tag:theconversation.com,2011:/us/topics/scams-3085/articlesScams – The Conversation2024-02-25T19:05:30Ztag:theconversation.com,2011:article/2232992024-02-25T19:05:30Z2024-02-25T19:05:30ZSo, you’ve been scammed by a deepfake. What can you do?<figure><img src="https://images.theconversation.com/files/576658/original/file-20240220-24-qi0t3y.jpg?ixlib=rb-1.1.0&rect=92%2C115%2C3731%2C2283&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/deep-fake-ai-face-swap-video-2376208005">Tero Vesalainen/Shutterstock</a></span></figcaption></figure><p>Earlier this month, a Hong Kong company <a href="https://www.theguardian.com/world/2024/feb/05/hong-kong-company-deepfake-video-conference-call-scam">lost HK$200 million (A$40 million)</a> in a <a href="https://www.esafety.gov.au/industry/tech-trends-and-challenges/deepfakes">deepfake</a> scam. An employee transferred funds following a video conference call with scammers who looked and sounded like senior company officials.</p>
<p>Generative AI tools can create image, video and voice replicas of real people saying and doing things they never would have done. And these tools are becoming increasingly easy to access and use.</p>
<p>This can perpetuate <a href="https://theconversation.com/taylor-swift-deepfakes-new-technologies-have-long-been-weaponised-against-women-the-solution-involves-us-all-222268">intimate image abuse</a> (including things like “revenge porn”) and disrupt <a href="https://www.unswlawjournal.unsw.edu.au/article/disinformation-deepfakes-and-democracies-the-need-for-legislative-reform">democratic processes</a>. Currently, many jurisdictions are grappling with how to <a href="https://pursuit.unimelb.edu.au/articles/picture-to-burn-the-law-probably-won-t-protect-taylor-or-other-women-from-deepfakes">regulate AI deepfakes</a>.</p>
<p>But if you’ve been a victim of a deepfake scam, can you obtain compensation or redress for your losses? The legislation hasn’t caught up yet.</p>
<h2>Who is responsible?</h2>
<p>In most cases of deepfake fraud, scammers will avoid trying to fool banks and security systems, instead opting for so-called “push payment” frauds where victims are tricked into directing their bank to pay the fraudster.</p>
<p>So, if you’re seeking a remedy, there are at least four possible targets:</p>
<ol>
<li><p>the fraudster (who will often have disappeared) </p></li>
<li><p>the social media platform that hosted the fake</p></li>
<li><p>any bank that paid out the money on the instructions of the victim of the fraud </p></li>
<li><p>the provider of the AI tool that created the fake.</p></li>
</ol>
<p>The quick answer is that once the fraudster vanishes, it is currently unclear whether you have a right to a remedy from any of these other parties (though that may change in the future). </p>
<p>Let’s see why.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/voice-deepfakes-are-calling-heres-what-they-are-and-how-to-avoid-getting-scammed-201449">Voice deepfakes are calling – here's what they are and how to avoid getting scammed</a>
</strong>
</em>
</p>
<hr>
<h2>The social media platform</h2>
<p>In principle, you could seek damages from a social media platform if it hosted a deepfake used to defraud you. But there are hurdles to overcome.</p>
<p>Platforms typically frame themselves as mere conduits of content – which means they are not legally responsible for the content. In the United States, platforms are explicitly <a href="https://www.law.cornell.edu/uscode/text/47/230">shielded from this kind of liability</a>. However, no such protection exists in most other common law countries, including Australia. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/this-is-why-australia-may-be-powerless-to-force-tech-giants-to-regulate-harmful-content-169826">This is why Australia may be powerless to force tech giants to regulate harmful content</a>
</strong>
</em>
</p>
<hr>
<p>The Australian Competition and Consumer Commission (ACCC) <a href="https://www.theguardian.com/technology/2022/mar/18/accc-takes-meta-to-court-over-facebook-scam-ads-depicting-australian-identities">is taking Meta</a> (Facebook’s parent company) to court. They are testing the possibility of making digital platforms directly liable for deepfake crypto scams if they actively target the ads to possible victims.</p>
<p>The ACCC is also arguing Meta should be liable as an accessory to the scam – for failing to remove the misleading ads promptly once notified of the problem.</p>
<p>At the very least, platforms should be responsible for promptly removing deepfake content used for fraudulent purposes. They may already claim to be doing this, but it might soon become a legal obligation. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/the-accc-is-suing-meta-for-celebrity-crypto-scam-ads-on-facebook-heres-why-the-tech-giant-could-be-found-liable-179655">The ACCC is suing Meta for celebrity crypto scam ads on Facebook. Here's why the tech giant could be found liable</a>
</strong>
</em>
</p>
<hr>
<h2>The bank</h2>
<p>In Australia, the legal obligations of whether a bank has to reimburse you in the case of a deepfake scam aren’t settled.</p>
<p>This was recently considered <a href="https://www.supremecourt.uk/cases/uksc-2022-0075.html">by the United Kingdom’s Supreme Court</a>, in a case likely to be influential in Australia. It suggests banks don’t have a duty to refuse a customer’s payment instructions where the recipient is suspected to be a (deepfake) fraudster, even if they have a general duty to act promptly once the scam is discovered. </p>
<p>That said, the UK is introducing a <a href="https://www.psr.org.uk/news-and-updates/latest-news/news/psr-continues-to-take-bold-action-on-app-fraud-as-it-publishes-final-reimbursement-details-ahead-of-2024-implementation/">mandatory scheme</a> that requires banks to reimburse victims of <a href="https://www.latrobe.edu.au/news/articles/2023/opinion/making-banks-pay-for-scam-losses">push payment fraud</a>, at least in certain circumstances. </p>
<p>In Australia, the <a href="https://www.theguardian.com/money/2023/feb/01/australian-banks-should-reimburse-scam-victims-accc-and-consumer-advocates-say">ACCC</a> and others have presented proposals for a similar scheme, though none exists at this stage. </p>
<figure class="align-center ">
<img alt="Customers stand outside Australian bank ATMs" src="https://images.theconversation.com/files/576676/original/file-20240220-22-6n09mj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/576676/original/file-20240220-22-6n09mj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/576676/original/file-20240220-22-6n09mj.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/576676/original/file-20240220-22-6n09mj.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/576676/original/file-20240220-22-6n09mj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/576676/original/file-20240220-22-6n09mj.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/576676/original/file-20240220-22-6n09mj.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Australian banks are unlikely to be liable for customer losses due to scams, but new schemes could force them to reimburse victims.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/melbourne-australia-july-2-2017-unidentified-676982497">TK Kurikawa/Shutterstock</a></span>
</figcaption>
</figure>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/australia-can-learn-from-the-uks-experience-by-making-banks-pay-for-scam-losses-209585">Australia can learn from the UK's experience by making banks pay for scam losses</a>
</strong>
</em>
</p>
<hr>
<h2>The AI tool provider</h2>
<p>The providers of generative AI tools are currently not legally obliged to make their tools unusable for fraud or deception. In law, there is no duty of care to the world at large to prevent someone else’s fraud.</p>
<p>However, providers of generative AI do have an opportunity to use technology to reduce the likelihood of deepfakes. Like banks and social media platforms, they may soon be required to do this, at least in some jurisdictions. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/who-will-write-the-rules-for-ai-how-nations-are-racing-to-regulate-artificial-intelligence-216900">Who will write the rules for AI? How nations are racing to regulate artificial intelligence</a>
</strong>
</em>
</p>
<hr>
<p>The recently proposed <a href="https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6473">EU AI Act</a> obligates the providers of generative AI tools to design these tools in a way that allows the synthetic/fake content to be detected. </p>
<p>Currently, it’s proposed this could work through <a href="https://www.theverge.com/2024/2/13/24067991/watermark-generative-ai-deepfake-copyright">digital watermarking</a>, although its effectiveness is still being <a href="https://venturebeat.com/ai/invisible-ai-watermarks-wont-stop-bad-actors-but-they-are-a-really-big-deal-for-good-ones/">debated</a>. Other measures include prompt limits, digital ID to verify a person’s identity, and further education about the signs of deepfakes.</p>
<h2>Can we stop deepfake fraud altogether?</h2>
<p>None of these legal or technical guardrails are likely to be entirely effective in stemming the tide of deepfake fraud, scams or deception – especially as generative AI technology keeps advancing.</p>
<p>However, the response doesn’t need to be perfect: slowing down AI generated fakes and frauds can still reduce harm. We also need to pressure platforms, banks and tech providers to stay on top of the risks. </p>
<p>So while you might never be able to completely prevent yourself from being the victim of a deepfake scam, with all these new legal and technical developments, you might soon be able to seek compensation if things go wrong. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/tmFFd8fMqxk?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">With audio, video and image deepfakes only growing more realistic, we need multi-layered strategies of prevention, education and compensation.</span></figcaption>
</figure>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/australians-are-concerned-about-ai-is-the-federal-government-doing-enough-to-mitigate-risks-221300">Australians are concerned about AI. Is the federal government doing enough to mitigate risks?</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/223299/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Jeannie Marie Paterson receives funding from the Australian Research Council and the Department of Foreign Affairs and Trade.</span></em></p>Deepfake scams are on the rise – but can their victims claim compensation? The legal landscape is still developing.Jeannie Marie Paterson, Professor of Law, The University of MelbourneLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2239592024-02-21T01:15:23Z2024-02-21T01:15:23ZWhat ‘psychological warfare’ tactics do scammers use, and how can you protect yourself?<figure><img src="https://images.theconversation.com/files/576717/original/file-20240220-16-rxym6r.jpg?ixlib=rb-1.1.0&rect=84%2C30%2C4836%2C3326&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/stressed-out-broke-woman-checking-her-1844709379">christinarosepix/Shutterstock</a></span></figcaption></figure><p>Not a day goes by without a headline <a href="https://www.vice.com/en/article/qjvaym/people-share-worst-scam-stories">about a victim being scammed</a> and losing money. We are constantly warned about new scams and staying safe from cybercriminals. Scamwatch has <a href="https://www.scamwatch.gov.au/research-and-resources/tools-resources/online-resources/spot-the-scam-signs">no shortage of resources</a>, too.</p>
<p>So why are people still getting scammed, and sometimes spectacularly so?</p>
<p>Scammers use sophisticated psychological techniques. They exploit our deepest human vulnerabilities and bypass rational thought to tap into our emotional responses.</p>
<p>This “<a href="https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html">psychological warfare</a>” coerces victims into making impulsive decisions. Sometimes scammers spread their methods around many potential victims to see who is vulnerable. Other times, criminals focus on a specific person. </p>
<p>Let’s unpack some of these psychological techniques, and how you can defend against them.</p>
<h2>1. Random phone calls</h2>
<p>Scammers start with small requests to establish a sense of commitment. After agreeing to these minor requests, we are more likely to comply with larger demands, driven by a desire to act consistently.</p>
<p>The call won’t come from a number in your contacts or one you recognise, but the scammer may pretend to be someone you’ve engaged to work on your house, or perhaps one of your children using a friend’s phone to call you.</p>
<p>If it is a scammer, maybe keeping you on the phone for a long time gives them an opportunity to find out things about you or people you know. They can use this info either immediately or at a later date.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-risky-is-it-to-give-card-details-over-the-phone-and-how-do-i-reduce-the-chance-of-fraud-216833">How risky is it to give card details over the phone and how do I reduce the chance of fraud?</a>
</strong>
</em>
</p>
<hr>
<h2>2. Creating a sense of urgency</h2>
<p>Scammers fabricate scenarios that require immediate action, like claiming a bank account is at risk of closure or an offer is about to expire. This tactic aims to prevent victims from assessing the situation logically or seeking advice, pressuring them into rushed decisions.</p>
<p>The scammer creates an artificial situation in which you are frightened into doing something you wouldn’t ordinarily do. Scam calls <a href="https://theconversation.com/we-have-filed-a-case-under-your-name-beware-of-tax-scams-theyll-be-everywhere-this-eofy-162171">alleging to be from the Australian Tax Office</a> (ATO) are a great example. You have a debt to pay (apparently) and things will go badly if you don’t pay <em>right now</em>.</p>
<p>Scammers play on your emotions to provoke reactions that cloud judgement. They may threaten legal trouble to instil fear, promise high investment returns to exploit greed, or share fabricated distressing stories to elicit sympathy and financial assistance.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/australians-lost-more-than-10-million-to-scammers-last-year-follow-these-easy-tips-to-avoid-being-conned-109728">Australians lost more than $10 million to scammers last year. Follow these easy tips to avoid being conned</a>
</strong>
</em>
</p>
<hr>
<h2>3. Building rapport with casual talk</h2>
<p>Through extended conversation, scammers build a psychological commitment to their scheme. No one gets very far by just demanding your password, but it’s natural to be friendly with people who are friendly towards us. </p>
<p>After staying on the line for long periods of time, the victim also becomes cognitively fatigued. This not only makes the victim more open to suggestions, but also isolates them from friends or family who might recognise and counteract the scam.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/576715/original/file-20240220-30-l51qa3.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A man with dark hair and beard looking tired while listening to someone on the phone" src="https://images.theconversation.com/files/576715/original/file-20240220-30-l51qa3.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/576715/original/file-20240220-30-l51qa3.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/576715/original/file-20240220-30-l51qa3.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/576715/original/file-20240220-30-l51qa3.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/576715/original/file-20240220-30-l51qa3.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/576715/original/file-20240220-30-l51qa3.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/576715/original/file-20240220-30-l51qa3.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Keeping you on the line for a long period of time is bound to create fatigue and make you more vulnerable to unusual requests.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/young-depressed-man-crying-while-talking-1641825148">Jojo Photos/Shutterstock</a></span>
</figcaption>
</figure>
<h2>4. Help me to help you</h2>
<p>In this case, the scammer creates a situation where they help you to solve a real or imaginary problem (that they actually created). They work their “IT magic” and the problem goes away. </p>
<p>Later, they ask you for something you wouldn’t normally do, and you do it because of the “social debt”: they helped you first.</p>
<p>For example, a hacker might attack a corporate network, causing it to slow down. Then they call you, pretending to be from your organisation, perhaps as a recent hire not yet on the company’s contact list. They “help” you by turning off the attack, leaving you suitably grateful. </p>
<p>Perhaps a week later, they call again and ask for sensitive information, such as the CEO’s password. You <em>know</em> company policy is to not divulge it, but the scammer will ask if you remember them (of course you do) and come up with an excuse for why they really need this password.</p>
<p>The balance of the social debt says you will help them.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/576716/original/file-20240220-28-x2hybs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A woman with dark curly hair listening to someone on the phone" src="https://images.theconversation.com/files/576716/original/file-20240220-28-x2hybs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/576716/original/file-20240220-28-x2hybs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/576716/original/file-20240220-28-x2hybs.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/576716/original/file-20240220-28-x2hybs.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/576716/original/file-20240220-28-x2hybs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/576716/original/file-20240220-28-x2hybs.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/576716/original/file-20240220-28-x2hybs.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">By pretending to be someone from your company, a scammer who’s earned a ‘social debt’ can get you to agree to unusual requests.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/depressed-young-african-woman-not-able-577535227">Cast of Thousands/Shutterstock</a></span>
</figcaption>
</figure>
<h2>5. Appealing to authority</h2>
<p>By posing as line managers, officials from government agencies, banks, or other authoritative bodies, scammers exploit our natural tendency to obey authority.</p>
<p>Such scams operate at varying levels of sophistication. The simple version: your manager messages you with an <em>urgent</em> request to purchase some gift cards and send through their numbers.</p>
<p>The complex version: your manager calls and asks to urgently transfer a large sum of money to an account you don’t recognise. You do this because <a href="https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402">it sounds exactly</a> like your manager on the phone – but the scammer <a href="https://www.forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/?sh=1329b80e7559">is using a voice deepfake</a>. In a recent major case in Hong Kong, such a scam even involved a <a href="https://edition.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html">deepfake video call</a>.</p>
<p>This is deeply challenging because artificial intelligence tools, such as Microsoft’s VALL-E, can create <a href="https://arstechnica.com/information-technology/2023/01/microsofts-new-ai-can-simulate-anyones-voice-with-3-seconds-of-audio/">a voice deepfake</a> using just three seconds of sampled audio from a real person.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/voice-deepfakes-are-calling-heres-what-they-are-and-how-to-avoid-getting-scammed-201449">Voice deepfakes are calling – here's what they are and how to avoid getting scammed</a>
</strong>
</em>
</p>
<hr>
<h2>How can you defend against a scam?</h2>
<p>First and foremost, <strong>verify identity</strong>. Find another way to contact the person to verify who they are. For example, you can call a generic number for the business and ask to be connected.</p>
<p>In the face of rampant voice deepfakes, it can be helpful to <strong>agree on a “safe word” with your family members</strong>. If they call from an unrecognised number and you don’t hear the safe word just hang up.</p>
<p>Watch out for <strong>pressure tactics</strong>. If the conversation is moving too fast, remember that someone else’s problem is not yours to solve. Stop and run the problem past a colleague or family member for a sanity check. A legitimate business will have no problem with you doing this.</p>
<p>Lastly, if you are not sure about even the slightest detail, the simplest thing is to hang up or not respond. If you really owe a tax debt, the ATO will write to you.</p><img src="https://counter.theconversation.com/content/223959/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Mike Johnstone received funding from the EU for a project on authentication and authorisation and from the Australian Government for a project on Forensic Identification of Deep Fakes. </span></em></p><p class="fine-print"><em><span>Georgia Psaroulis does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>With so much advice available, how are we still getting scammed? It’s because cybercriminals use sophisticated psychological techniques to trick us and wear us down.Mike Johnstone, Security Researcher, Associate Professor in Resilient Systems, Edith Cowan UniversityGeorgia Psaroulis, Postdoctoral research fellow, Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2230862024-02-09T00:56:45Z2024-02-09T00:56:45ZDesperate for Taylor Swift tickets? Here are cybersecurity tips to stay safe from scams<p>The global superstar Taylor Swift is bringing her Eras tour to Australia later this month, with sold-out shows in Sydney and Melbourne. With Swifties numbering in the thousands, fans who didn’t initially secure tickets are understandably desperate to find some. </p>
<p>Enter the many fraudsters seizing this opportunity. Sadly, the Australian Competition and Consumer Commission (ACCC) <a href="https://www.accc.gov.au/media-release/swifties-beware-scammers-are-in-their-cruel-summer-era">has reported over A$135,000</a> already lost to ticket fraud for the Swift concerts. The actual losses are likely to be much higher. </p>
<p>Hackers are also targeting the accounts of ticket holders in order to steal and resell legitimate tickets.</p>
<p>So how can you protect yourself if you are looking to buy or sell Eras tickets, or just want to keep your Ticketek account safe?</p>
<h2>The problem is ticket fraud</h2>
<p>In recent years, there has been a shift to electronic ticketing for events. This uses a unique barcode (or QR code) which can be dynamic. In the case of Ticketek, electronic tickets are linked to the purchaser’s phone number to reduce fraud.</p>
<p>Electronic ticketing aims to overcome a range of problems, such as counterfeit tickets, duplicate tickets and ticket scalping. Unsurprisingly, scammers have updated their techniques, too. </p>
<p>When purchasing tickets, it can be difficult to know if it is an authentic website, a genuine ticket and a legitimate transaction. </p>
<p>For example, scammers are selling <a href="https://www.scamwatch.gov.au/news-alerts/scam-alert-taylor-swift-tickets">non-existent tickets</a> across a range of social media platforms. They are also creating fake, legitimate-looking websites that lure in unsuspecting victims to hand over their personal details and money in return for heartache. </p>
<p>Many fraudsters are also tricking people with ticket sales on Facebook. Excited fans send the requested payment (usually a cash transfer), but will not receive their promised tickets and are not likely to recover the money.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="An example Facebook post advertising a " src="https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=486&fit=crop&dpr=1 600w, https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=486&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=486&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=610&fit=crop&dpr=1 754w, https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=610&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=610&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Facebook has many groups where Taylor Swift fans are on the lookout for tickets, making them vulnerable to scammers.</span>
