has a list of resources that can help you, while their news webpage reports news about possible new scams.
Be vigilant. Be suspicious. If you suspect something might be a scam, speak up.
It’s probably too late to retrieve Paulette’s lost money. But her experience can help you prevent this from happening to you—or someone you love.
Please share this advice with your loved ones.
Protect yourself, your friends, and your family today.