In 2021-22, 11% of Australians experienced one or more types of personal fraud – an increase on the 8.5% reported in 2014-15. Australians remain a prime target for fraudsters, meaning the risk of a fraud event occurring to you or a loved one is relatively high.
“These criminal syndicate groups tend to target more affluent nations,” says Macquarie Bank’s Head of Financial Crime Intelligence, Stephen Cottell.
“There's a general perception that Australians are both affable and affluent people,” he said. “It's almost like a ‘Robin Hood’ mentality."
1. Scams and fraud: understanding the difference
Although the terms ‘scam’ and ‘fraud’ are sometimes used interchangeably, there is a subtle but important distinction between the two.
With a scam, the victim is persuaded to hand their money or information over themselves, typically without any involvement or intervention from their bank, financial institution or trusted professional. An example of this includes an investment scam, in which the scammer lures their victim in with the promise of guaranteed or above-average returns. Unfortunately, it can be difficult to recover funds after they have been stolen. Visit our scams reference guide to learn more about common scams to watch out for and tips on how to avoid them.
Fraud, on the other hand, often occurs without the victim knowing, and with no willing involvement on their part. Victims of fraud can often apply for recovery assistance from their bank or financial institution, though it’s highly dependent on circumstance.
2. Three common types of fraud in Australia
Fraudsters need to get a hold of their victims’ banking or personal details to access their finances and siphon their savings. While there are several ways this can be done, the below includes some common types in Australia.
- ID takeover - ID takeover is the name given to instances where fraudsters capture enough of their victims’ personal information to, for example, open accounts or access credit facilities in the victim’s name – without their knowledge.
- Account takeover - Similar to ID takeover, account takeover attacks involve fraudsters taking control of legitimate accounts, using usernames, passwords or other information they have stolen to gain access.
- Card fraud - One of the most well-known types of fraud, card fraud involves someone using your bank or credit card details to make unauthorised transactions. While most people think of card fraud as the result of theft or skimming, fraudsters can also use malware and social engineering to obtain your card details.
3. Key warning signs of a fraud event
Despite their best efforts, fraudsters struggle to completely cover their tracks – ultimately, suspicious and unauthorised activity is noticeable. Knowing what to watch out for can make it easier to spot and stop fraud from occurring.
Unexpected charges on your accounts
Fraud ends with money being stolen, which will result in unexpected or unfamiliar charges appearing on credit card bills or bank account statements. Regularly reviewing your bank statements and familiarising yourself with your usual transactions and payees will help you identify fraudulent transactions.
Pushy behaviour
Though commonly associated with scammers, fraudsters may also use high-pressure tactics to get personal and financial information from their targets. Financial services professionals, for example, will generally never try to force abrupt decisions or become aggressive with their customers. This kind of behaviour is a strong indicator that something is wrong.
Unusual activity or instructions
Small changes in the way a bank contacts you are a reliable signal that something is amiss – and that you’re the target of a fraudster, or even a scammer. This could include using email addresses, phone numbers, or web URLs which don’t match with the details available online or in previous interactions, or a bank using an unconventional messaging app to get in touch
4. How to handle suspected fraud event
While not everyone has fallen victim to fraud, Cottell says it’s likely almost every Australian adult has at some point been a target – with many not even realising.
“Everyone should be aware they could be targeted – that is the scale of the problem,” he says. “It's very hard to find somebody that has not had at least a brush with fraud or a scam.”
Australians can protect themselves before, during, and even after a fraud event. These four steps can help you avoid becoming a fraudster’s next victim.
Creating a unique and strong password for each of your online accounts – including email, social media and banking – is vital to keeping fraudsters at bay. A password manager may support you with this.
Remember, once a fraudster has successfully logged into one of your accounts, they may try the same username/password combination on all your other accounts to see what else they can access.
Further, limit the amount of personal information you have publicly available – many Australians list their birthday on their social media accounts, for example, which is often a security question asked by banks and financial institutions.
Also, try not to keep any important identification documents (such as scanned copies of your passport or birth certificate) saved in your email account either. Leaving sensitive documents in these accounts gives fraudsters an opportunity to steal your identity.
Finally, though it might seem obvious, never share your password with anyone or store it in a place others can find it.
- Independently verify claims
If someone claiming to be from your bank or telco is asking you to do something unusual or suspicious, always take a moment to independently verify what they’re saying. Source the organisation’s correct contact details through the web (don’t trust details supplied by your suspicious connection) and reach out to ensure everything is above board.
Most Australian banks now offer two-factor authentication services on their accounts, which does what the name suggests – it requires two types of authentication before certain account activity occurs. For example, you may require two-factor authentication when a new payee is added to your bank account.
Often, two-factor authentication relies on text messaging, such as your bank sending you a unique code that you can use to confirm legitimate activity. However, texting is not entirely secure, as phone numbers can be ported – effectively, hacked – by a criminal.
Apps such as Macquarie Authenticator don’t rely on text messaging. Authenticator is linked to your Macquarie digital banking, prompting you to either approve or deny account activity, including payment. It monitors your accounts 24/7, even when travelling or with no mobile reception. This additional layer of security is an important one, allowing you to block fraudulent activity in real time.
Whether or not your money was taken by a fraudster, reporting what happened is usually the most sensible last step. Notifying your bank and the ACCC’s Scamwatch could not only help you get any lost money back, but the information you provide can help authorities catch fraudsters and protect other Australians.