<span class="attribution"><span class="source">Facebook</span></span>
</figcaption>
</figure>
<h2>Hacked accounts</h2>
<p>The prevalence of hacking drives a lot of the ticket fraud. This is particularly evident through the only official reseller of Eras tickets (and many other events) – Ticketek Marketplace. </p>
<p>Some people have had their Ticketek accounts <a href="https://au.news.yahoo.com/taylor-swift-fans-see-tickets-disappear-ticketek-works-to-curb-scammers-203020815.html">hacked</a>, and offenders have been able to make transactions without the owner’s consent. By the time they realise, it is too late – the owner may have lost their tickets with nothing in return. </p>
<p>There are also many <a href="https://www.9news.com.au/national/taylor-swift-ticket-scammers-hunt-victims-on-facebook-for-australia-eras-tour/d1776810-154e-4f52-aa40-6375eb4285d8">reports</a> of victims whose known contacts (family or friends) message them on social media offering the chance to buy tickets. This approach reduces red flags or suspicions, as it uses existing trust and relationships to get a payment.</p>
<p>However, victims soon find their family member or friend has had their account hacked. Again, there is no ticket and no chance of recovering funds. </p>
<p>Hacking genuine accounts to perpetrate fraud is common. Recently, <a href="https://www.abc.net.au/news/2024-01-31/booking-com-scams-surge-phishing-australians-thousands-dollars/103390292">hackers gained unauthorised access</a> to hotel provider accounts on the popular accommodation website Booking.com. They then communicated with guests to gain direct payments and financial details. </p>
<h2>If I’d only played it safe</h2>
<p>There are no foolproof guarantees when trying to buy resold tickets. But you can look out for warning signs and take steps to reduce the risk of fraud or being hacked.</p>
<p><strong>Only buy tickets through the authorised seller website.</strong> In the case of Swift, that’s Ticketek Marketplace. While customers are reporting <a href="https://www.smh.com.au/culture/music/look-what-you-made-me-do-desperate-swifties-abandon-ticketek-in-risky-hunt-for-tickets-20240118-p5ey6b.html">long wait times</a> and less than satisfactory user experiences right now, it is still the most likely place to have genuine tickets. </p>
<hr>
<hr>
<p><strong>Do not, under any circumstances, buy tickets on social media such as Facebook.</strong> This includes from known contacts. There is no guarantee that the ticket exists or the person is genuine. There is also no recourse for lost payment. </p>
<p><strong>Never provide or confirm your payment details outside of Ticketek.</strong> Do not transfer any cash via a bank transfer to a seller. There are no seller fees on Ticketek Marketplace, and no reason to pay outside of the regulated system. </p>
<p><strong>Ensure you have strong passwords on all your accounts.</strong> Do not use the same password on several accounts. This is vitally important to protect yourself against many types of harm, not just ticket fraud. </p>
<p><strong>Enable two-factor authentication on any accounts you can.</strong> This provides an additional layer of protection should your password be compromised.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/what-is-multi-factor-authentication-and-how-should-i-be-using-it-191591">What is multi-factor authentication, and how should I be using it?</a>
</strong>
</em>
</p>
<hr>
<p><strong>Use a credit card where possible</strong> rather than debit card or cash transfers. You may be able to dispute a transaction or charge if you have used your credit card and may be able to recover any lost funds.</p>
<p><strong>Take screenshots of any communications and transactions</strong> when purchasing tickets online. While this will not prevent fraud, it does make it easier to report an incident or figure out what happened. </p>
<p><strong>Always confirm in person or over the phone with any known contacts</strong> who have messaged an offer or requested funds. With the prevalence of hacking into accounts, you may not be communicating with the person you think you are. </p>
<h2>No one teaches you what to do</h2>
<p>If you think you have been a victim of ticket fraud, contact your bank or financial institution immediately. The quicker you can do this, the better. </p>
<p>You should also contact the platform through which you made the transaction (such as Ticketek Marketplace). </p>
<p>You can report any financial losses to <a href="https://www.cyber.gov.au/report-and-recover/report">ReportCyber</a>, which is an online police reporting portal for cyber incidents, as well as <a href="https://www.scamwatch.gov.au/report-a-scam">Scamwatch</a>, to assist with education and awareness activities.</p>
<p>If you need support or assistance for any compromise of your identity, contact <a href="https://www.idcare.org/">iDcare</a>.</p><img src="https://counter.theconversation.com/content/223086/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Cassandra Cross has previously received funding from the Australian Institute of Criminology and the Cybersecurity Cooperative Research Centre.</span></em></p>Australian fans who didn’t manage to snag Eras tickets are on the hunt – and scammers are capitalising on this. Here’s everything you need to know to protect yourself.Cassandra Cross, Associate Dean (Learning & Teaching) Faculty of Creative Industries, Education and Social Justice, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2190532023-12-19T16:53:48Z2023-12-19T16:53:48ZFraud is a problem so big we need to start teaching children how to spot it in schools<figure><img src="https://images.theconversation.com/files/565490/original/file-20231213-27-gu78dv.jpg?ixlib=rb-1.1.0&rect=0%2C67%2C4992%2C3255&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Fraud can happen to anyone. </span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/dishonest-evil-salesman-business-suit-car-1059618683">Twinsterphoto/Shutterstock</a></span></figcaption></figure><p>Have you or someone you know been a victim of fraud? If so, that’s not unusual.</p>
<p>The UK’s Office for National Statistics (ONS) reported a <a href="https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/articles/natureoffraudandcomputermisuseinenglandandwales/yearendingmarch2022">rise of 25%</a> in the number of fraud offences in 2021 compared to 2020 in the UK. Representing over 40% of all crimes against individuals, fraud is <a href="https://ukparliament.shorthandstories.com/breaking-fraud-chain-committee-report/index.html">the most common</a> crime in the UK. </p>
<p>If these statistics are not alarming enough, there is some evidence <a href="https://www.forbes.com/sites/jeffkauflin/2023/09/18/how-ai-is-supercharging-financial-fraudand-making-it-harder-to-spot/">that AI is</a> making it <a href="https://www.mcafee.com/blogs/privacy-identity-protection/artificial-imposters-cybercriminals-turn-to-ai-voice-cloning-for-a-new-breed-of-scam/">harder to</a> detect scams.</p>
<p>People often <a href="https://commsrisk.com/some-victims-of-fraud-are-just-stupid/">blame fraud victims</a> for being foolish or trusting enough to fall for a scam. But it’s time to accept that it can happen to anyone. It’s a problem so large we need to revise our concept of fraud as something that only happens to gullible or vulnerable people. The human brain can’t keep up with all of the new technology-enabled types of fraud.</p>
<p>So we need a new approach that holds financial institutions and businesses responsible for identifying or facilitating fraud and that harnesses AI to spot suspicious transactions. It’s not reasonable to expect consumers to know when they’re being scammed if banks and social media platforms can’t.</p>
<h2>Who falls prey to fraud</h2>
<p>If you were asked who is the most likely to become a victim of fraud, what would be your answer? If you are like most people, you probably thought about <a href="https://financialpost.com/executive/executive-summary/most-likely-financial-scam-victims">older adults</a>. Investment bankers, IT experts or young adults might not have come to mind. </p>
<p>This misconception about who is vulnerable or susceptible to fraud is one of the core problems surrounding the topic of fraud. For example, <a href="https://www.experian.co.uk/assets/insight-reports/brochures/The-Insight-Report-Victims-of-fraud-survey-March-2010.pdf">a 2010 survey</a> by credit reporting company Experian examining identity fraud in the UK found that two age groups, 25-34 and 35-44, represented 54% of the victims, while those over 65 represented only 4% of the victims of that type of fraud. </p>
<p>With cryptocurrency, victims tend to be young, well-educated, professional, and <a href="https://academic.oup.com/rof/article/26/4/855/6478303%20">traders who have risky portfolios</a>. </p>
<p>It is enough to read the list of main investors (and victims) in the fraud-ridden <a href="https://markets.businessinsider.com/news/currencies/ftx-bankruptcy-top-investors-list-tom-brady-kevin-oleary-sbf-2023-1">cryptocurrency exchange FTX</a> and fraudulent medical technology company <a href="https://www.integrityline.com/expertise/blog/elizabeth-holmes-theranos/">Theranos</a> cases to realise that even the savviest investors and celebrities can become victims. Their supporters included media moguls, politicians and hedge fund managers. </p>
<figure class="align-center ">
<img alt="Frustrated and upset man outside office building looking at his smartphone and holding a bank card" src="https://images.theconversation.com/files/565493/original/file-20231213-21-98fg16.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/565493/original/file-20231213-21-98fg16.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/565493/original/file-20231213-21-98fg16.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/565493/original/file-20231213-21-98fg16.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/565493/original/file-20231213-21-98fg16.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/565493/original/file-20231213-21-98fg16.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/565493/original/file-20231213-21-98fg16.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Educated adults make up a large percentage of fraud victims.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/frustrated-upset-african-american-man-outside-2212767551">voronaman/Shutterstock</a></span>
</figcaption>
</figure>
<p>A 2023 report by <a href="https://www.ukfinance.org.uk/news-and-insight/press-release/gen-z-more-likely-be-tricked-criminals-and-fall-impersonation-scams">UK Finance</a> indicates that 18- to 24-year-olds are being increasingly targeted by fraudsters, and are far more likely to fall prey to an impersonation scam, compared to those aged 65 and over. Also, the rate of 13- to 17-year-olds falling prey to <a href="https://www.lloydsbankinggroup.com/assets/pdfs/who-we-are/our-purpose/fraud/lloyds-bank-game-fraud-report.pdf">scams via gaming</a> has seen a sharp rise. </p>
<h2>Developing educational and therapeutic programmes</h2>
<p>Many schools around the world have introduced <a href="https://educationhub.blog.gov.uk/2023/02/01/how-we-promote-and-teach-online-safety-in-schools/">online safety programmes</a>.</p>
<p>The programmes currently on offer, however, tend to be rather thin on how to protect yourself from fraud. Children’s charity <a href="https://www.nspcc.org.uk/keeping-children-safe/online-safety/?gclsrc=aw.ds&gad_source=1&gclid=CjwKCAiAg9urBhB_EiwAgw88mXcr3TpCRmIGbNM_A0C7uuvBV0uO6TrC4FpNSvyjP71aOIMRR4MM2hoCgPMQAvD_BwE&gclsrc=aw.ds">the NSPCC</a>, for example, has programmes for protecting children from online abuse, staying safe while using social media, and from legal but harmful content – but not for online scams. </p>
<p>Fraud prevention should be taught in schools and universities as part of the curriculum. </p>
<p>For older adults, charities <a href="https://www.aarp.org/money/scams-fraud/about-fraud-watch-network/">the AARP</a> and <a href="https://www.ageuk.org.uk/information-advice/money-legal/scams-fraud/">AgeUK</a> offer guidance and resources, but it is unclear how effective or widely used they are. </p>
<p>Fraud prevention programmes, training, and information have rarely been scrutinised and we lack data on their effectiveness. We need to develop programmes for each age group and evaluate their effectiveness. </p>
<h2>Improve deterrence</h2>
<p>One of the most important theories in criminology is <a href="https://www.house.mn.gov/hrd/pubs/deterrence.pdf">deterrence theory</a>, which says crime reduction relates to the severity of the punishment, and, more importantly, the likelihood of being caught. </p>
<p><a href="https://www.gov.scot/publications/works-reduce-crime-summary-evidence/pages/5/">Research suggests</a> that increasing the likelihood of being caught is far more effective than increasing punishment. However, fraudsters have little to worry about. By the <a href="https://www.gov.uk/government/publications/fraud-strategy/fraud-strategy-stopping-scams-and-protecting-the-public">UK government’s admittance</a>, fraud accounts for over 40% of all crimes yet it receives less than 1% of police resources. </p>
<h2>Businesses must better protect consumers</h2>
<p>During the COVID pandemic, media outlets reported that Google blocked <a href="https://www.bbc.co.uk/news/technology-52319093">18 million coronavirus scam</a> emails every day. Despite these efforts, according <a href="https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2023/10/social-media-golden-goose-scammers">to a report</a> by the Federal Trade Commission (FTC), a US agency that enforces consumer rights, tech companies and especially social network sites are a breeding ground for scammers.</p>
<p>Indeed, the FTC reported that a quarter of the people who lost money to fraud said the process started on social networking platforms. </p>
<p>The nature of social media sites provides scammers with the ability to hide behind fake personas and pretend to be a legitimate business. They also allow scammers to reach millions of people with a press of a button —- <a href="https://www.pewresearch.org/internet/2021/04/07/social-media-use-in-2021/">particularly younger adults</a> who tend to be more heavy and prolific users of social networking sites. </p>
<p>The FTC <a href="https://www.ftc.gov/news-events/news/press-releases/2023/03/ftc-issues-orders-social-media-video-streaming-platforms-regarding-efforts-address-surge-advertising">has issued orders</a> to a range of social media – including Meta, TikTok and YouTube – seeking information on how these companies screen for malicious and nefarious ads and scams. </p>
<h2>Introduce new policies</h2>
<p>California legislators are <a href="https://pluralpolicy.com/app/legislative-tracking/bill/details/state-ca-20232024-sb278/1277035">considering a bill</a> offering older adults greater protection against fraud by holding banks responsible when tellers facilitate fraudulent transactions.</p>
<p>In the UK, former home secretary Suella Braverman presented a
<a href="https://www.gov.uk/government/publications/fraud-strategy/fraud-strategy-stopping-scams-and-protecting-the-public">a fraud strategy</a> the parliament in May 2023, which proposes a range of measures such as banning all phone calls related to financial products. </p>
<p>We see these two bills as a move in the right direction but more work is needed, and urgently. Policymakers must allocate funding to research and law enforcement agencies, introduce laws that provide greater protection to people, and collaborate with international law enforcement bodies, such as Interpol. </p>
<p>Fraud affects society on all levels: individuals, organisations and governments. We are all in it together, whether we like it or not.</p><img src="https://counter.theconversation.com/content/219053/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Recent studies have shown fraud is an even bigger problem than people realise.Yaniv Hanoch, Professor in Decision Science, University of SouthamptonStacey Wood, Professor of Psychology, Scripps CollegeLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2161982023-12-14T13:40:03Z2023-12-14T13:40:03ZPhishing scams: 7 safety tips from a cybersecurity expert<figure><img src="https://images.theconversation.com/files/558278/original/file-20231108-27-qgt394.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Phishers are crafty and their scams are always evolving.</span> <span class="attribution"><span class="source">weerapatkiatdumrong</span></span></figcaption></figure><p>Recently, one of my acquaintances, Frank, received an email late on a Monday afternoon with the subject line, “Are you still in the office?” It appeared to come from his manager, who claimed to be stuck in a long meeting without the means to urgently purchase online gift vouchers for clients. He asked for help and shared a link to an online platform, from which Frank bought R6,000 (about US$325) worth of gift vouchers. Once he’d sent the codes he received a second email from the “boss” requesting one more voucher.</p>
<p>At that point, Frank reached out to his boss through WhatsApp and discovered he’d been duped. Frank had fallen prey to a phishing scam. </p>
<p>This is just one example of many from my own circles. Other friends and relatives – some of them seasoned internet users who know about the importance of cybersecurity – have also fallen prey to phishing scams. </p>
<p>I am a cybersecurity professional who conducts <a href="https://www.wits.ac.za/staff/academic-a-z-listing/m/mau-maz/thembekilemayayisewitsacza/">research</a> on and teaches various cybersecurity topics. In recent years I have noticed (and confirmed through <a href="https://iacis.org/iis/2023/4_iis_2023_294-310.pdf">research</a>) that some organisations and individuals seem fatigued by cybersecurity awareness efforts. Is it possible that they assume most people are technologically astute and constantly well-informed? Or could it simply be that fatigue has set in because of the demanding nature of cybersecurity awareness campaigns? Though I have no definitive answer, I suspect the latter.</p>
<p>The reality is that phishing scams are here to stay and the methods employed in their execution continue to evolve. Given my expertise and experience, I would like to offer seven tips to help you stay safe from phishing scams. This is especially important during the festive season as people shop for gifts and book holidays online. These activities create more opportunities for cybercriminals to net new victims. However, these tips are appropriate throughout the year. Cybercriminals don’t take breaks – so you shouldn’t ever drop your guard.</p>
<h2>What is phishing?</h2>
<p>“Phishing” is a strategy designed to deceive people into revealing sensitive information such as credit card details, login credentials and, in some instances, identification numbers. </p>
<p>The most common form of phishing is via email: phishers send fraudulent emails that appear to be from legitimate sources. The messages often contain links to fake websites designed to steal login credentials or other sensitive information. The same email will be sent to many addresses. Phishers can obtain emails from places such as corporate websites, existing data breaches, social media platforms, business cards or other publicly available company documents.</p>
<p>Cybercriminals know that casting their net wide means they’ll surely catch some.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/meet-the-yahoo-boys-nigerias-undergraduate-conmen-60757">Meet the ‘Yahoo boys’ – Nigeria's undergraduate conmen</a>
</strong>
</em>
</p>
<hr>
<p>Voice phishing (vishing) is another form of this scam. Here, perpetrators use voice communication, like a phone call in which the caller falsely claims to be a bank official and seeks to assist you in resetting your password or updating your account details. Other common vishing scams centre on offering discounts or rewards if you join a vacation club, provided you disclose your personal credit card information.</p>
<p>Social media phishing, meanwhile, happens when scammers create fake accounts purporting to be real people (for instance, posing as Frank’s boss). They then start interacting with the real person’s connections to deceive them into giving up sensitive information or performing financial favours.</p>
<p>Cybercriminals also employ SMS phishing (smishing), using text messages to target individuals to reveal sensitive information such as login credentials or credit card details by clicking on malicious links or downloading harmful attachments. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/online-fraudsters-colonial-legacies-and-the-north-south-divide-in-nigeria-187879">Online fraudsters, colonial legacies and the north-south divide in Nigeria</a>
</strong>
</em>
</p>
<hr>
<p>Who is behind these scams? Typically, these are seasoned and cunning scammers who have honed their skills in the world of phishing over an extended period. Some work alone; others belong to syndicates.</p>
<h2>Phishing skills</h2>
<p>Successful phishers have a variety of skills. They combine psychological tactics and technical prowess. </p>
<p>They are master manipulators, playing on victims’ emotions. Individuals are deceived into believing they’ve secured a substantial sum, often millions, through a jackpot win. This scheme falsely claims that their cellphone number or email was used for entry. Consequently, the victim doesn’t seek clarification. Excited about getting the windfall payment quickly, they give their personal information to cybercriminals.</p>
<p>These scammers even tailor their approach to match individuals’ personal beliefs. For example, if you have an affinity for ancestral worship, be prepared for a message from someone claiming to be a medium, asserting that your great-great-grandfather is requesting a money ritual involving a deposit to a particular account and promising multiplication of your funds – even though your ancestors have communicated no such information. </p>
<p>Likewise, if you are a devout Christian, someone claiming to be “Prophet Profit” might attempt to contact you through a messaging platform, suggesting that a monetary offering to their ministry will miraculously resolve all your financial challenges. It’s simply too good to be true.</p>
<h2>Seven tips</h2>
<p>So, how can you avoid e-mail phishing scams? Here are my tips.</p>
<p><strong>1.</strong> Before acting on an email that seems to be from a trusted colleague or friend – especially if it involves an unusual request – check whether the communication is authentic. Contact them directly through a telephone call.</p>
<p><strong>2.</strong> If you encounter suspicious emails at work and are unsure of what to do, promptly report them to your IT department.</p>
<p><strong>3.</strong> Exercise caution when disclosing your contact information, such as email addresses and phone numbers, on public platforms. Malicious individuals may exploit this information for harmful purposes.</p>
<p><strong>4.</strong> Be vigilant when responding to unsolicited emails or messages that request personal information or immediate action.</p>
<p><strong>5.</strong> Validate the sender’s email address. When in doubt, use official contact details from an organisation’s official website to get in touch instead of replying to the message.</p>
<p><strong>6.</strong> Don’t click on dubious links. Always double-check the URL before entering sensitive data.</p>
<p><strong>7.</strong> Keep your devices, anti-spam and anti-malware software up to date. Use strong and unique passwords or multi-factor authentication.</p><img src="https://counter.theconversation.com/content/216198/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Thembekile Olivia Mayayise received research funding from the Diversifying Academy Grant at Wits University.
</span></em></p>Cybercriminals don’t take breaks, so you shouldn’t ever drop your guard.Thembekile Olivia Mayayise, Senior Lecturer, University of the WitwatersrandLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2182942023-12-08T16:14:45Z2023-12-08T16:14:45ZHow to protect yourself from cyber-scammers over the festive period<figure><img src="https://images.theconversation.com/files/562490/original/file-20231129-26-z85wnz.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C6134%2C3228&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">As online shopping increases over the festive period, so does the risk of cyber-scams. </span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/merry-xmas-eve-online-shopping-store-2089436578">Chay Tee/Shutterstock</a></span></figcaption></figure><p>The festive season is a time for joy, family and festive cheer. However, it’s also a prime target for cybercriminals. As online shopping ramps up, so does the risk of falling prey to cyber-attacks. That’s why it’s crucial to be extra vigilant about your <a href="https://blog.tctg.co.uk/12-cyber-security-tips-of-christmas">cybersecurity</a> during this time. </p>
<p>Here are some essential tips to safeguard yourself and your data during the festive period:</p>
<h2>Phishing</h2>
<p>Phishing is when criminals use scam emails, text messages or phone calls to trick their victims. Their <a href="https://www.ncsc.gov.uk/collection/phishing-scams">goal</a> is often to make you visit a certain website, which may download a virus on to your computer, or steal bank details or other personal data. </p>
<p>This type of scam tends to <a href="https://www.egress.com/blog/phishing/holiday-phishing-scam-guide">increase</a> at this time due to the amount of people having bought or received new gadgets and technology. </p>
<p>Look out for there being no direct reference to your name in any communications, with wording such as “Dear Sir/Madam” or other terms such as “valued customer” being used instead. Grammar and spelling mistakes are also often present. </p>
<p>Be wary of any suspicious links or attachments within emails too, and don’t click them. It’s better to contact the company directly to check if the message is genuine. You can also <a href="https://www.ncsc.gov.uk/collection/phishing-scams">report</a> suspicious messages and phishing scams to the government’s National Cyber Security Centre. </p>
<h2>Shopping safely online</h2>
<p>The convenience of online shopping is undeniable, especially during the festive season. However, it’s crucial to prioritise your security when buying online. </p>
<p>Before entering your personal and financial information on any website, ensure it’s legitimate and secure. Look for the “https” in the address bar and a <a href="https://theconversation.com/the-vast-majority-of-us-have-no-idea-what-the-padlock-icon-on-our-internet-browser-is-and-its-putting-us-at-risk-216581">padlock</a> icon, which indicates a secure and encrypted connection. </p>
<p>When creating passwords for online shopping accounts, use strong, unique combinations of letters, numbers and symbols. Avoid using the same password for multiple accounts, as a breach on one site could compromise all your others.</p>
<p>As with shopping in the real world, be cautious when encountering offers that are significantly below usual prices or which make extravagant promises. Always conduct thorough research on the seller and product before making a purchase. If a deal seems too good to be true, it probably is. </p>
<p>And if you are out shopping in towns or city centres, there will often be a large number of public wifi options available to you. However, criminals can intercept the data that is transferred across such open and unsecured wifi. So, avoid using public wifi where possible, especially when conducting any financial transactions. </p>
<figure class="align-center ">
<img alt="A person sits at a laptop with a coffee surrounded by festive packages." src="https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Stay vigilant, exercise caution and don’t let your excitement for gifts and deliveries compromise your cybersecurity.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/christmas-online-shopping-top-view-female-520279837">Prostock-studio/Shutterstock</a></span>
</figcaption>
</figure>
<h2>Social media</h2>
<p>While social media platforms provide people with a means to keep in touch with family and friends over the festive period, they are often a goldmine for <a href="https://www.which.co.uk/consumer-rights/advice/how-to-spot-a-social-media-scam-aMtwF3u1XKGt">scams</a> and malware (software designed to disrupt, damage or gain unauthorised access to a computer). In the spirit of the festive season, people often share an abundance of personal information on social media, often without considering the potential consequences. </p>
<p>This trove of data can make people vulnerable to cyber-attacks. Scammers can exploit this information to gain unauthorised access to social media accounts, steal personal information, or even commit identity theft. To protect yourself, be mindful of what you share. </p>
<p>Be wary when interacting with posts and direct messages, especially if they contain suspicious links or attachments. Before clicking on anything, hover over the link to verify its destination. If it shows a website you don’t recognise or seems unrelated to the message, do not click on it. If you receive a message from someone you know but the content seems strange or out of character, contact them directly through a trusted channel to verify its authenticity. </p>
<p>Likewise, be wary of messages containing urgent requests for money or personal information from businesses. Genuine organisations will never solicit sensitive details through social media.</p>
<p>There are many buy and sell platforms available on social media. But while such platforms can be a great place to find a unique gift, it is also important to remember that not all sellers may be legitimate. So, it’s vital that you don’t share your bank details. If the seller sends a link to purchase the item, do not use it. When meeting to collect an item, it’s generally safer to use cash rather than transferring funds electronically.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/aO858HyFbKI?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Advice for staying safe online.</span></figcaption>
</figure>
<h2>Package delivery scams</h2>
<p>As well as being a time for giving and receiving gifts, the festive season is also ripe for cybercriminals to exploit the excitement surrounding <a href="https://www.citizensadvice.org.uk/about-us/about-us1/media/press-releases/scams-linked-to-parcel-deliveries-come-top-in-2023/">package deliveries</a>. </p>
<p>Scammers often pose as legitimate delivery companies, sending emails or text messages claiming that a delivery attempt was unsuccessful or requiring additional fees for processing, or even customs clearance. Typically, these messages contain links or phone numbers that, when clicked or called, lead to fake websites or automated phone systems designed to collect personal information or payments.</p>
<p>To protect yourself, always verify the legitimacy of any delivery notifications you receive. Check the sender’s email address or phone number against the official contact information for the delivery company. If the information doesn’t match or seems suspicious, don’t click any links or provide personal details. </p>
<p>Legitimate delivery companies will never ask for upfront payment or sensitive information through unsolicited messages or calls. </p>
<p>Remember, cybercriminals are skilled at manipulating the festive spirit to their advantage. Stay vigilant, exercise caution, and don’t let your excitement for gifts and deliveries compromise your cybersecurity.</p><img src="https://counter.theconversation.com/content/218294/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Rachael Medhurst does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Cyber-scams tend to ramp up at this time of year, with criminals and scammers eager to exploit people’s generosity and excitement.Rachael Medhurst, Course Leader and Senior Lecturer in Cyber Security NCSA, University of South WalesLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2168332023-11-23T00:48:52Z2023-11-23T00:48:52ZHow risky is it to give card details over the phone and how do I reduce the chance of fraud?<p>Paying for things digitally is so common, most of us think nothing of swiping or tapping our card, or using mobile payments. While doing so is second nature, we may be more reluctant to provide card details over the phone.</p>
<p>Merchants are allowed to ask us for credit card details over the phone – this is perfectly legal. But there are minimum standards they must comply with and safeguards to protect consumer data.</p>
<p>So is giving your card details over the phone any more risky than other transactions and how can you minimise the risks?</p>
<h2>How is my card data protected?</h2>
<p>For a merchant to process card transactions, they are expected to comply with the <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">Payment Card Industry Data Security Standard</a>. This is a set of security requirements designed to protect cardholder data and the trillions of dollars of transactions each year.</p>
<p>Compliance involves various security measures (such as encryption and access controls) together with strong governance and regular security assessments.</p>
<p>If the information stored by the merchant is accessed by an unauthorised party, encryption ensures it is not readable. That means stealing the data would not let the criminals use the card details. Meanwhile, access controls ensure only authorised individuals have access to cardholder data.</p>
<p>Though all companies processing cards are expected to meet the compliance standards, only those processing large volumes are subject to mandatory regular audits. Should a subsequent data leak or misuse occur that can be attributed to a compliance failure, a <a href="https://www.csoonline.com/article/569591/pci-dss-explained-requirements-fines-and-steps-to-compliance.html">company can be penalised</a> at levels that can escalate into millions of dollars.</p>
<p>These requirements apply to all card transactions, whether in person, online or over the phone. Phone transactions are likely to involve a human collecting the card details and either entering them into computer systems, or processing the payment through paper forms. The payment card Security Standards Council has <a href="https://docs-prv.pcisecuritystandards.org/Guidance%20Document/Telephone-Based%20Payments/Protecting_Telephone_Based_Payment_Card_Data_v3-0_nov_2018.pdf">detailed guides for best practice</a>:</p>
<blockquote>
<p>A policy should be in place to ensure that payment card data is protected against unauthorised viewing, copying, or scanning, in particular on desks.</p>
</blockquote>
<p>Although these measures can help to protect your card data, there are still risks in case the details are misplaced or the person on the phone aren’t who they say they are.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/ai-scam-calls-imitating-familiar-voices-are-a-growing-problem-heres-how-they-work-208221">AI scam calls imitating familiar voices are a growing problem – here's how they work</a>
</strong>
</em>
</p>
<hr>
<h2>Basic tips for safe credit card use over the phone</h2>
<p>If you provide card details over the phone, there are steps you can take to minimise the chance you’ll become the victim of fraud, or get your details leaked.</p>
<p><strong>1. Verify the caller</strong></p>
<p>If you didn’t initiate the call, hang up and call the company directly using details you’ve verified yourself. Scammers will often masquerade as a well-known company (for example, an online retailer or a courier) and convince you a payment failed or payment is needed to release a delivery.</p>
<p>Before you provide any information, confirm the caller is legitimate and the purpose of the call is genuine.</p>
<p><strong>2. Be sceptical</strong></p>
<p>If you are being offered a deal that’s too good to be true, have concerns about the person you’re dealing with, or just feel something is not quite right, hang up. You can always call them back later if the caller turns out to be legitimate.</p>
<p><strong>3. Use secure payment methods</strong></p>
<p>If you’ve previously paid the company with other (more secure) methods, ask to use that same method.</p>
<p><strong>4. Keep records</strong></p>
<p>Make sure you record details of the company, the representative you are speaking to and the amount being charged. You should also ask for an order or transaction reference. Don’t forget to ask for the receipt to be sent to you.</p>
<p>Check the transaction against your card matches the receipt – use your banking app, don’t wait for the statement to come through.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/560960/original/file-20231122-15-8f2rll.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Close up of a hand entering pin code at an ATM" src="https://images.theconversation.com/files/560960/original/file-20231122-15-8f2rll.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/560960/original/file-20231122-15-8f2rll.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/560960/original/file-20231122-15-8f2rll.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/560960/original/file-20231122-15-8f2rll.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/560960/original/file-20231122-15-8f2rll.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/560960/original/file-20231122-15-8f2rll.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/560960/original/file-20231122-15-8f2rll.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Cancelling your card is a hassle, but it’s the best way to prevent further funds being stolen from your account.</span>
<span class="attribution"><a class="source" href="https://unsplash.com/photos/person-holding-white-and-red-card-utWyPB8_FU8">Eduardo Soares/Unsplash</a></span>
</figcaption>
</figure>
<h2>Virtual credit cards</h2>
<p>In addition to the safeguards mentioned above, a <a href="https://www.forbes.com/advisor/credit-cards/virtual-credit-card-numbers-guide/">virtual credit card</a> can help reduce the risk of card fraud. </p>
<p>You probably already have a form of virtual card if you’ve added a credit card to your phone for mobile payments. Depending on the financial institution, you can create a new credit card number linked to your physical card.</p>
<p>Some banks extend this functionality to allow you to generate unique card numbers and/or CVV numbers (the three digits at the back of your card). With this approach you can easily separate transactions and cancel a virtual card/number if you have any concerns.</p>
<h2>What to do if you think your card details have been compromised or stolen?</h2>
<p>It’s important not to panic, but quick action is essential: </p>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/557967/original/file-20231107-267416-uv1h9n.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Screenshot of on-line banking app showing card settings" src="https://images.theconversation.com/files/557967/original/file-20231107-267416-uv1h9n.png?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/557967/original/file-20231107-267416-uv1h9n.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=1068&fit=crop&dpr=1 600w, https://images.theconversation.com/files/557967/original/file-20231107-267416-uv1h9n.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=1068&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/557967/original/file-20231107-267416-uv1h9n.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=1068&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/557967/original/file-20231107-267416-uv1h9n.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=1342&fit=crop&dpr=1 754w, https://images.theconversation.com/files/557967/original/file-20231107-267416-uv1h9n.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=1342&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/557967/original/file-20231107-267416-uv1h9n.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=1342&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Example credit card restrictions in a banking app.</span>
<span class="attribution"><span class="source">Author provided</span></span>
</figcaption>
</figure>
<ul>
<li><p>call your bank and get the card blocked so you won’t lose any more money. Depending on your situation, you can also block/cancel the card through your banking app or website</p></li>
<li><p>report the issue to the police or other relevant body</p></li>
<li><p>monitor your account(s) for any unusual transactions</p></li>
<li><p>explore card settings in your banking app or website – many providers allow you to limit transactions based on value, restrict transaction types or enable alerts</p></li>
<li><p>you may want to consider registering for <a href="https://theconversation.com/your-credit-report-is-a-key-part-of-your-privacy-heres-how-to-find-and-check-it-116999">credit monitoring services</a> and to enable fraud alerts.</p></li>
</ul>
<h2>So, should I give my card details over the phone?</h2>
<p>If you want to minimise risk, it’s best to avoid giving card details over the phone if you can. Providing your card details via a website still has risks, but at least it removes the human element. </p>
<p>The best solution currently available is to use virtual cards – if anything goes wrong you can cancel just that unique card identity, rather than your entire card.</p><img src="https://counter.theconversation.com/content/216833/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>It’s legal for a merchant to get your card details over the phone – but it can still be risky. Here’s what you need to know to stay safe.Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan UniversityIsmini Vasileiou, Associate Professor, De Montfort UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2086652023-09-20T20:06:34Z2023-09-20T20:06:34ZWhy do I get so much spam and unwanted email in my inbox? And how can I get rid of it?<figure><img src="https://images.theconversation.com/files/549270/original/file-20230920-21-1bu16q.jpg?ixlib=rb-1.1.0&rect=83%2C143%2C3910%2C2850&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Spam might not have brought an end to the internet or email, as some dire predictions <a href="https://www.zdnet.com/article/why-spam-could-destroy-the-internet/">in the early 2000s</a> claimed it could – but it’s still a massive pain.</p>
<p>Despite all the spam being removed by spam-filtering technologies, most people still receive spam every day. How do these messages end up flooding our inboxes? And are there any legal consequences for the senders?</p>
<h2>What is spam?</h2>
<p>The Organisation for Economic Co-operation and Development (OECD) noted in 2004 “there does not appear to be a widely agreed and workable definition for spam” across jurisdictions – and this remains true today. </p>
<p>That said, “spam” generally <a href="https://www.oecd-ilibrary.org/docserver/232784860063.pdf?expires=1693541947&id=id&accname=ocid177499&checksum=D0C5BDAC49951DF353618B8E38483253">refers to</a> unsolicited electronic messages. These are often sent in bulk and frequently advertise goods or services. It also includes scamming and phishing messages, according to the OECD.</p>
<p>Most people think of spam in the form of emails or SMS messages. However, what we now call spam actually predates the internet. In 1854, a spam telegram was sent to British politicians advertising the opening hours of dentists who <a href="https://www.theguardian.com/technology/2013/aug/09/why-spammers-are-winning-junk-mail">sold tooth-whitening powder</a>. </p>
<p>The first spam email came more than 100 years later. It was reportedly sent to 600 people on May 3 1978 <a href="https://web.archive.org/web/20080628205216/http://www.latimes.com/technology/la-fi-spam11may11001420,1,5168218,full.story">through ARPAnet</a> – a precursor to the modern internet. </p>
<p>As for how much spam is out there, the figures vary, possibly due to the various <a href="https://www.spamhaus.org/consumer/definition/">definitions of “spam”</a>. One source reports the average number of spam emails sent daily in 2022 was about <a href="https://dataprot.net/statistics/spam-statistics/">122.33 billion</a> (which would mean more than half of all emails were spam). As for text messages, another source reports a daily average of 1.6 billion <a href="https://thesmallbusinessblog.net/spam-text-statistics/">spam texts</a>. </p>
<h2>Where do spammers get my details?</h2>
<p>Each time you enter your email address or phone number into an e-commerce website, you may be handing it to spammers.</p>
<p>But sometimes you may even receive spam from entities you don’t recognise. That’s because businesses will often transfer customers’ contact information to related companies, or sell their data to third parties such as data brokers.</p>
<p>Australia’s Privacy Act 1988 somewhat limits the transfer of personal information to third parties. However, these laws <a href="https://theconversation.com/accc-says-consumers-need-more-choices-about-what-online-marketplaces-are-doing-with-their-data-182134">are weak</a> – and <a href="http://handle.unsw.edu.au/1959.4/unsworks_75600">weakly enforced</a>. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/this-law-makes-it-illegal-for-companies-to-collect-third-party-data-to-profile-you-but-they-do-anyway-190758">This law makes it illegal for companies to collect third-party data to profile you. But they do anyway</a>
</strong>
</em>
</p>
<hr>
<p>Some entities also use “address-harvesting” software to search the internet for electronic addresses that are captured in a database. The collector then uses these addresses directly, or sells them to others looking to send spam. </p>
<p>Many jurisdictions (including <a href="http://www8.austlii.edu.au/cgi-bin/viewdoc/au/legis/cth/consol_act/sa200366/s19.html">Australia</a>) prohibit these harvesting activities, but they are still <a href="https://www.projecthoneypot.org/statistics.php">common</a>.</p>
<h2>Is spamming against the law?</h2>
<p>Australia has had legislation regulating spam messaging since 2003. But the <a href="https://www.legislation.gov.au/Details/C2016C00614">Spam Act</a> surprisingly does not define the word “spam”. It tackles spam by prohibiting the sending of <a href="http://www8.austlii.edu.au/cgi-bin/viewdoc/au/legis/cth/consol_act/sa200366/s15.html">unsolicited commercial electronic messages</a> containing offers, ads or other promotions of goods, services or land.</p>
<p>However, if the receiver <a href="http://www8.austlii.edu.au/cgi-bin/viewdoc/au/legis/cth/consol_act/sa200366/sch2.html">consented</a> to these types of messages, the prohibition does not apply. When you buy goods or services from a company, you will often see a request to click on a “yes” button to receive marketing promotions. Doing so means you have consented.</p>
<p>On the other hand, if your phone or inbox are hit by commercial messages you haven’t agreed to receive, that is a breach of the <a href="https://austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/sa200366/">Spam Act</a> by the sender. If you originally signed up to receive the messages, but then unsubscribed and the messages kept coming after <a href="https://austlii.edu.au/cgi-bin/viewdoc/au/legis/cth/consol_act/sa200366/sch2.html">five business days</a>, that is also illegal. Senders must also include a <a href="https://austlii.edu.au/cgi-bin/viewdoc/au/legis/cth/consol_act/sa200366/s18.html">functioning unsubscribe facility</a> in every commercial message they send.</p>
<p>Spammers can be penalised for breaches of the Spam Act. In the past few months alone, <a href="https://www.acma.gov.au/articles/2023-06/commonwealth-bank-penalised-355-million-spam-breaches">Commonwealth Bank</a>, <a href="https://www.acma.gov.au/articles/2023-08/doordash-penalised-2-million-spam-breaches">DoorDash</a> and <a href="https://www.acma.gov.au/articles/2023-06/mycar-tyre-auto-penalised-1m-spam-breaches">mycar Tyre & Auto</a> were fined more than A$6 million in total for breaches. </p>
<p>However, most spam comes from outside Australia where the laws aren’t the same. In the United States spam is legal under the <a href="https://www.ftc.gov/business-guidance/resources/can-spam-act-compliance-guide-business">CAN-SPAM Act</a> until you opt out. Unsurprisingly, the US <a href="https://talosintelligence.com/reputation_center/email_rep#spam-country-senders">tops the list</a> of countries where the most spam originates. </p>
<p>Although spam sent to Australia from overseas <a href="https://austlii.edu.au/cgi-bin/viewdoc/au/legis/cth/consol_act/sa200366/s16.html">can still breach</a> the Spam Act – and the Australian Communications and Media Authority (ACMA) co-operates with overseas regulators – overseas enforcement actions are difficult and expensive, especially if the spammer has disguised their true identity and location. </p>
<p>It’s worth noting that messages from political parties, registered charities and government bodies aren’t prohibited – nor are messages from educational institutions to students and former students. So while you might consider these messages as “spam”, they can legally be <a href="http://www8.austlii.edu.au/cgi-bin/viewdoc/au/legis/cth/consol_act/sa200366/sch1.html">sent freely without consent</a>. Factual messages (without marketing content) from businesses are also legal as long as they include accurate sender details and contact information. </p>
<p>Moreover, the Spam Act generally only covers spam sent via email, SMS/MMS or instant messaging services, such as WhatsApp. Voice calls and faxes aren’t covered (although you can use the <a href="https://www.donotcall.gov.au/">Do Not Call Register</a> to block some commercial calls).</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/ai-generated-spam-may-soon-be-flooding-your-inbox-and-it-will-be-personalized-to-be-especially-persuasive-201535">AI-generated spam may soon be flooding your inbox -- and it will be personalized to be especially persuasive</a>
</strong>
</em>
</p>
<hr>
<h2>Staying safe from spam (and cyberattacks)</h2>
<p>Spam isn’t only annoying, it can also be dangerous. Spam messages can contain indecent images, scams and <a href="https://www.cyber.gov.au/learn-basics/explore-basics/watch-out-threats/phishing-emails-and-texts">phishing attempts</a>. Some have <a href="https://www.cyber.gov.au/threats/types-threats/malware">malware</a> (malicious software) designed to break into computer networks and cause harm, such as by stealing data or money, or shutting down systems. </p>
<p>The <a href="https://www.cyber.gov.au/protect-yourself/securing-your-email/email-security/protect-yourself-malicious-email">Australian Cyber Security Centre</a> and <a href="https://www.acma.gov.au/dealing-with-spam">ACMA</a> provide useful tips for reducing the spam you get and your risk of being hit by cyberattacks. They suggest to:</p>
<ol>
<li><p>use a spam filter and block spammers – email and telecommunications providers often supply useful tools as part of their services</p></li>
<li><p>unsubscribe from any emails you no longer want to receive – even if you originally agreed to receive them</p></li>
<li><p>remove as much of your contact details from websites as you can and always restrict the sharing of your personal information (such as name, birth date, email address and mobile number) when you can – beware of pre-ticked boxes asking for your consent to receive marketing emails </p></li>
<li><p>install cybersecurity updates for your devices and software as you get them</p></li>
<li><p>always think twice about opening emails or clicking on links, especially for messages promising rewards or asking for personal information – if it looks too good to be true, it probably is </p></li>
<li><p>use <a href="https://theconversation.com/what-is-multi-factor-authentication-and-how-should-i-be-using-it-191591">multi-factor authentication</a> to access online services so even if a scam compromises your login details, it will still be difficult for hackers to break into your accounts</p></li>
<li><p>report spam to your email and telecommunications providers, and to <a href="https://www.acma.gov.au/dealing-with-spam#complain-or-forward-spam-to-the-acma">ACMA</a>. </p></li>
</ol>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/australians-lost-more-than-3bn-to-scammers-in-2022-here-are-5-emerging-scams-to-look-out-for-204018">Australians lost more than $3bn to scammers in 2022. Here are 5 emerging scams to look out for</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/208665/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Kayleen Manwaring receives funding from the UNSW Allens Hub for Technology, Law & Innovation, and the Cyber Security Cooperative Research Centre.</span></em></p>One of the first ‘spam’ messages on record was sent in 1854.Kayleen Manwaring, Senior Research Fellow, UNSW Allens Hub for Technology, Law & Innovation and Senior Lecturer, School of Private & Commercial Law, UNSW Law & Justice, UNSW SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2116652023-08-22T20:07:55Z2023-08-22T20:07:55Z‘My brother will pick it up, what’s your PayID?’ How to avoid this scam when selling stuff online<figure><img src="https://images.theconversation.com/files/543858/original/file-20230822-29-9e3281.jpg?ixlib=rb-1.1.0&rect=1023%2C251%2C4113%2C2658&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://unsplash.com/photos/7JRPca6UqXc">Jenny Ueberberg/Unsplash</a></span></figcaption></figure><p>You’ve done it. You’ve finally bought that new sofa you wanted so much. The old one is still perfectly good to sit on, so you jump online to try and get a little bit of cash for it.</p>
<p>Every day, thousands of Australians list their unwanted things on online trading sites such as Facebook Marketplace and Gumtree. It’s a fast and convenient option, not to mention <a href="https://theconversation.com/rethinking-the-big-spring-clean-chuck-out-frenzy-how-keeping-old-things-away-from-the-landfill-can-spark-joy-in-its-own-way-195568">it helps us to divert goods from landfill</a>.</p>
<p>Unfortunately, scammers constantly target unsuspecting buyers and sellers. More than <a href="https://www.scamwatch.gov.au/research-and-resources/scam-statistics?scamid=15&date=2022">A$45 million</a> was reported lost through fraudulent buying and selling schemes in 2022. </p>
<p>The popularity of online marketplaces has made them a fertile ground for fraudsters. There have been <a href="https://www.abc.net.au/news/2023-07-04/what-can-you-do-to-protect-yourself-when-selling-online/102555278">recent reports</a> of offenders using these platforms to physically attack those selling goods.</p>
<p>However, it is more likely scammers will try to gain money through payment methods. The PayID scam is a popular example of this, with Australians <a href="https://www.abc.net.au/news/2023-02-07/payid-scam-send-money-to-unlock-business-account/101935092">losing more than $260,000</a> through this specific approach in 2022. </p>
<h2>What is PayID?</h2>
<p>PayID is a legitimate form of electronic payment introduced <a href="https://www.rba.gov.au/publications/bulletin/2018/sep/the-new-payments-platform-and-fast-settlement-service.html">in Australia in 2018</a> to overcome incorrect payments as well as reduce fraud – by showing the recipient’s name to the person making the transaction. It aims to simplify the transfer of money. Importantly, PayID reduces the need to remember bank account and BSB numbers, and overcomes the issue when these are entered incorrectly.</p>
<p>To set up a PayID, consumers can use their phone number, email address or ABN as a form of identification. The bank will verify the person owns this information, and then link the person’s bank account to this unique identifier. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/543856/original/file-20230822-28-dk5oub.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A black and blue text box outlining how the service works and warning people it has been the target of scams." src="https://images.theconversation.com/files/543856/original/file-20230822-28-dk5oub.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/543856/original/file-20230822-28-dk5oub.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=356&fit=crop&dpr=1 600w, https://images.theconversation.com/files/543856/original/file-20230822-28-dk5oub.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=356&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/543856/original/file-20230822-28-dk5oub.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=356&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/543856/original/file-20230822-28-dk5oub.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=447&fit=crop&dpr=1 754w, https://images.theconversation.com/files/543856/original/file-20230822-28-dk5oub.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=447&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/543856/original/file-20230822-28-dk5oub.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=447&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Screenshot of the official PayID website.</span>
<span class="attribution"><a class="source" href="https://payid.com.au/">PayID</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span>
</figcaption>
</figure>
<p>To transfer money using PayID, most online banking systems will ask for the PayID of the recipient. By simply typing in the phone number, email address or ABN, it will show the name of the intended recipient. If it is correct, the customer can authorise payment to be made. If the name shown is incorrect, the customer can easily cancel the transaction.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/payid-data-breaches-show-australias-banks-need-to-be-more-vigilant-to-hacking-123529">PayID data breaches show Australia's banks need to be more vigilant to hacking</a>
</strong>
</em>
</p>
<hr>
<h2>How does the PayID scam work?</h2>
<p>If you’re advertising an item online, a scammer will make contact to purchase the item. They usually will not question the price, and they are unlikely to even want to view the item. In many cases, they will say a family member or friend will collect it from you.</p>
<p>The offender will then urge you to accept payment through PayID. Once you’ve shared your PayID (usually phone number or email address) and the scammer has this information, a few things may happen. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/543854/original/file-20230822-17-t6ojlq.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Two messages in various styles stating a family member will pick up an item and asking for payID details" src="https://images.theconversation.com/files/543854/original/file-20230822-17-t6ojlq.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/543854/original/file-20230822-17-t6ojlq.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=194&fit=crop&dpr=1 600w, https://images.theconversation.com/files/543854/original/file-20230822-17-t6ojlq.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=194&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/543854/original/file-20230822-17-t6ojlq.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=194&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/543854/original/file-20230822-17-t6ojlq.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=244&fit=crop&dpr=1 754w, https://images.theconversation.com/files/543854/original/file-20230822-17-t6ojlq.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=244&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/543854/original/file-20230822-17-t6ojlq.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=244&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Examples of PayID scam messages received via Facebook Marketplace.</span>
<span class="attribution"><span class="source">The Conversation</span>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span>
</figcaption>
</figure>
<p>The offender will say they have made the payment, but it cannot be processed because you don’t have a suitable PayID account. You will be told you either need to “upgrade” the account and/or make an additional payment to release the funds.</p>
<p>The offender will then say they have paid the extra amount required and ask you to reimburse the additional funds they have spent. If you do transfer any money, it will go straight to the scammer and be lost. </p>
<p>As part of this, offenders will create text messages and emails that appear to be from PayID, confirming payments or advising of problems. Scarily, such messages may even appear in an existing SMS thread with your bank. You may think they are genuine, but they are fake, designed to deceive you into transferring money to the offender.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/scammers-can-slip-fake-texts-into-legitimate-sms-threads-will-a-government-crackdown-stop-them-200644">Scammers can slip fake texts into legitimate SMS threads. Will a government crackdown stop them?</a>
</strong>
</em>
</p>
<hr>
<h2>How do I avoid a PayID scam?</h2>
<p>There are several warning signs to look out for when selling goods online:</p>
<ul>
<li><p>PayID is a free service. There are no costs associated with using it, and therefore no fees will ever need to be paid</p></li>
<li><p>PayID is administered through individual banks. PayID will never communicate directly with customers through texts, emails, or phone calls. Any correspondence which says it is “from PayID” is fake</p></li>
<li><p>a genuine buyer will usually inspect and collect any goods. A buyer who says they will send a family member or friend to collect the item is a red flag, especially if they are unwilling to pay in cash.</p></li>
</ul>
<h2>What to do if you have been scammed?</h2>
<p>If you think you have been a victim of a PayID scam, you should contact your bank or financial institution immediately. The quicker you can do this, the better. </p>
<p>You can report any financial losses to <a href="https://www.cyber.gov.au/report-and-recover/report">ReportCyber</a>, an online police reporting portal for cyber incidents. </p>
<p>You can also <a href="https://www.scamwatch.gov.au/report-a-scam">report the incident to Scamwatch</a> to assist with education and awareness activities.</p>
<p>If you have had any of your personal information compromised, you can <a href="https://www.idcare.org/support-services/individual-support-services">access support from IDCARE</a>. </p>
<p>In 2023 so far, Australians have reported more than <a href="https://www.scamwatch.gov.au/research-and-resources/scam-statistics?scamid=15&date=2023">$32 million</a> lost to buying and selling schemes, including the PayID scam. Stay vigilant when buying or selling goods online, and <a href="https://www.scamwatch.gov.au/types-of-scams/product-and-service-scams">consult the Scamwatch website</a> for details on other types of scams.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/being-bombarded-with-delivery-and-post-office-text-scams-heres-why-and-what-can-be-done-167975">Being bombarded with delivery and post office text scams? Here's why — and what can be done</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/211665/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Cassandra Cross has previously received funding from the Australian Institute of Criminology and the Cybersecurity Cooperative Research Centre.</span></em></p>All you wanted was to sell your sofa online. So why are so many ‘buyers’ suddenly insisting on using your PayID?Cassandra Cross, Associate Dean (Learning & Teaching) Faculty of Creative Industries, Education and Social Justice, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2106632023-08-10T12:25:02Z2023-08-10T12:25:02ZAI threatens to add to the growing wave of fraud but is also helping tackle it<figure><img src="https://images.theconversation.com/files/541723/original/file-20230808-19-q8t3ng.jpg?ixlib=rb-1.1.0&rect=0%2C24%2C5452%2C3812&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The government, banks and other financial organisations are now dealing with fraud by using increasingly sophisticated detection methods.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/internet-fraud-darknet-data-thiefs-cybercrime-1716862513">Maksim Shmeljov/Shutterstock</a></span></figcaption></figure><p>There were <a href="https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/articles/natureoffraudandcomputermisuseinenglandandwales/yearendingmarch2022">4.5 million</a> reported incidents of fraud in the UK in 2021/22, up 25% on the year before. It is a growing problem which costs billions of pounds every year. </p>
<p>The COVID pandemic and the cost of living crisis have created <a href="https://www.bbc.co.uk/news/business-55769991">ideal conditions</a> for fraudsters to exploit the vulnerability and desperation of many households and businesses. And with the use of AI increasing in general, we will likely see a further increase in <a href="https://www2.deloitte.com/uk/en/blog/auditandassurance/2023/generative-ai-and-fraud-what-are-the-risks-that-firms-face.html">new types of fraud</a> and is probably contributing to the increased frequency of fraud we are seeing today. </p>
<p>Already, the ability of AI to absorb personal data, such as emails, photographs, videos and <a href="https://www.cbsnews.com/news/scammers-ai-mimic-voices-loved-ones-in-distress/#:%7E:text=Artificial%20intelligence%20is%20making%20phone,mounting%20losses%20due%20to%20fraud.">voice recordings</a> to imitate people is proving to be a new and unprecedented challenge. </p>
<p>But there is also an upside. The government, banks and other financial organisations are now fighting back with increasingly sophisticated fraud-detection methods. AI and machine learning models could be a <a href="https://www.weforum.org/agenda/2023/04/as-generative-ai-gains-pace-industry-leaders-explain-how-to-make-it-a-force-for-good/">part of the solution</a> to deal with the increasing complexity, sophistication and prevalence of such scams.</p>
<p>The rising gap between prices and people’s incomes appears to have made people more <a href="https://www.citizensadvice.org.uk/about-us/about-us1/media/press-releases/over-40-million-targeted-by-scammers-as-the-cost-of-living-crisis-bites/">receptive</a> to scams which offer grants, rebates and support payments. </p>
<p>Fraudsters often target individuals by posing as genuine organisations. Examples include pretending to be your bank or posing as the government telling you that you are eligible for a lucrative scheme, in order to steal your identity details and then money. </p>
<p>This follows a dramatic rise in recent years of fraudulent applications to government and regional support packages, mainly implemented in response to the pandemic. Here fraudsters often pose as fake businesses to secure multiple loans or grants. </p>
<p>One of the <a href="https://www.manchestereveningnews.co.uk/news/greater-manchester-news/man-who-pretended-greggs-bakery-27251086">most outlandish examples</a> of this was a Luton man who posed as a Greggs bakery to swindle three local authorities in England out of almost £200,000 worth of COVID small business grants.</p>
<p>The hurried roll out of such schemes for faster economic impact made it difficult for officials to effectively review applications. The UK government’s Department for Business and Trade now <a href="https://www.bbc.co.uk/news/business-59504943">estimates</a> that 11% of such loans, roughly £5 billion, were fraudulent. By March 2022 only £762 million <a href="https://www.gov.uk/government/publications/hmrc-issue-briefing-tackling-error-and-fraud-in-the-covid-19-support-schemes/tackling-error-and-fraud-in-the-covid-19-support-schemes">had been recovered</a>.</p>
<h2>Fraud detection</h2>
<p>Over the past few years, complex mathematical models combining traditional statistical techniques and machine learning analysis have shown promise in the <a href="https://onlinelibrary.wiley.com/doi/abs/10.1111/acfi.12742">early detection</a> of financial statement fraud. This is when companies typically misrepresent or deceive investors into believing they are more profitable than they really are.</p>
<p>One of the breakthroughs has been the incorporation of both financial and non-financial information into data analysis systems. For example, the risk of fraud decreases if there is <a href="https://onlinelibrary.wiley.com/doi/abs/10.1111/acfi.12742">better corporate governance</a> and a lower proportion of directors who are also executives. </p>
<p>In a small business context, we can think about this as promoting transparency and making sure that important positions do not have sole authority to make significant decisions. </p>
<p>Such data analytics models can be used to rank applications in terms of potential fraud risk, so that the riskiest applications get additional scrutiny by government officials. We are now starting to see implementations of such systems to tackle <a href="https://www.theguardian.com/society/2023/jul/11/use-of-artificial-intelligence-widened-to-assess-universal-credit-applications-and-tackle">universal credit</a> fraud, for example.</p>
<p><a href="https://www.ft.com/content/0dca8946-05c8-11e8-9e12-af73e8db3c71">Banks, financial services providers</a> and <a href="https://www.ft.com/content/d3bd46cb-75d4-40ff-a0cd-6d7f33d58d7f">insurers</a> are developing machine-learning models to detect financial fraud too. A Bank of England survey published in October 2022 <a href="https://www.bankofengland.co.uk/report/2022/machine-learning-in-uk-financial-services">revealed</a> that 72% of financial services firms are already testing and implementing them. </p>
<p>We are also seeing new collaborations in the industry, with the likes of Deutsche Bank partnering with chip maker Nvidia to <a href="https://www.db.com/news/detail/20221207-deutsche-bank-partners-with-nvidia-to-embed-ai-into-financial-services">embed AI</a> into their fraud detection systems.</p>
<h2>Risks of AI systems</h2>
<p>However, the advent of new automated AI systems bring with it worries of potential unintended biases within them. In a <a href="https://www.bbc.co.uk/news/uk-politics-66133665">recent trial</a> of a new AI fraud detection system by the Department of Work and Pensions, campaign groups were worried about potential biases. </p>
<p>A common issue that needs to be overcome with such systems is that they work for the majority of people, but are often biased against minority groups. This means if left unadjusted they are disproportionately more likely to flag applications from ethnic minorities as risky.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/scams-deepfake-porn-and-romance-bots-advanced-ai-is-exciting-but-incredibly-dangerous-in-criminals-hands-199004">Scams, deepfake porn and romance bots: advanced AI is exciting, but incredibly dangerous in criminals' hands</a>
</strong>
</em>
</p>
<hr>
<p>But AI systems should not be used as a fully automated process to detect and accuse fraud but rather <a href="https://www.ft.com/content/2df33fc5-981a-4952-8dc6-d4eee7343acc">as a tool</a> to assist assessors. They can help auditors and civil servants, for example, to identify cases where greater scrutiny is required and to reduce processing time.</p><img src="https://counter.theconversation.com/content/210663/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Adrian Gepp has received funding from the Accounting and Finance Association of Australia and New Zealand. He is also affiliated with the Association of Certified Fraud Examiners. </span></em></p><p class="fine-print"><em><span>Laurence Jones does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Fraud was up 25% in the UK in 2021/22.Laurence Jones, Lecturer in Finance, Bangor UniversityAdrian Gepp, Professor of Data Analytics, Bangor UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2101242023-08-04T12:29:00Z2023-08-04T12:29:00ZOnline romance scams: Research reveals scammers’ tactics – and how to defend against them<figure><img src="https://images.theconversation.com/files/540850/original/file-20230802-18-uz84g3.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C12125%2C7478&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Sometimes, true love is too good to be true.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/illustration/romance-scam-dating-scam-cyber-crime-hacking-royalty-free-illustration/1304684845">kate3155/iStock via Getty Images</a></span></figcaption></figure><p>In the Netflix documentary “<a href="https://www.netflix.com/title/81254340">The Tinder Swindler</a>,” victims exposed notorious con artist <a href="https://www.deseret.com/entertainment/2023/1/17/23559144/the-tinder-swindler-where-is-simon-leviev-now">Simon Leviev</a>, who posed as a wealthy diamond mogul on the popular dating app Tinder to deceive and scam numerous women out of millions of dollars. Leviev is a flashy example of a dating scammer, but criminal operations also prey on emotionally vulnerable people to gain their trust and exploit them financially. </p>
<p>The internet has revolutionized dating, and there has been a <a href="https://www.liebertpub.com/doi/10.1089/cyber.2021.29219.editorial">surge in U.S. adults using apps to find ideal matches</a> post-pandemic. While these apps offer convenience for connecting with romantic partners, they also open the door to online romance scams. Criminals create both deceptive profiles and urgent scenarios to carry out the scam.</p>
<p>The Federal Trade Commission reports that <a href="https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2023/02/romance-scammers-favorite-lies-exposed">nearly 70,000 Americans fell victim to online romantic scams in 2022</a>, with reported losses topping US$1.3 billion. </p>
<p>Online romance scams exploit people through calculated online social engineering and deliberately deceptive communication tactics. In a series of research projects, my colleagues from <a href="https://ebcs.gsu.edu/">Georgia State University</a>, <a href="https://scholar.google.com/citations?hl=en&user=ecCbt3MAAAAJ">University of Alabama</a>, <a href="https://scholar.google.com/citations?hl=en&user=08ks5G0AAAAJ">University of South Florida</a> and I focused on understanding how scammers operate, the cues that may prompt changes in their tactics and what measures people can take to defend themselves against falling victim to this scam. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/Ev0VEqxpKxg?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Simon Leviev, the ‘Tinder Swindler,’ conned several women by posing as a diamond mogul.</span></figcaption>
</figure>
<h2>How online romantic scams work</h2>
<p>Online romance scams are not coincidental. They’re carefully planned schemes that follow distinct stages. Research has <a href="https://doi.org/10.1057/sj.2012.57">identified five stages</a>: </p>
<ul>
<li>Baiting victims with attractive profiles. </li>
<li>Grooming victims with intimacy. </li>
<li>Creating crises to extract money.</li>
<li>On occasion manipulating victims with blackmail. </li>
<li>Revealing the scam. </li>
</ul>
<p>In short, scammers do not swindle victims by chance. They plan their actions in advance, patiently following their playbooks to ensure profitable outcomes. Scammers worm their way into a victim’s heart to gain access to their money through false pretenses.</p>
<p>In a previous study, my colleague <a href="https://scholar.google.com/citations?user=wHPMweEAAAAJ&hl=en">Volkan Topalli</a> and I analyzed victim testimonials from the website stop-scammers.com. Our research revealed scammers’ use of <a href="https://doi.org/10.1007/s12103-022-09706-4">various social engineering techniques and crisis stories</a> to prompt urgent requests. Scammers leveraged social norms, guilt and supposed emergencies to manipulate victims. Scammers also paid close attention to communication patterns and adapted their tactics based on victims’ responses. This interplay significantly influenced the overall operation of the scam. </p>
<p>Across the globe, online romance scammers use different techniques that vary across cultures to successfully defraud victims. In my recent research, for example, I looked closely into an <a href="https://doi.org/10.1080/15564886.2022.2051109">online romance scam in China</a> called “Sha Zhu Pan,” which loosely translates to “Pig Butchering Scam.” In Sha Zhu Pan, scammers bait and groom victims for financial exploitation through well-structured group setups. Multiple scammers across four groups – hosts, resources, IT and money laundering – persuade victims through romantic tactics to invest in fake apps or use fake gambling websites, convincing them to pay more and more without ever receiving their money back. Hosts interact with victims, resources members identify targets and collect information about them, IT creates the fake apps and websites, and the money launderers process the ill-gotten gains.</p>
<h2>Deterrence and rewards</h2>
<p>Like <a href="https://doi.org/10.1093/bjc/42.2.337">street robbers</a>, online romance scammers can be influenced both positively and negatively by a range of situational cues that serve as incentives or deterrents. </p>
<p>Our investigation showed that deterrent messages <a href="http://dx.doi.org/10.21428/cb6ab371.c6eae022">can significantly affect scammers’ behavior</a>. Here’s an example of a deterrent message: “I know you are scamming innocent people. My friend was recently arrested for the same offense and is facing five years in prison. You should stop before you face the same fate.” Based on live conversations with active scammers online, our recent analysis suggests that receiving deterrent messages reduced scammers’ response rate and their use of certain words, and increased the likelihood that when they sought further communications, they admitted they had done something wrong. </p>
<p>Our observations indicate that scammers not only <a href="https://doi.org/10.1080/01639625.2023.2197547">diversify their approaches</a> to prompt more responses, such as appealing to their romantic relationships, asking for identifying information and requesting victims switch to private chat platforms, but they also use several techniques for getting victims to <a href="https://www.crimrxiv.com/pub/zgfxej63">overcome their misgivings</a> about sending the scammers more money. For example, scammers subtly persuade victims to see themselves as holding more power in the interaction than they do. </p>
<h2>Blocking scammers</h2>
<p>There are methods that could help users defend against online romance scams. </p>
<p>In experimental findings, my colleagues and I suggest online apps, especially dating apps, implement warning messages. An example would be applying linguistics algorithms to identify keywords like “money,” “MoneyGram” and “bank” in conversations to alert potential victims of the scam and deter scammers from engaging further. </p>
<p>In addition, apps can use tools to detect counterfeit profile pictures and other types of image fraud. By concentrating on identifying scammers’ use of counterfeit profile pictures, this advanced algorithm holds the potential to preemptively hinder scammers from establishing fake profiles and initiating conversations from the outset. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/-HF5UL69eG0?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">The FBI gives advice on how to protect yourself from romance scams.</span></figcaption>
</figure>
<h2>How to protect yourself</h2>
<p>Online dating app users can take precautions when talking to strangers. There are five rules users should follow to steer clear of scammers: </p>
<ol>
<li>Avoid sharing financial information with or sending money to strangers. </li>
<li>Refrain from sending private photos to strangers. </li>
<li>Pay attention to spelling and grammar because scammers often claim to reside in English-speaking countries when they actually operate in non-Western countries. </li>
<li>Use image and name-reverse searches.</li>
<li>Confide in family and friends if you grow suspicious. </li>
</ol>
<p>One last piece of advice to empower those who have fallen victim to online romance scams: Don’t blame yourself. </p>
<p>Take the courageous step of breaking free from the scam and seek support. Reach out to your loved ones, trustworthy third-party organizations and law enforcement agencies for help. This support network is essential in helping you restart your life and move forward.</p><img src="https://counter.theconversation.com/content/210124/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Fangzhou Wang does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Dating apps have given an ancient profession, confidence scamming, a high-tech boost.Fangzhou Wang, Assistant Professor of Criminology and Criminal Justice, University of Texas at ArlingtonLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2095852023-07-12T07:25:14Z2023-07-12T07:25:14ZAustralia can learn from the UK’s experience by making banks pay for scam losses<figure><img src="https://images.theconversation.com/files/536982/original/file-20230712-17-4d2fj4.jpg?ixlib=rb-1.1.0&rect=0%2C454%2C4888%2C2462&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>British banks will soon be required to reimburse customers who fall victim to authorised push payment fraud – where a scammer convinces you to authorise a payment, generally by masquerading as a legitimate business or person.</p>
<p>The new rules from the UK’s <a href="https://www.psr.org.uk/">Payment Systems Regulator</a> are intended to incentivise all businesses involved in payments to take more action against scam activity, with reimbursement costs split 50:50 between the bank that sends and the bank that receives the payment.</p>
<p>There is a strong case that banks and other payment providers in Australia (and New Zealand) should be made to do the same. Scam-related losses are soaring, and banks are falling short of detecting, stopping and recovering losses.</p>
<p>In 2022 Australians <a href="https://www.accc.gov.au/system/files/Targeting%20scams%202022.pdf">lost at least $3.1 billion</a> to scams – an 80% increase on 2021. The Australian Competition and Consumer Commission says the actual losses were far higher, because about 30% of victims don’t report their loss to anyone.</p>
<p>While the biggest losses came from investment scams (totalling $1.5 billion), payment redirection scams – where a scammer impersonates a business or individual asking for payment – amounted to A$224 million. </p>
<p>Among the most vulnerable groups are older people (25% of losses were reported by those aged 65+), people with a disability (6% of reported losses), and people from culturally and linguistically diverse communities (almost 10% of reported losses).</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/australians-lost-more-than-3bn-to-scammers-in-2022-here-are-5-emerging-scams-to-look-out-for-204018">Australians lost more than $3bn to scammers in 2022. Here are 5 emerging scams to look out for</a>
</strong>
</em>
</p>
<hr>
<h2>What are Australian banks doing?</h2>
<p>No regulations oblige Australian banks to reimburse scam victims, though some banks
have self-governed reimbursement policies. </p>
<p>While banks have dedicated fraud teams to prevent scams and support victims, the most recent review of the four major banks’ processes by the Australian Investments and Securities Commission, <a href="https://download.asic.gov.au/media/mbhoz0pc/rep761-published-20-april-2023.pdf">published in April</a>, says they detected and stopped just 13% of scam payments.</p>
<p>Reimbursement policies and practices varied from bank to bank but the overall rate was low – ranging from 2% to 5%.</p>
<p>The review described the banks’ approaches to liability, reimbursement and compensation as “inconsistent and generally very narrow”.</p>
<h2>Why the UK has made banks responsible</h2>
<p>The greater obligations being imposed on British banks follows attempts by the UK’s <a href="https://www.psr.org.uk/">Payment Systems Regulator</a> to improve consumer protections through a voluntary code of conduct. </p>
<p>Introduced in May 2019, this voluntary code was intended, under certain conditions, to ensure the reimbursement of victims of “authorised push payment” scams. These conditions included the customer taking reasonable care and notifying any scam incident to the bank.</p>
<p>It had modest success, with <a href="https://www.psr.org.uk/news-and-updates/latest-news/news/psr-sets-out-proposals-to-give-greater-protection-against-app-scams/">46% of reported scam losses</a> being reimbursed between 2020 and 2022.</p>
<p>But the Payment Systems Regulator wants 95%. So it has pressed for a mandatory reimbursement scheme. Under the new provisions money must be reimbursed within 48 hours of a fraud being reported. </p>
<p>The idea is to get banks to put more effort into detecting and preventing scams.</p>
<p>Overall, the UK has accepted the need for a more regimented regulatory approach over a market-based one.</p>
<h2>A more pragmatic approach needed</h2>
<p>While the Australian Investments and Securities Commission’s own reports have revealed the sorry state of scam prevention, management, and reimbursement practices at major banks, the regulatory body is still not walking in the footsteps of the UK. It is instead advising banks to improve their governance and scam management practices. </p>
<p>The Australian Banking Association, which represents the banking sector, has strongly argued against regulation supporting mandatory reimbursement. It has even suggested this <a href="https://www.smh.com.au/business/banking-and-finance/big-banks-fight-push-for-billions-of-dollars-in-scam-refunds-20220131-p59sp3.html">could increase scamming losses</a> because of the risk customers will take less care if they know any losses will be covered by their bank. It has called for greater personal responsibility in preventing scam losses. </p>
<p>But such an argument ignores the effects of the digitisation push by financial service providers, which has made scamming so much easier. Scammers are also becoming more sophisticated. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/scams-deepfake-porn-and-romance-bots-advanced-ai-is-exciting-but-incredibly-dangerous-in-criminals-hands-199004">Scams, deepfake porn and romance bots: advanced AI is exciting, but incredibly dangerous in criminals' hands</a>
</strong>
</em>
</p>
<hr>
<p>The statistics speak for themselves. Scamming losses are increasing. Recovery rates are meagre. A more pragmatic approach based on this reality and banks’ fiduciary responsibilities is needed.</p><img src="https://counter.theconversation.com/content/209585/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Muhammad Al Mamun does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The UK tried a voluntary code before making banks accountable for scam losses. Australia can learn from that lesson.Muhammad Al Mamun, Senior Lecturer in Finance, La Trobe UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2040182023-04-21T03:39:42Z2023-04-21T03:39:42ZAustralians lost more than $3bn to scammers in 2022. Here are 5 emerging scams to look out for<figure><img src="https://images.theconversation.com/files/522269/original/file-20230421-15-jncq5b.png?ixlib=rb-1.1.0&rect=228%2C213%2C1377%2C1003&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Facebook</span></span></figcaption></figure><p>The Australian Competition and Consumer Commission’s latest <a href="https://www.accc.gov.au/system/files/Targeting%20scams%202022.pdf">Targeting Scams report</a> indicates Australians reported more than A$3 billion lost to fraud in 2022. This is about a $1 billion increase on <a href="https://theconversation.com/australians-lost-2b-to-fraud-in-2021-this-figure-should-sound-alarm-bells-for-the-future-186459">reported losses from 2021</a>. </p>
<p>Year upon year, we’re witnessing a rise in monetary losses to fraud. Behind these figures sit millions of Australians who experience a range of financial and non-financial <a href="https://www.aic.gov.au/sites/default/files/2020-05/29-1314-FinalReport.pdf">harms</a>. </p>
<p>Here’s what we’ve learned from the latest report – and some advice on what to look out for in the year ahead. </p>
<h2>2022 at a glance</h2>
<p>Of the reported $3 billion lost, about half was stolen as part of investment schemes – more than double the $701 million figure from 2021. A desire to invest in cryptocurrency has driven up these losses, with potential investors inadvertently transferring money to offenders advertising a range of falsehoods. </p>
<p>Remote access schemes – in which a scammer convinces the victim to grant them access to their computer – jumped into second place, with $229 million in reported losses. This was followed by payment redirection scams (also known as business email compromise fraud). </p>
<p>Those who reported directly to Scamwatch lost an average of $19,654 – an increase of 54% from the $12,742 reported in 2021. </p>
<p>The report also shows not all victims are targeted equally; people aged 65 years and older reported the highest losses across all demographics. Indigenous Australians, people with a disability, and those from culturally and linguistically diverse backgrounds were also overrepresented.</p>
<p>For the first time in many years, text message was the most popular method for offenders to target victims. And while bank transfers were the most popular way to send funds to offenders, <a href="https://theconversation.com/crypto-theft-is-on-the-rise-heres-how-the-crimes-are-committed-and-how-you-can-protect-yourself-176027">cryptocurrency transfers</a> continue to increase in popularity – rising 162.4% in one year. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=286&fit=crop&dpr=1 600w, https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=286&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=286&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=360&fit=crop&dpr=1 754w, https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=360&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=360&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Scammers are always looking for new ways to deceive people, and this often involves trying to build rapport.</span>
<span class="attribution"><span class="source">Michael Lucy</span></span>
</figcaption>
</figure>
<p>There was, however, a reduction in fraudulent phone calls. This is likely attributable to the introduction of <a href="https://www.commsalliance.com.au/__data/assets/pdf_file/0015/72150/C661_2022.pdf">regulatory action</a> to block known scam calls. It’s a bright spot in an otherwise dark report.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/scammers-can-slip-fake-texts-into-legitimate-sms-threads-will-a-government-crackdown-stop-them-200644">Scammers can slip fake texts into legitimate SMS threads. Will a government crackdown stop them?</a>
</strong>
</em>
</p>
<hr>
<h2>Trends to look out for</h2>
<p>The Targeting Scams report demonstrates the many ways offenders seek to defraud victims. On one hand, people are becoming more aware of common scam tactics. On the other, criminals are adjusting their methods to gain the upper hand. </p>
<p>Here are five types of relatively lesser-known frauds everyone should be aware of.</p>
<p><strong>1. Romance baiting</strong></p>
<p>Also known as “<a href="https://news.sophos.com/en-us/2021/05/12/fake-android-and-ios-apps-disguise-as-trading-and-cryptocurrency-apps/">cryptorom</a>” or “<a href="https://krebsonsecurity.com/2022/07/massive-losses-define-epidemic-of-pig-butchering/">pig butchering</a>”, this scam is a convergence of investment fraud and traditional romance fraud approaches. </p>
<p>The offender first initiates a relationship with the victim – through dating apps, websites or social media platforms. Once they’ve established trust, they encourage the victim to put their money into an “investment” opportunity, often cryptocurrency. The victim will then unknowingly transfer their money to the offender, who is under a different guise. </p>
<p>This kind of romance baiting raises fewer red flags than directly asking for money, and is targeting a younger demographic compared to more traditional romance fraud. </p>
<p>Such deceptions are coded under investment schemes. This is likely driving the surge in investment scheme losses reported in recent years, while also accounting for a lack of substantial increases in romance fraud.</p>
<p><strong>2. Online shopping fraud</strong></p>
<p>Offenders are skilled at creating fake websites and product advertisements that look genuine.</p>
<p>Often these fake sites will have only subtle differences from their real counterparts. Consumers may not be able to tell the difference. Criminals can directly access funds through victims’ credit card details obtained on these sites. </p>
<p>Online shopping fraud targets a range of demographics. It’s happening on stand-alone websites, social media platforms and online marketplaces.</p>
<p><strong>3. Jobs and employment fraud</strong></p>
<p><a href="https://research.qut.edu.au/centre-for-justice/wp-content/uploads/sites/304/2022/02/Briefing-Paper-Series-Feb2022-Issue21-17022022.pdf">Research</a> has indicated that working from home and flexible working conditions are strong indicators of a fraudulent job listing.</p>
<p>But in a post-COVID world, flexibility at work is often a key criterion for job seekers, if not a deal-breaker. Offenders have noticed this, and are responding by posting attractive job advertisements that offer flexibility and high incomes. </p>
<p>Victims submit their CVs and personal credentials (setting themselves up for identity crime), or may be required to pay upfront for training or materials costs for a job that doesn’t exist. </p>
<p>Employment scams are targeting younger people in particular, as they’re more likely to have <a href="https://australiainstitute.org.au/report/youth-unemployment-and-the-pandemic/">experienced job loss and insecurity</a> in the wake of the pandemic. </p>
<p><strong>4. Recovery schemes</strong></p>
<p>Many fraud victims will want to take whatever action possible to recover lost funds. </p>
<p>To exploit this, offenders will trade the details of victims with each other. They will then pose as authorities (often law enforcement, banks or private agencies) who are aware of the victim’s circumstances and promote their ability to regain the missing funds for a fee. </p>
<p>In this way, victims who are desperate to recover losses are manipulated into paying even more money to offenders.</p>
<p><strong>5. Remote access schemes</strong></p>
<p>Receiving a phone call from a computer technician advising of a problem with your computer and offering to fix it is a common experience for many. While this approach isn’t new, it made a strong resurgence in 2022 – particularly targeting older people. </p>
<p>These scam calls often come through landlines and prey on people’s fear for the security of their bank details and other personal data. The fraudsters often invoke a sense of urgency about needing to rectify the “problem”, and victims are persuaded to give the offender remote access to their computer. </p>
<p>The criminal can then access a wealth of personal information. They can gain direct entry to bank accounts to transfer funds, and can access identity credentials and other sensitive details to commit identity crime in the future. </p>
<h2>Change is needed to protect the public</h2>
<p>The threat of fraud will only increase alongside technological evolution. Experts are concerned about artificial intelligence tools such as <a href="https://www.theguardian.com/technology/2023/mar/08/darktrace-warns-of-rise-in-ai-enhanced-scams-since-chatgpt-release">ChatGPT</a> and image and video generators giving cybercriminals yet another tool to add to their arsenal.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/scams-deepfake-porn-and-romance-bots-advanced-ai-is-exciting-but-incredibly-dangerous-in-criminals-hands-199004">Scams, deepfake porn and romance bots: advanced AI is exciting, but incredibly dangerous in criminals' hands</a>
</strong>
</em>
</p>
<hr>
<p>The latest Scamwatch report is further evidence banks and financial institutions need to implement measures to help reduce fraud losses; among these, the checking of account names against BSB numbers for all transactions. The UK has a <a href="https://www.ukfinance.org.uk/policy-and-guidance/guidance/confirmation-payee">confirmation-of-payee</a> policy that does this. </p>
<p>The government is attempting to address the continued surge in fraud losses through the revision of its <a href="https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy/2023-2030-australian-cyber-security-strategy">cybersecurity strategy</a> and the potential establishment of a <a href="https://consultation.accc.gov.au/accc/national-anti-scams-centre-survey/">National Anti-Scams Centre</a>. </p>
<p>These are both positive steps but it’s clear there’s a need for more work to be done.</p>
<p><em>If you or someone you know has been a victim of fraud, you can report it to <a href="https://www.cyber.gov.au/report-and-recover/report">ReportCyber</a>. For support, contact <a href="https://www.idcare.org/">iDcare</a>. For prevention advice, consult <a href="https://www.scamwatch.gov.au/">Scamwatch</a>.</em></p><img src="https://counter.theconversation.com/content/204018/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Cassandra Cross has previously received funding from the Australian Institute of Criminology and the Cybersecurity Cooperative Research Centre.</span></em></p>Losses have surged, and change is needed to better protect Australians into the future.Cassandra Cross, Associate Dean (Learning & Teaching) Faculty of Creative Industries, Education and Social Justice, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2015352023-04-20T12:40:18Z2023-04-20T12:40:18ZAI-generated spam may soon be flooding your inbox – and it will be personalized to be especially persuasive<figure><img src="https://images.theconversation.com/files/521922/original/file-20230419-24-yjbsuy.jpg?ixlib=rb-1.1.0&rect=181%2C142%2C8445%2C5600&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">AI may make spam more pervasive than ever. </span> <span class="attribution"><a class="source" href="https://newsroom.ap.org/detail/SPAM/67afe13000944a90812e0c2b9a7e7486/photo?Query=spam&mediaType=photo&sortBy=arrivaldatetime:desc&dateRange=Anytime&totalCount=119&currentItemNo=0">AP Photo/Gene J. Puskar</a></span></figcaption></figure><p>Each day, messages from Nigerian princes, peddlers of wonder drugs and promoters of can’t-miss investments choke email inboxes. Improvements to spam filters only seem to inspire new techniques to break through the protections.</p>
<p>Now, the arms race between spam blockers and spam senders is about to escalate with the emergence of a new weapon: generative artificial intelligence. With recent advances in AI <a href="https://chat.openai.com/chat">made famous by ChatGPT</a>, spammers could have new tools to evade filters, grab people’s attention and convince them to click, buy or give up personal information.</p>
<p>As director of the Advancing Human and Machine Reasoning lab at the University of South Florida, <a href="https://scholar.google.com/citations?user=pewRWtIAAAAJ&hl=en">I research</a> the intersection of artificial intelligence, natural language processing and human reasoning. I have studied how AI can learn the individual preferences, beliefs and personality quirks of people. </p>
<p>This can be used to better understand how to interact with people, help them learn or provide them with helpful suggestions. But this also means you should brace for smarter spam that knows your weak spots – and can use them against you.</p>
<h2>Spam, spam, spam</h2>
<p>So, what is spam? </p>
<p>Spam is defined as unsolicited commercial emails <a href="https://www.mheducation.com/highered/product/contemporary-advertising-arens-weigold/M9781260259308.html">sent by an unknown entity</a>. The term is sometimes extended to text messages, direct messages on social media and <a href="https://doi.org/10.1145/2487575.2487580">fake reviews on products</a>. Spammers want to nudge you toward action: buying something, clicking on phishing links, installing malware or changing views.</p>
<p>Spam is profitable. One email blast can make US$1,000 <a href="https://doi.org/10.1016/S1361-3723(07)70020-9">in only a few hours</a>, costing spammers only a few dollars – excluding initial setup. An online pharmaceutical spam campaign might generate <a href="https://doi.org/10.1145/1455770.1455774">around $7,000 per day</a>.</p>
<p>Legitimate advertisers also want to nudge you to action – buying their products, taking their surveys, signing up for newsletters – but whereas a marketer email may link to an established company website and contain an unsubscribe option in accordance with <a href="https://www.ftc.gov/business-guidance/resources/can-spam-act-compliance-guide-business">federal regulations</a>, a spam email may not. </p>
<p>Spammers also lack access to mailing lists that users signed up for. Instead, spammers utilize counter-intuitive strategies such as the <a href="https://www.cnbc.com/2019/04/18/nigerian-prince-scams-still-rake-in-over-700000-dollars-a-year.html">“Nigerian prince” scam</a>, in which a Nigerian prince claims to need your help to unlock an absurd amount of money, promising to reward you nicely. Savvy digital natives immediately dismiss such pleas, but the absurdity of the request <a href="https://www.researchgate.net/publication/348499086_A_Nudge_Psychological_Reading_of_the_Nigerian_Scam">may actually select for naïveté or advanced age</a>, filtering for those most likely to fall for the scams.</p>
<p>Advances in AI, however, mean spammers might not have to rely on such hit-or-miss approaches. AI could allow them to target individuals and make their messages more persuasive based on easily accessible information, such as social media posts.</p>
<figure class="align-center ">
<img alt="image of screen showing email inbox with 316 spam messages" src="https://images.theconversation.com/files/521934/original/file-20230419-28-76ke9k.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/521934/original/file-20230419-28-76ke9k.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/521934/original/file-20230419-28-76ke9k.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/521934/original/file-20230419-28-76ke9k.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/521934/original/file-20230419-28-76ke9k.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/521934/original/file-20230419-28-76ke9k.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/521934/original/file-20230419-28-76ke9k.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Inboxes are already bursting with spam.</span>
<span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/mail-program-on-computer-screen-royalty-free-image/78767357?phrase=spam">Epoxydude/fStop via Getty Images</a></span>
</figcaption>
</figure>
<h2>Future of spam</h2>
<p>Chances are you’ve heard about the advances in generative large language models like <a href="https://openai.com/blog/chatgpt">ChatGPT</a>. The task these generative LLMs perform is deceptively simple: given a text sequence, predict which token – think of this as a part of a word – comes next. Then, predict which token comes after that. And so on, over and over. </p>
<p>Somehow, training on that task alone, when done with enough text on a large enough LLM, seems to be enough to imbue these models with the ability to perform surprisingly well on <a href="https://doi.org/10.48550/arXiv.2005.14165">a lot of other tasks</a>.</p>
<p>Multiple ways to use the technology have already emerged, showcasing the technology’s ability to quickly adapt to, and learn about, individuals. For example, LLMs can write full emails in your writing style, given only a few examples of how you write. And there’s the classic example – now over a decade old – of Target <a href="https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/?sh=90ff41b66686">figuring out a customer was pregnant before her father knew</a>.</p>
<p>Spammers and <a href="https://doi.org/10.1007/s11747-019-00696-0">marketers alike</a> would benefit from being able to predict more about individuals with less data. Given your LinkedIn page, a few posts and a profile image or two, LLM-armed spammers might make reasonably accurate guesses about your political leanings, marital status or life priorities.</p>
<p>Our research showed that LLMs could be used to predict which word an individual will say next with a degree of accuracy <a href="https://doi.org/10.48550/arXiv.2208.09719">far surpassing other AI approaches</a>, in a word-generation task called the <a href="https://en.wikipedia.org/wiki/Verbal_fluency_test">semantic fluency task</a>. We also showed that LLMs can take certain types of questions from tests of reasoning abilities and <a href="https://doi.org/10.1007/978-3-031-04572-1_12">predict how people will respond to that question</a>. This suggests that LLMs already have some knowledge of what typical human reasoning ability looks like.</p>
<p>If spammers make it past initial filters and get you to read an email, click a link or even engage in conversation, <a href="http://dx.doi.org/10.4018/978-1-7998-6799-9.ch007">their ability to apply customized persuasion increases dramatically</a>. Here again, LLMs can change the game. Early results suggest that LLMs can be used to argue persuasively on topics ranging from <a href="https://arthurspirling.org/documents/llm.pdf">politics</a> to <a href="https://hci.stanford.edu/publications/2023/Karinshak_CSCW23.pdf">public health policy</a>.</p>
<h2>Good for the gander</h2>
<p>AI, however, doesn’t favor one side or the other. Spam filters also should benefit from advances in AI, allowing them to erect new barriers to unwanted emails. </p>
<p>Spammers often try to trick filters with <a href="https://doi.org/10.1007/s10462-022-10195-4">special characters, misspelled words or hidden text</a>, relying on the human propensity to forgive small text anomalies – for example, “c1îck h.ere n0w.” But as AI gets better at understanding spam messages, filters could get better at identifying and blocking unwanted spam – and maybe even letting through wanted spam, such as marketing email you’ve explicitly signed up for. Imagine a filter that predicts whether you’d want to read an email before you even read it. </p>
<p>Despite growing concerns about AI – as evidenced by Tesla, SpaceX and Twitter CEO Elon Musk, Apple founder Steve Wozniak and other tech leaders <a href="https://www.bostonglobe.com/2023/03/29/business/mit-scientists-tech-leaders-call-pause-artificial-intelligence-research/">calling for a pause</a> in AI development – a lot of good could come from advances in the technology. AI <a href="https://sites.google.com/view/amhr">can help us understand</a> how weaknesses in human reasoning might be exploited by bad actors and come up with ways to counter malevolent activities.</p>
<p>All new technologies can result in both wonder and danger. The difference lies in who creates and controls the tools, and how they are used. </p>
<p><em>This article was updated to indicate that it was a teenager’s father who learned from Target that his daughter was pregnant.</em></p><img src="https://counter.theconversation.com/content/201535/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>John Licato works as an Assistant Professor Computer Science and Engineering at the University of South Florida. He has received funding from the Air Force Office of Scientific Research and Air Force Research Lab, and currently receives funding from the Army Research Lab and National Science Foundation.</span></em></p>Artificial intelligence is escalating the battle between spam senders and spam blockers. Recent advances could mean more convincing pitches to get you to click, buy and give up personal information.John Licato, Assistant Professor of Computer Science and Director of AMHR Lab, University of South FloridaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2014492023-03-17T12:29:05Z2023-03-17T12:29:05ZVoice deepfakes are calling – here’s what they are and how to avoid getting scammed<figure><img src="https://images.theconversation.com/files/515897/original/file-20230316-26-paqnw4.jpg?ixlib=rb-1.1.0&rect=0%2C8%2C5615%2C3732&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Cloning someone's voice is easier than ever.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/hacker-royalty-free-image/1290686368">D-Keine/iStock via Getty Images</a></span></figcaption></figure><p>You have just returned home after a long day at work and are about to sit down for dinner when suddenly your phone starts buzzing. On the other end is a loved one, perhaps a parent, a child or a childhood friend, begging you to send them money immediately.</p>
<p>You ask them questions, attempting to understand. There is something off about their answers, which are either vague or out of character, and sometimes there is a peculiar delay, almost as though they were thinking a little too slowly. Yet, you are certain that it is definitely your loved one speaking: That is their voice you hear, and the caller ID is showing their number. Chalking up the strangeness to their panic, you dutifully send the money to the bank account they provide you.</p>
<p>The next day, you call them back to make sure everything is all right. Your loved one has no idea what you are talking about. That is because they never called you – you have been tricked by technology: a voice deepfake. Thousands of people were <a href="https://arstechnica.com/tech-policy/2023/03/rising-scams-use-ai-to-mimic-voices-of-loved-ones-in-financial-distress/">scammed this way in 2022</a>.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/tmFFd8fMqxk?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">The ability to clone a person’s voice is increasingly within reach of anyone with a computer.</span></figcaption>
</figure>
<p>As <a href="https://scholar.google.com/citations?user=icDo19sAAAAJ&hl=en">computer security</a> <a href="https://scholar.google.com/citations?user=UxGWcUYAAAAJ&hl=en">researchers</a>, we see that ongoing advancements in deep-learning algorithms, audio editing and engineering, and synthetic voice generation have meant that it is increasingly possible to <a href="https://doi.org/10.1109/ICASSP.2018.8462018">convincingly simulate a person’s voice</a>.</p>
<p>Even worse, chatbots like ChatGPT are starting to generate realistic scripts with adaptive real-time responses. By <a href="https://www.youtube.com/watch?v=V2efVSXSlqc&t=3s">combining these technologies with voice generation</a>, a deepfake goes from being a static recording to a live, lifelike avatar that can convincingly have a phone conversation. </p>
<h2>Cloning a voice</h2>
<p>Crafting a compelling high-quality deepfake, whether video or audio, is not the easiest thing to do. It requires a wealth of artistic and technical skills, powerful hardware and a fairly hefty sample of the target voice. </p>
<p>There are a growing number of services offering to <a href="https://geekflare.com/ai-voice-cloning-tools/">produce moderate- to high-quality voice clones for a fee</a>, and some voice deepfake tools need a sample of <a href="https://www.theverge.com/2017/4/24/15406882/ai-voice-synthesis-copy-human-speech-lyrebird">only a minute long</a>, or even <a href="https://www.youtube.com/watch?v=0sR1rU3gLzQ">just a few seconds</a>, to produce a voice clone that could be convincing enough to fool someone. However, to convince a loved one – for example, to use in an impersonation scam – it would likely take a significantly larger sample.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/0sR1rU3gLzQ?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Researchers have been able to clone voices with as little as five seconds of recording.</span></figcaption>
</figure>
<h2>Protecting against scams and disinformation</h2>
<p>With all that said, we at the <a href="https://defake.app/about">DeFake Project</a> of the Rochester Institute of Technology, the University of Mississippi and Michigan State University, and other researchers are working hard to be able to detect video and audio deepfakes and limit the harm they cause. There are also straightforward and everyday actions that you can take to protect yourself.</p>
<p>For starters, <a href="https://www.washingtonpost.com/technology/2023/03/05/ai-voice-scam/">voice phishing</a>, or “vishing,” scams like the one described above are the most likely voice deepfakes you might encounter in everyday life, both at work and at home. In 2019, an <a href="https://blog.avast.com/deepfake-voice-fraud-causes-243k-scam">energy firm was scammed out of US$243,000</a> when criminals simulated the voice of its parent company’s boss to order an employee to transfer funds to a supplier. In 2022, people were <a href="https://arstechnica.com/tech-policy/2023/03/rising-scams-use-ai-to-mimic-voices-of-loved-ones-in-financial-distress/">swindled out of an estimated $11 million</a> by simulated voices, including of close, personal connections.</p>
<p>What can you do?</p>
<p>Be mindful of unexpected calls, even from people you know well. This is not to say you need to schedule every call, but it helps to at least email or text message ahead. Also, do not rely on caller ID, since <a href="https://www.fcc.gov/spoofing">that can be faked, too</a>. For example, if you receive a call from someone claiming to represent your bank, hang up and call the bank directly to confirm the call’s legitimacy. Be sure to use the number you have written down, saved in your contacts list or that you can find on Google. </p>
<p>Additionally, be careful with your personal identifying information, like your Social Security number, home address, birth date, phone number, middle name and even the names of your children and pets. Scammers can use this information to impersonate you to banks, realtors and others, enriching themselves while bankrupting you or destroying your credit. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1628798416754032643"}"></div></p>
<p>Here is another piece of advice: know yourself. Specifically, know your intellectual and emotional biases and vulnerabilities. This is good life advice in general, but it is key to protect yourself from being manipulated. Scammers typically seek to suss out and then prey on your financial anxieties, your political attachments or other inclinations, whatever those may be. </p>
<p>This alertness is also a decent defense against disinformation using voice deepfakes. Deepfakes can be used to take advantage of your <a href="https://theconversation.com/cognitive-biases-and-brain-biology-help-explain-why-facts-dont-change-minds-186530">confirmation bias</a>, or what you are inclined to believe about someone. </p>
<p>If you hear an important person, whether from your community or the government, saying something that either seems very uncharacteristic for them or confirms your worst suspicions of them, you would be wise to be wary.</p><img src="https://counter.theconversation.com/content/201449/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Matthew Wright receives funding from the Knight Foundation, the Miami Foundation, the National Science Foundation, and the Laboratory for Analytical Sciences related to deepfakes.</span></em></p><p class="fine-print"><em><span>Christopher Schwartz is a postdoctoral researcher with the DeFake Project, which receives funding from the Knight Foundation, the Miami Foundation, the National Sciences Foundation, and the Laboratory for Analytical Sciences.</span></em></p>Powerful AI tools available to anyone with an internet connection make it easy to impersonate someone’s voice, increasing the threat of phone scams.Matthew Wright, Professor of Computing Security, Rochester Institute of TechnologyChristopher Schwartz, Postdoctoral Research Associate of Computing Security, Rochester Institute of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1990042023-02-06T02:22:51Z2023-02-06T02:22:51ZScams, deepfake porn and romance bots: advanced AI is exciting, but incredibly dangerous in criminals’ hands<figure><img src="https://images.theconversation.com/files/508234/original/file-20230206-30-afguq.jpeg?ixlib=rb-1.1.0&rect=0%2C0%2C4500%2C2997&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>The <a href="https://www.mckinsey.com/featured-insights/mckinsey-explainers/what-is-generative-ai">generative AI</a> industry will be worth about <a href="https://www.csiro.au/en/research/technology-space/ai/Artificial-Intelligence-Roadmap">A$22 trillion by 2030</a>, according to the CSIRO. These systems – of which ChatGPT is currently the best known – <a href="https://www.businessinsider.com/everything-you-need-to-know-about-chat-gpt-2023-1">can</a> write essays and code, generate music and artwork, and have entire conversations. But what happens when they’re turned to illegal uses? </p>
<p>Last week, the streaming community was rocked <a href="https://afkgaming.com/esports/news/streaming-community-enraged-after-atrioc-pays-for-deepfakes-of-female-streamers">by a headline</a> that links back to the misuse of generative AI. Popular Twitch streamer Atrioc issued an apology video, teary eyed, after being caught viewing pornography with the superimposed faces of other women streamers. </p>
<p>The “deepfake” technology needed to Photoshop a celebrity’s head on a <a href="https://www.bbc.com/news/technology-42912529">porn actor’s body</a> has been around for a while, but recent advances have made it much harder to detect.</p>
<p>And that’s the tip of the iceberg. In the wrong hands, generative AI could do untold damage. There’s a lot we stand to lose, should laws and regulation fail to keep up. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/cQ54GDm1eL0?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">The same tools used to make deepfake porn videos can be used to fake a US president’s speech. Credit: Buzzfeed.</span></figcaption>
</figure>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/text-to-audio-generation-is-here-one-of-the-next-big-ai-disruptions-could-be-in-the-music-industry-193956">Text-to-audio generation is here. One of the next big AI disruptions could be in the music industry</a>
</strong>
</em>
</p>
<hr>
<h2>From controversy to outright crime</h2>
<p>Last month, generative AI app <a href="https://futurism.com/ai-portrait-app-nudes-without-consent">Lensa came under fire</a> for allowing its system to create fully nude and hyper-sexualised images from users’ headshots. Controversially, it also whitened the skin of women of colour and made their features <a href="https://www.wired.com/story/lensa-artificial-intelligence-csem/">more European</a>.</p>
<p>The backlash was swift. But what’s relatively overlooked is the vast potential to use artistic generative AI in scams. At the far end of the spectrum, there are reports of these tools being able to <a href="http://fortune.com/2018/11/28/artificial-intelligence-fingerprints-security/">fake fingerprints and facial scans</a> (the method most of us use to lock our phones).</p>
<p>Criminals are quickly finding new ways to use generative AI to improve the frauds they already perpetrate. The lure of generative AI in scams comes from its ability to find patterns in <a href="https://www.abc.net.au/news/2023-01-29/artificial-intelligence-ai-videos-images-voices-music-2023/101874146">large amounts of data</a>. </p>
<p>Cybersecurity has seen a rise in “bad bots”: malicious automated programs that mimic human behaviour <a href="https://www.forbes.com/sites/forbestechcouncil/2016/08/31/bots-and-cybersecurity-whats-the-risk/">to conduct crime</a>. Generative AI will make these even more sophisticated and difficult to detect.</p>
<p>Ever received <a href="https://theconversation.com/we-have-filed-a-case-under-your-name-beware-of-tax-scams-theyll-be-everywhere-this-eofy-162171">a scam text</a> from the “tax office” claiming you had a <a href="https://www.ato.gov.au/General/Online-services/Identity-security-and-scams/Scam-alerts/">refund waiting</a>? Or maybe you got a call claiming a warrant was <a href="https://www.cyber.gov.au/acsc/view-all-content/guidance/tax-scam-stories/marios-story">out for your arrest</a>? </p>
<p>In such scams, generative AI could be used to improve the quality of the <a href="https://www.techtarget.com/searchenterpriseai/news/252529600/ChatGPT-could-boost-phishing-scams">texts or emails</a>, making them much more believable. For example, in recent years we’ve seen AI systems being <a href="https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402">used to</a> impersonate important figures in “voice spoofing” attacks.</p>
<p>Then there are <a href="https://www.accc.gov.au/media-release/romance-baiting-scams-on-the-rise">romance scams</a>, where criminals pose as romantic interests and ask their targets for money to help them out of financial distress. These scams are already widespread and often lucrative. Training AI on actual messages between intimate partners could help create a scam chatbot that’s indistinguishable <a href="https://thediplomat.com/2021/01/chatbot-gone-awry-starts-conversations-about-ai-ethics-in-south-korea/">from a human</a>.</p>
<p>Generative AI could also allow cybercriminals to more selectively target vulnerable people. For instance, training a system on information stolen from major companies, such as in the Optus or Medibank hacks last year, <a href="https://gilescrouch.medium.com/generative-ai-risks-and-dangers-f70994c74f5a">could help criminals target</a> elderly people, people with disabilities, or people in financial hardship.</p>
<p>Further, these systems can be used to <a href="https://www.zdnet.com/article/chatgpt-can-write-code-now-researchers-say-its-good-at-fixing-bugs-too/">improve computer code</a>, which some cybersecurity experts say will make malware and viruses easier to create and harder <a href="https://www.techtarget.com/searchenterpriseai/news/252529600/ChatGPT-could-boost-phishing-scams">to detect for antivirus software</a>.</p>
<h2>The technology is here, and we aren’t prepared</h2>
<p><a href="https://www.industry.gov.au/publications/australias-artificial-intelligence-ethics-framework">Australia’s</a> and <a href="https://www.data.govt.nz/toolkit/data-ethics/government-algorithm-transparency-and-accountability/algorithm-charter/">New Zealand’s</a> governments have published frameworks relating to AI, but they aren’t binding rules. Both countries’ laws relating to privacy, transparency and freedom from discrimination aren’t up to the task, as far as AI’s impact is concerned. This puts us behind the rest of the world. </p>
<p>The US has had a legislated <a href="https://www.ai.gov/">National Artificial Intelligence Initiative</a> in place since 2021. And since 2019 it has been <a href="https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1001">illegal in California</a> for a bot to interact with users for commerce or electoral purposes without disclosing it’s not human.</p>
<p>The European Union is also well on the way to enacting the world’s <a href="https://artificialintelligenceact.eu/">first AI law</a>. The AI Act bans certain types of AI programs posing “unacceptable risk” – such as those used by China’s <a href="https://www.abc.net.au/news/2018-09-18/china-social-credit-a-model-citizen-in-a-digital-dictatorship/10200278">social credit system</a> – and imposes mandatory restrictions on “high risk” systems. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1619743014813052930"}"></div></p>
<p>Although asking ChatGPT <a href="https://www.bleepingcomputer.com/news/technology/openais-new-chatgpt-bot-10-dangerous-things-its-capable-of/">to break the law</a> results in warnings that “planning or carrying out a serious crime can lead to severe legal consequences”, the fact is there’s no requirement for these systems to have a “moral code” <a href="https://www.theregister.com/2023/01/20/chatgpt_morally_corrupting/">programmed into them</a>. </p>
<p>There may be no limit to what they can be asked to do, and criminals will likely figure out workarounds for any rules intended to prevent their illegal use. Governments need to work closely with the cybersecurity industry to regulate generative AI without stifling innovation, such as by <a href="https://www.lexisnexis.com.au/en/insights-and-analysis/practice-intelligence/2018/the-ethics-of-ai-in-the-legal-industry">requiring ethical considerations</a> for AI programs.</p>
<p>The Australian government should use the upcoming <a href="https://www.ag.gov.au/integrity/consultations/review-privacy-act-1988">Privacy Act review</a> to get ahead of potential threats from generative AI to our online identities. Meanwhile, New Zealand’s Privacy, Human Rights and Ethics <a href="https://www.data.govt.nz/assets/data-ethics/algorithm/phrae-on-a-page.pdf">Framework</a> is a positive step.</p>
<p>We also need to be more cautious as a society about believing what we see online, and remember that humans <a href="https://www.apa.org/monitor/2016/03/deception">are traditionally bad</a> at being able to detect fraud.</p>
<h2>Can you spot a scam?</h2>
<p>As criminals add generative AI tools to their arsenal, spotting scams will only get trickier. The <a href="https://theconversation.com/dont-be-phish-food-tips-to-avoid-sharing-your-personal-information-online-138613">classic tips</a> will still apply. But beyond those, we’ll learn a lot from assessing the ways in which these tools fall short. </p>
<p>Generative AI is bad at <a href="https://www.angmohdan.com/chatgpt-vs-human-generated-text-how-to-spot-the-difference/">critical reasoning and conveying emotion</a>. It can even be tricked into <a href="https://www.reddit.com/r/ChatGPT/comments/10ksh47/even_chatgpt_whos_always_right/">giving wrong answers</a>. Knowing when and why this happens could us help develop effective methods to catch cybercriminals using AI for extortion. </p>
<p>There are also tools being developed to <a href="https://www.techlearning.com/news/what-is-gptzero-the-chatgpt-detection-tool-explained">detect AI</a> outputs from tools such as ChatGPT. These could go a long way towards preventing AI-based cybercrime if they prove to be effective.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/being-bombarded-with-delivery-and-post-office-text-scams-heres-why-and-what-can-be-done-167975">Being bombarded with delivery and post office text scams? Here's why — and what can be done</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/199004/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Brendan Walker-Munro receives funding from the Australian Government through Trusted Autonomous Systems, a Defence Cooperative Research Centre funded through the Next Generation Technologies Fund. </span></em></p>One of the biggest headlines in the gaming community last week involved a deepfake porn scandal. Such material is one example of how generative AI can cause immense harm.Brendan Walker-Munro, Senior Research Fellow, The University of QueenslandLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1988502023-01-31T17:15:07Z2023-01-31T17:15:07ZTax returns: scams are rising rapidly – how to spot a fake phone call and avoid falling victim<figure><img src="https://images.theconversation.com/files/507212/original/file-20230130-6879-li686o.jpg?ixlib=rb-1.1.0&rect=20%2C0%2C4600%2C3353&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">If only it was this easy to detect a scam phone call.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-illustration/illustration-depicting-phone-scam-call-concept-294261113">Sam72/Shutterstock</a></span></figcaption></figure><p>Tax deadlines, such as the annual <a href="https://www.gov.uk/government/news/almost-57-million-customers-still-to-file-their-tax-return">January 31 deadline</a> for filing UK self-assessment tax returns, typically cause <a href="https://www.gov.uk/government/news/hmrc-warns-of-landline-scams-threatening-households">an uptick</a> in <a href="https://www.irs.gov/newsroom/dirty-dozen">tax scams</a>. This year, for example, an ad for a costly connection service <a href="https://inews.co.uk/inews-lifestyle/money/bills/hmrc-phone-number-scam-charged-calls-free-2093547">disguised as the British tax authority’s phone number</a> is appearing at the top of search engine results for the agency’s contact details. </p>
<p>But it’s much more common for tax fraudsters to rely on unsolicited phone calls to extract information and money from victims. Each year the UK’s HM Revenue & Customs (HMRC) and the US Inland Revenue Service (IRS) post warnings and updated lists of such bogus calls and phishing schemes. At any one time there are <a href="https://researchportal.port.ac.uk/portal/files/1926122/NFA_report3_16.12.09.pdf">many different types of tax scammers</a> attempting to trick unsuspecting people into <a href="https://www.actionfraud.police.uk/a-z-of-fraud-category/other">handing over money</a> to pay fake penalties and charges.</p>
<p>HMRC <a href="https://www.gov.uk/government/news/self-assessment-customers-could-be-a-target-for-fraudsters-hmrc-warns">responded to more than 180,000 reports</a> of suspicious contact made by people in the 12 months to August 2022, and almost 81,000 of them were scams offering fake tax rebates to access victims’ bank details. In the US, similar <a href="https://www.irs.gov/pub/irs-utl/2022-isac-annual-report.pdf">reports of such suspicious activity</a> grew from around 2 million to 8 million between 2021 and 2022, according to figures from the IRS.</p>
<p>When <a href="https://www.ato.gov.au/general/online-services/identity-security-and-scams/scam-alerts/?=redirected_ScamAlerts">tax agencies warn</a> people of such scams, they generally detail “phishing” attempts. This is when people are contacted and asked for <a href="https://www.proquest.com/trade-journals/lawyer-irs-phishing-emails-become-todays-nigerian/docview/1883110572/se-2">private or sensitive information</a> by someone pretending to be an official agency. This could happen because your contact information was stored in a database that has been hacked by criminals, exposing this private information to scammers.</p>
<p>During the tax filing period in particular, fraudsters have been known to <a href="https://www.icaew.com/insights/viewpoints-on-the-news/2021/april-2021/why-hmrc-impersonation-scammers-are-so-successful">impersonate government employees</a> in an attempt to persuade or even threaten victims into handing over money or personal details. If you receive such a call, it might look like a legitimate number and could even include background noise that resembles a call centre to make the scam seem more authentic. </p>
<p>The fraudsters might pressure you to wire money through services such as Western Union or MoneyGram or to send a bank transfer. There have even been reports of scammers asking for <a href="https://www.cnbc.com/2018/03/05/would-you-pay-those-back-taxes-with-itunes-gift-cards.html">payment of back taxes using gift cards</a>.</p>
<p>The scammers might say you’ve miscalculated your tax payment in a previous year and must now pay to avoid a penalty, for example. They may provide a reference number, again to make the call seem more realistic, or a fake identification number for the officer that calls you. The amounts requested could vary from hundreds to thousands.</p>
<p>And although anyone can fall victim, <a href="https://www.ageuk.org.uk/globalassets/age-uk/documents/reports-and-publications/reports-and-briefings/safe-at-home/rb_oct17_scams_party_conference_paper_nocrops.pdf">the elderly</a> and <a href="https://www.icaew.com/insights/viewpoints-on-the-news/2021/april-2021/why-hmrc-impersonation-scammers-are-so-successful">immigrants</a> are among those that tend to be at greater risk of being successfully targeted by these scammers. Aside from the obvious financial cost, such loses can devastate victims, with some people even <a href="https://journals.sagepub.com/doi/10.1177/0004865814521224">attempting suicide</a> due to misplaced embarrassment or shame at being tricked and losing money. </p>
<h2>How to spot a tax scam</h2>
<p>There is little research into this type of scam, which can make it difficult to identify common features. Plus, the operators often work internationally or are <a href="https://www.iphoneincanada.ca/news/cra-phone-scam/">based in other countries</a>, particularly <a href="https://www.channelnewsasia.com/cna-insider/tech-support-scam-baiters-india-call-centre-big-money-2876366">those</a> in which western authorities find it hard to prosecute <a href="https://www.justice.gov/usao-ndga/pr/multiple-india-based-call-centers-and-their-directors-indicted-perpetuating-phone-scams">the groups involved</a>.</p>
<p>Our research looked at <a href="http://web.nacva.com/JFIA/Issues/JFIA-2020-No1-10.pdf">recordings of calls with scammers</a> to determine some common features. Unsurprisingly, <a href="https://www.researchgate.net/publication/344808384_Profiling_HMRC_and_IRS_Scammers_by_Utilizing_Trolling_Videos_Offender_Characteristics">we found that</a> tax scammers use fake names and often adopt accents and language that matches with the country of the targeted taxpayer.</p>
<p>The <a href="https://www.academia.edu/21409525/Rhetorical_structure_and_persuasive_language_in_the_subgenre_of_online_advertisements">specific language used to persuade potential victims</a> can include common or phrases that sound official such as “tax miscalculation”, but also informal or even emotive words. The idea is to draw you in and encourage you to believe the scam and become worried about the consequences of not paying out. </p>
<p>So, if victims are confrontational or don’t comply, the caller might raise their voice and use insults. It is very unlikely that this would happen on a call with a real HMRC or IRS employee.</p>
<figure class="align-center ">
<img alt="Stressed angry man with beard shouting into a phone." src="https://images.theconversation.com/files/507218/original/file-20230130-12322-aabw4r.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/507218/original/file-20230130-12322-aabw4r.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/507218/original/file-20230130-12322-aabw4r.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/507218/original/file-20230130-12322-aabw4r.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/507218/original/file-20230130-12322-aabw4r.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/507218/original/file-20230130-12322-aabw4r.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/507218/original/file-20230130-12322-aabw4r.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">If you don’t pay up, a scammer might get angry on the phone, unlike a real tax agency professional.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/stressed-stock-broker-screaming-on-phone-16138654">Dundanim/Shutterstock</a></span>
</figcaption>
</figure>
<h2>Tax scam scripts</h2>
<p>Scam callers often speak from a “<a href="https://www.journals.vu.lt/IM/article/view/23510">scam script</a>” designed to make them sound more official and authentic, increasing the victim’s <a href="http://publications.ut-capitole.fr/42207/">trust that the call is really from HMRC or the IRS</a>. As part of our research we <a href="https://link.springer.com/article/10.1007/s11896-022-09520-y">compiled examples of steps</a> often included in these scripts. The scripts might be adapted based on the victim, conversation or the level experience of the scammer, but the below chart shows an example of how such a phone scam might play out.</p>
<p><strong>Tax scam call script</strong></p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/507209/original/file-20230130-12170-uzucpw.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A flow chart showing a typical tax scam script for a phonecall." src="https://images.theconversation.com/files/507209/original/file-20230130-12170-uzucpw.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/507209/original/file-20230130-12170-uzucpw.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=346&fit=crop&dpr=1 600w, https://images.theconversation.com/files/507209/original/file-20230130-12170-uzucpw.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=346&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/507209/original/file-20230130-12170-uzucpw.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=346&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/507209/original/file-20230130-12170-uzucpw.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=434&fit=crop&dpr=1 754w, https://images.theconversation.com/files/507209/original/file-20230130-12170-uzucpw.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=434&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/507209/original/file-20230130-12170-uzucpw.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=434&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption"></span>
<span class="attribution"><span class="license">Author provided</span></span>
</figcaption>
</figure>
<p>So, how can you protect yourself from tax scammers?</p>
<p>Both <a href="https://www.irs.gov/newsroom/irs-wraps-up-2022-dirty-dozen-scams-list-agency-urges-taxpayers-to-watch-out-for-tax-avoidance-strategies">the IRS</a> and <a href="https://www.mynewsdesk.com/uk/hm-revenue-customs-hmrc/pressreleases/hmrc-warns-of-landline-scams-threatening-households-2842389">HMRC issue warnings</a> and information about how to distinguish between a scam phone call and one from an actual government department. This information is updated regularly, particularly during and right after tax filing season when scams can increase.</p>
<p>So, be aware and be vigilant; don’t engage with random callers. The IRS and HMRC will never contact you to demand money or threaten you with a penalty. Even if you have made a mistake with your taxes, tax authorities such as HMRC only call about <a href="https://www.mynewsdesk.com/uk/hm-revenue-customs-hmrc/pressreleases/hmrc-warns-of-landline-scams-threatening-households-2842389">payments you already know about</a> – either from an official letter or because you have reported the debt yourself, through your self-assessment tax return, for example.</p>
<p>If you receive a suspicious call, never call back, dial any number they provide, or respond to a voicemail. Search for the official number of your country’s tax office online (in the UK this will end with “<a href="https://www.gov.uk/">gov.uk</a>” and in the US “<a href="https://oig.hhs.gov/notices/official-site.asp">.gov</a>”) to speak to someone about your concerns and check if you really do owe money.</p>
<p>And, if you do receive a call like this, inform your country’s tax agency so they can update their records and make sure people remain aware of the latest tax scams.</p><img src="https://counter.theconversation.com/content/198850/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Tax agencies often report details of common tax scams in the run-up to filing deadlines such as January 31.Calli Tzani, Senior Lecturer in Investigative Psychology, ACPC Deputy Director and ADM Forensic Editor, University of HuddersfieldMaria Ioannou, Professor in Psychology, University of HuddersfieldThomas James Vaughan Williams, Postgraduate Researcher - Part-time lecturer, University of HuddersfieldLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1929832023-01-17T13:33:47Z2023-01-17T13:33:47ZAllegations that the charity George Santos claims to have run was fake highlight how scams divert money from worthy causes<figure><img src="https://images.theconversation.com/files/504310/original/file-20230112-4958-9ryu0l.jpg?ixlib=rb-1.1.0&rect=126%2C111%2C4847%2C2632&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Did he run an animal rescue?</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/rep-george-santos-leaves-the-u-s-capitol-on-january-12-2023-news-photo/1456010506">Win McNamee/Getty Images</a></span></figcaption></figure><p>Rep. George Santos, the New York Republican whose 2022 election to the House of Representatives flipped a seat previously held by a Democrat, faces pressure to resign for having <a href="https://www.nytimes.com/2023/01/11/nyregion/george-santos-resume.html">reportedly lied extensively</a> about his education, employment history and religious heritage. He also faces allegations that he <a href="https://www.washingtonpost.com/investigations/2023/01/11/george-santos-harbor-city-capital/">may have participated</a> in <a href="https://www.cnn.com/2023/01/02/politics/george-santos-brazil-fraud-case/index.html">financial fraud</a>.</p>
<p>When Santos apologized for having “<a href="https://www.axios.com/2022/12/27/george-santos-admits-embellishing-resume">embellished</a>” <a href="https://www.nytimes.com/interactive/2023/01/11/us/resume-of-george-santos.html">his resume</a>, he also said, “We do stupid things in life.”</p>
<p>Because I’m a <a href="https://scholar.google.com/citations?hl=en&user=FJ9Y6QMAAAAJ">nonprofit accounting scholar</a>, what has really caught my eye are the reports that Santos fabricated a charity. On an <a href="https://web.archive.org/web/20200811235634/https://georgeforny.com/about/">early version of his campaign website</a>, the freshman lawmaker claimed to have founded and run what has been alleged to be a fake nonprofit animal rescue group called <a href="https://thehill.com/homenews/house/3791375-list-of-george-santos-falsehoods-continues-to-grow-amid-apology-tour/">Friends of Pets United</a>.</p>
<p>Santos says the group rescued 2,400 dogs and 280 cats and that it trapped, neutered and released over 3,000 cats from 2013 to 2018. Trouble is, there’s no evidence that has been presented publicly showing the charity ever existed. </p>
<p>As media outlets have reported, <a href="https://www.nytimes.com/2022/12/19/nyregion/george-santos-ny-republicans.html">Friends of Pets United has no website</a>. <a href="https://twitter.com/whstancil/status/1604841168851947521">There’s no record</a> of the Internal Revenue Service granting the organization nonprofit status or of a group by that name <a href="https://candid.org/research-and-verify-nonprofits/990-finder">annually filing the required paperwork</a> with the IRS. And it is further alleged that a fundraising event he held with <a href="https://www.snopes.com/news/2022/12/29/claims-by-us-rep-elect-george-santos/">another New Jersey animal rescue group</a> never received any of the funds it was promised.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1613537251904094213"}"></div></p>
<h2>Fake charities are a real problem</h2>
<p>If Santos’ animal rescue turns out to be the scam <a href="https://www.theguardian.com/us-news/2022/dec/19/george-santos-new-york-republican-resume">it is alleged to be</a>, it’s unlikely to be his <a href="https://www.yahoo.com/news/mysterious-unregistered-fund-raised-big-131005823.html">biggest legal</a> or <a href="https://www.cnn.com/2023/01/11/politics/george-santos-nassau-county-resign/index.html">political liability</a>.</p>
<p>Regardless of what the stakes are in Santos’ case, fake charities are a serious problem. Their <a href="https://www.fcc.gov/scam-charities-will-take-your-money-and-run">scams divert donations</a> that would probably <a href="https://theconversation.com/donor-beware-pause-before-you-give-to-any-cause-188117">otherwise support legitimate causes</a> that <a href="https://howcharitieswork.com/about-charities/what-is-a-charity/">benefit society</a> in one way or another. And they can <a href="https://doi.org/10.5465/amp.2018.0027">undercut donors’ confidence</a>, discouraging charitable giving overall.</p>
<p>The term “fake charity” encompasses a lot of different schemes.</p>
<p>In one common scenario, someone <a href="https://www.fcc.gov/scam-charities-will-take-your-money-and-run">pretends to represent a real charity</a> and pockets money that should have gone to that organization. The fake charity in this case is the fraudster posing as someone authorized to raise money on behalf of the legitimate charity. The fraudster will ask deceived donors to give them money directly or to make a payment through a separate website that turns out to have no ties with the valid charity.</p>
<p>It’s also not unusual for someone to set up a fictitious charity – often with a <a href="https://www.cnbc.com/2022/07/07/how-to-avoid-charity-impersonation-scams-in-times-of-crisis.html">name that sounds much like a legitimate cause</a> – to fool donors into thinking they are giving to another, valid, organization. Some of these impersonators go to elaborate lengths to develop their scheme, perhaps building a website or even establishing a social media presence.</p>
<p>Sometimes charitable fraud is committed by the donors themselves. When that happens, the donor <a href="https://www.cleveland.com/court-justice/2022/08/former-independence-financial-adviser-charged-in-fake-charity-scheme-that-provided-tax-shelter-for-wealthy-clients.html">seeks out illegitimate tax deductions</a> by donating to groups they know are fake nonprofits.</p>
<h2>Role of the IRS</h2>
<p>All fake charities have one thing in common: They aren’t registered and approved by the IRS.</p>
<p>The IRS regulates charities and <a href="https://www.irs.gov/charities-and-nonprofits">evaluates and approves requests for 501(c)(3) nonprofit status</a>.</p>
<p>This status provides two benefits. The roughly <a href="https://www.nptrust.org/philanthropic-resources/charitable-giving-statistics/">1.5 million groups</a> in this category – ranging from Planned Parenthood to your local food pantry and <a href="https://theconversation.com/whats-a-church-that-can-depend-on-the-eye-of-the-beholder-or-paperwork-filed-with-the-irs-130517">neighborhood church</a> – generally don’t have to pay taxes on their income.</p>
<p>In addition, some of their donors can deduct any donations they make from their taxable income through the <a href="https://www.irs.gov/charities-non-profits/charitable-organizations/charitable-contribution-deductions">charitable deduction</a>, which is an incentive to support those groups.</p>
<p>Charities must first register within their state and then apply with the IRS for recognition. </p>
<p>To be a valid charity, the organization must pay a fee to have its charitable application reviewed and must declare its intended <a href="https://www.irs.gov/charities-non-profits/charitable-organizations/exempt-purposes-internal-revenue-code-section-501c3">charitable purpose</a>. The application process can take as <a href="https://www.forbes.com/advisor/business/501c3-application-online/">little as four weeks</a> or over six months for more complex applications. </p>
<p>The IRS maintains a <a href="https://www.irs.gov/charities-non-profits/tax-exempt-organization-search">list of valid charities</a>. Charities must comply with <a href="https://theconversation.com/whats-a-990-form-a-charity-accounting-expert-explains-175019">tax return filing requirements</a> to stay on the approved list. If not, the charitable status will be revoked, although the charity may submit an application for reinstatement. </p>
<p>If a charity does not appear in the IRS database, it could simply be that it’s still being launched and awaiting approval. Charities can begin operating while their IRS application is pending and have their charitable status retroactively recognized. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/3y_C03YkAjs?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">‘Saturday Night Live’ lampooned fake charities by concocting an imaginary group that gives men’s sweatshirts to chilly, single women.</span></figcaption>
</figure>
<h2>Don’t be fooled</h2>
<p><a href="https://nonprofitrisk.org/resources/articles/a-violation-of-trust-fraud-risk-in-nonprofit-organizations/">Nonprofit fraud</a> constituted about 9% of all fraud cases reported in 2022, the Association of Certified Fraud Examiners said in its <a href="https://legacy.acfe.com/report-to-the-nations/2022/">annual international report</a>.</p>
<p>Nowadays, fake donation requests also occur with crowdfunding platforms, when people pretend to raise funds informally to exploit the public. In one prominent example, three people have been found guilty of orchestrating a <a href="https://www.nytimes.com/2023/01/08/nyregion/katelyn-mcclure-gofundme-scam-sentenced.html">GoFundMe scam</a> that raised more than US$400,000 in 2017 from 14,000 donors who were duped into believing they were helping a homeless veteran.</p>
<p>The <a href="https://doi.org/10.1177/0899764014555987">news media</a> and <a href="https://www.charitynavigator.org/">charity monitoring websites</a>, such as Charity Navigator, try to keep track of these scams. </p>
<p>But the public has a role to play too. If you suspect that a charity <a href="https://www.charitynavigator.org/donor-basics/protect-your-giving/avoid-charity-scams/?bay=content.view&cpid=6506">asking you for donations is a fake</a>, you can help stop them by <a href="https://tips.fbi.gov/">reporting any suspected fraud to the FBI</a> or local law enforcement.</p><img src="https://counter.theconversation.com/content/192983/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Sarah Webber does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>When a fake charity is uncovered, headlines abound with details of the fraud, while donors are eager to make sure they weren’t one of the victims of the scheme.Sarah Webber, Associate Professor of Accounting, University of DaytonLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1940642022-11-13T19:04:09Z2022-11-13T19:04:09ZCrypto scams will increase over the holidays – here’s what you need to know to not fall victim<figure><img src="https://images.theconversation.com/files/494580/original/file-20221110-10877-y72lq2.jpg?ixlib=rb-1.1.0&rect=309%2C973%2C5415%2C3067&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://unsplash.com/photos/clN4DePMfm4">Tim Mossholder/Unsplash</a></span></figcaption></figure><p>Each year, as the festive season arrives, we must also keep an eye out for potential scammers trying to ruin the fun. This is because scammers become more active <a href="https://www.scamwatch.gov.au/scam-statistics?scamid=all&date=2021">during the holidays</a>, targeting us while we have our guard down.</p>
<p>So far in 2022, Australians have lost around <a href="https://www.scamwatch.gov.au/scam-statistics?scamid=all&date=2022">half a billion dollars to scams</a>, which is already significantly more than had been lost by this time last year. The majority of these losses – <a href="https://www.scamwatch.gov.au/scam-statistics?scamid=26&date=2022">around $300 million</a> – have involved investment or cryptocurrency scams. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/494108/original/file-20221108-14-vbvqlj.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A chart showing a steady rise of crypto scams, with a spike in April 2022" src="https://images.theconversation.com/files/494108/original/file-20221108-14-vbvqlj.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/494108/original/file-20221108-14-vbvqlj.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=370&fit=crop&dpr=1 600w, https://images.theconversation.com/files/494108/original/file-20221108-14-vbvqlj.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=370&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/494108/original/file-20221108-14-vbvqlj.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=370&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/494108/original/file-20221108-14-vbvqlj.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=465&fit=crop&dpr=1 754w, https://images.theconversation.com/files/494108/original/file-20221108-14-vbvqlj.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=465&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/494108/original/file-20221108-14-vbvqlj.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=465&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Investment scams 2019-2022.</span>
<span class="attribution"><span class="source">scamwatch.gov.au</span></span>
</figcaption>
</figure>
<p>Researchers from <a href="https://cybercentre.org.au/">Deakin University’s Centre for Cyber Security Research and Innovation</a> had a opportunity to interview recent victims of these scams. Here is what we found.</p>
<h2>Anyone can fall for a scam</h2>
<blockquote>
<p>I was shocked and could not accept that this happened to me although I was very careful […] I was numb for a couple of minutes as it was a large amount of money. – (26-year-old female office manager from South Australia)</p>
</blockquote>
<p>These scams have become highly sophisticated and criminals have become less discriminating about whom they target. This is reflected in recent victim demographics, showing a wide variety of backgrounds, a more even distribution across several age groups, and an almost even split on gender.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/494408/original/file-20221109-21-4mauh4.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A bar chart showing most age groups are almost equally targeted" src="https://images.theconversation.com/files/494408/original/file-20221109-21-4mauh4.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/494408/original/file-20221109-21-4mauh4.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=343&fit=crop&dpr=1 600w, https://images.theconversation.com/files/494408/original/file-20221109-21-4mauh4.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=343&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/494408/original/file-20221109-21-4mauh4.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=343&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/494408/original/file-20221109-21-4mauh4.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=431&fit=crop&dpr=1 754w, https://images.theconversation.com/files/494408/original/file-20221109-21-4mauh4.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=431&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/494408/original/file-20221109-21-4mauh4.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=431&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Age groups of scam victims.</span>
<span class="attribution"><span class="source">scamwatch.gov.au</span></span>
</figcaption>
</figure>
<figure class="align-center ">
<img alt="A radial chart showing female scam victims comprise 49%, male 48% and gender X the rest" src="https://images.theconversation.com/files/494409/original/file-20221109-24-24ku3v.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/494409/original/file-20221109-24-24ku3v.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=367&fit=crop&dpr=1 600w, https://images.theconversation.com/files/494409/original/file-20221109-24-24ku3v.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=367&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/494409/original/file-20221109-24-24ku3v.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=367&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/494409/original/file-20221109-24-24ku3v.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=461&fit=crop&dpr=1 754w, https://images.theconversation.com/files/494409/original/file-20221109-24-24ku3v.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=461&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/494409/original/file-20221109-24-24ku3v.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=461&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Gender distribution for reported scams.</span>
<span class="attribution"><span class="source">scamwatch.gov.au</span></span>
</figcaption>
</figure>
<p>So, how can you spot these scams and where can you get help if you have fallen victim?</p>
<h2>If it sounds too good to be true, it might just be a scam</h2>
<blockquote>
<p>I was dumbfounded, to say that ground shattered under my feet would be an understatement, it will take me a very long time to recover from it, financially and mentally. – (36-year-old female, legal practitioner from Victoria)</p>
</blockquote>
<p>Most crypto scams involve getting the victim to buy and send cryptocurrency to the perpetrator’s account for what appears to be a legitimate investment opportunity.</p>
<p>Cryptocurrency is the currency of choice for this type of crime, because it’s unregulated, untraceable and transactions cannot be reversed. </p>
<p>Victims of such scams are targeted using a number of different methods, which include:</p>
<p><strong>Investment scams:</strong> scammers pretend to be investment managers claiming high returns on crypto investments. They get the victim to transfer over funds and escape with them.</p>
<p><strong>“Pump and dump”:</strong> scammers usually hype up a new cryptocurrency or an <a href="https://www.kaspersky.com/resource-center/preemptive-safety/how-to-avoid-nft-scams">NFT project</a> and artificially increase its value. Once enough victims invest, the scammers sell their stake, leaving the victims with worthless cryptocurrency or NFT.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/nfts-an-overblown-speculative-bubble-inflated-by-pop-culture-and-crypto-mania-174462">NFTs, an overblown speculative bubble inflated by pop culture and crypto mania</a>
</strong>
</em>
</p>
<hr>
<p><strong>Romance scams:</strong> involves scammers using dating platforms, social media or direct messaging to engage with you, gain your trust and pitch an amazing investment opportunity promising high returns, or ask for cryptocurrency to cover medical or travel expenses.</p>
<p><strong>Phishing scams:</strong> an old but still effective scam involving malicious emails or messages with links to fake websites promising huge returns on investment or just outright stealing credentials to access users’ digital currency wallets.</p>
<p><strong>Ponzi schemes:</strong> a type of investment scam where the scammers use cryptocurrency gathered from multiple victims to repay high interest to some of them; when victims invest more funds, the scammers escape with all the investments.</p>
<p><strong>Mining scams:</strong> scammers try and convince victims to buy cryptocurrency to use in mining more of it, while in reality there is no mining happening – the scammers just make transfers that look like returns on the investment. Over time, the victim invests more, and the scammers keep taking it all.</p>
<p>Although methods evolve and change, the telltale signs of a potential scam remain relatively similar:</p>
<ul>
<li>very high returns with promises of little or no risk</li>
<li>proprietary or secretive strategies to gain an advantage</li>
<li>lack of liquidity, requiring a minimum accumulation amount before funds are released.</li>
</ul>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/crypto-theft-is-on-the-rise-heres-how-the-crimes-are-committed-and-how-you-can-protect-yourself-176027">Crypto theft is on the rise. Here's how the crimes are committed, and how you can protect yourself</a>
</strong>
</em>
</p>
<hr>
<h2>Where to seek help if you’ve been scammed</h2>
<blockquote>
<p>I felt helpless, I didn’t know what to do, who to reach out to, I was too embarrassed and just kept blaming myself. – (72-year-old male, accountant from Victoria)</p>
</blockquote>
<p>If you think you have fallen victim to one of these scams, here is what you need to do next:</p>
<ul>
<li><p>inform the Australian Competition and Consumer Commission (ACCC) <a href="https://www.scamwatch.gov.au/report-a-scam">here</a> or reach out to relevant authorities <a href="https://www.scamwatch.gov.au/get-help/where-to-get-help">as per advice on the ScamWatch website</a></p></li>
<li><p>reach out to your friends and family members and inform them of the scam; they can also be a source of help and support during such times</p></li>
<li><p>as these events can have a psychological impact, it’s recommended you talk to your GP, a health professional, or someone you trust</p></li>
<li><p>you can also reach out to counselling services such as <a href="http://www.lifeline.org.au/">LifeLine</a>, <a href="https://www.beyondblue.org.au/">beyond blue</a>, <a href="http://www.suicidecallbackservice.org.au/">Sucide Call Back Service</a>, <a href="http://www.mensline.org.au/">Mens Line</a>, and <a href="https://www.scamwatch.gov.au/get-help/where-to-get-help">more</a> for help and support.</p></li>
</ul>
<p>If you ever find yourself in a difficult situation, please remember help and support is available.</p>
<p>Finally, to prevent yourself becoming the next statistic over the holiday period, keep in mind the following advice:</p>
<ul>
<li>don’t share your personal details with people online or over a call</li>
<li>don’t invest in something you don’t understand</li>
<li>if in doubt, talk to an expert or search online for resources yourself (don’t believe any links the scammers send you).</li>
</ul>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/why-are-there-so-many-data-breaches-a-growing-industry-of-criminals-is-brokering-in-stolen-data-193015">Why are there so many data breaches? A growing industry of criminals is brokering in stolen data</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/194064/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The work has been supported by the Cyber Security Cooperative Research Centre Limited whose activities are partially funded by the Australian government’s Cooperative Research Centres Programme.</span></em></p><p class="fine-print"><em><span>The work has been supported by the Cyber Security Cooperative Research Centre Limited whose activities are partially funded by the Australian government’s Cooperative Research Centres Programme.
</span></em></p><p class="fine-print"><em><span>Jeb Webb does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>As criminals become more indiscriminate, anyone can fall for a scam – even you. But there are ways to stay vigilant and seek help.Ashish Nanda, CyberCRC Research Fellow, Centre for Cyber Security Research and Innovation (CSRI), Deakin UniversityJeb Webb, Senior Research Fellow, Centre for Cyber Security Research and Innovation (CSRI), Deakin UniversityJongkil Jay Jeong, CyberCRC Senior Research Fellow, Centre for Cyber Security Research and Innovation (CSRI), Deakin UniversityMohammad Reza Nosouhi, CyberCRC Research Fellow, Centre for Cyber Security Research and Innovation (CSRI), Deakin University, Deakin UniversitySyed Wajid Ali Shah, CSCRC Research Fellow, Centre for Cyber Security Research and Innovation, Deakin UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1930872022-11-08T13:41:35Z2022-11-08T13:41:35ZInsurance fraud costs $309 billion a year – nearly $1,000 for every American<figure><img src="https://images.theconversation.com/files/493904/original/file-20221107-23-gc3aq3.jpg?ixlib=rb-1.1.0&rect=218%2C116%2C4634%2C3506&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The way insurance claims are processed makes the system a very easy target for scammers.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/paper-money-flying-out-of-mans-hand-royalty-free-image/94989168?phrase=cash%20dollars">Jeffrey Coolidge/Stone via Getty Images</a></span></figcaption></figure><figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/493921/original/file-20221107-3575-l5mafa.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/493921/original/file-20221107-3575-l5mafa.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=255&fit=crop&dpr=1 600w, https://images.theconversation.com/files/493921/original/file-20221107-3575-l5mafa.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=255&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/493921/original/file-20221107-3575-l5mafa.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=255&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/493921/original/file-20221107-3575-l5mafa.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=321&fit=crop&dpr=1 754w, https://images.theconversation.com/files/493921/original/file-20221107-3575-l5mafa.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=321&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/493921/original/file-20221107-3575-l5mafa.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=321&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption"></span>
<span class="attribution"><a class="license" href="http://creativecommons.org/licenses/by-nd/4.0/">CC BY-ND</a></span>
</figcaption>
</figure>
<p>What would you do with an extra US$932.63 in your pocket? </p>
<p>That’s how much insurance fraud costs every American a year – $309 billion in total, according to the findings of a <a href="https://insurancefraud.org/wp-content/uploads/The-Impact-of-Insurance-Fraud-on-the-U.S.-Economy-Report-2022-8.26.2022.pdf">recent research study that I led</a>. For a family of four, that adds up to nearly $3,800 – about enough to finance a small family vacation. </p>
<p>This additional cost comes from increased premiums that consumers have to pay to help offset the cost of fraud to the insurance industry. Yet despite the incredible financial impact on the average consumer, the research also suggests that almost half of Americans feel that it is an “acceptable” type of crime. </p>
<p>This little-known type of fraud <a href="https://insurancefraud.org/wp-content/uploads/The-Impact-of-Insurance-Fraud-on-the-U.S.-Economy-Report-2022-8.26.2022.pdf">comes in many forms</a>, such as misrepresenting facts on an insurance policy to receive a lower premium. This would involve not disclosing additional drivers in the household, understating the miles driven per year and using an address that is in a lower-premium and -risk neighborhood. </p>
<p>Another example is a patient exaggerating an injury in the hopes of gaining additional benefits, such as better medical treatment, additional time off from work due to disability and even attempting to get an injury covered that was not part of an auto accident. Besides resulting in inflated bills that others ultimately pay for, the fraudulent claims clog up an <a href="https://www.health.harvard.edu/blog/is-our-healthcare-system-broken-202107132542">already busy and stressed medical system</a>, which could potentially take valued treatment away from a patient who does need it.</p>
<p>Insurance fraud also involves <a href="https://digitalcommons.usf.edu/etd/5731">large-scale organized fraud</a> whereby organized international criminal groups and terrorist cells launch highly detailed campaigns targeting specific insurance carriers. In the past, organized criminal rings would focus on crimes such as kidnapping, drugs and extortion as a means to fund their organizations. My colleagues and I found, however, that most of those groups have moved to insurance fraud because it is much less dangerous, the payout is greater and the punishment is low or nonexistent. </p>
<h2>What’s unique about insurance fraud</h2>
<p>The fact that insurance fraud is high reward, low risk is what makes it stand out among other types of fraud.</p>
<p>There are dozens of other kinds of scams that fraudsters engage in, all with the goal of either gaining a monetary profit or securing valuable personal information for use in other identity theft schemes. From romance and travel scams to schemes related to work or COVID-19, these all have the same “fraud DNA” of using <a href="https://www.scamnet.wa.gov.au/scamnet/Scam_prevention-The_Psychology_of_Scams.htm">psychological tricks to manipulate</a>.</p>
<p>But the nature of the insurance system, with many gaps in how claims are processed, makes it a very easy target and creates additional opportunities to commit fraud. </p>
<p>In addition, it’s a crime that receives <a href="https://trac.syr.edu/tracreports/crim/597/">very little media and prosecutorial attention</a>. From a legal perspective, insurance fraud cases often move to the bottom of the priority list of law enforcement and prosecutors, which is why fraudsters are so tempted by this type of crime.</p>
<p>And given how easy this fraud is to commit, how acceptable it seems to many Americans and how hard it is to detect, the level of insurance fraud in the U.S. is only expected to grow.</p><img src="https://counter.theconversation.com/content/193087/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Michael Skiba does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A new analysis of this type of fraud shows it’s a growing problem that almost half of Americans consider an ‘acceptable’ crime.Michael Skiba, Chair of Criminal Justice, Colorado State University GlobalLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1914942022-09-28T01:58:26Z2022-09-28T01:58:26ZThe ‘Optus hacker’ claims they’ve deleted the data. Here’s what experts want you to know<figure><img src="https://images.theconversation.com/files/486966/original/file-20220928-12-cw5kk.jpg?ixlib=rb-1.1.0&rect=23%2C23%2C3970%2C2041&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">T. Schneider/Shutterstock</span></span></figcaption></figure><p>Shortly after Australian telecommunications company Optus announced the identity data of millions of customers had been stolen, a person claiming to be the hacker announced they would delete the data for US$1 million.</p>
<p>When Optus didn’t pay, the purported hacker published 10,000 stolen records and threatened to release ten thousand more every day until the ransom deadline. These leaked records contained identity information such as driver’s license, passport and Medicare numbers, as well as <a href="https://www.theguardian.com/business/2022/sep/27/police-all-over-dark-web-ransom-threat-to-release-10000-customer-records-a-day-optus-ceo-says">parliamentary and defense contact information</a>.</p>
<p>A few hours after the data drop, the purported hacker <a href="https://www.abc.net.au/news/2022-09-27/optus-data-breach-cyber-attack-hacker-ransom-sorry/101476316">unexpectedly apologised</a> and claimed to have deleted the data due to “too many eyes”, suggesting fear of being caught. Optus confirms they <a href="https://www.theguardian.com/business/2022/sep/27/alleged-optus-hacker-apologises-for-data-breach-and-drops-ransom-threat">did not pay the ransom</a>.</p>
<h2>They’ve said they deleted the data – now what? Is it over?</h2>
<p>Communication from the person claiming to be the hacker and the release of 10,200 records have all occurred on a website dedicated to buying and selling stolen data.</p>
<p>The data they released are now easily available and appear to be legitimate data stolen from Optus (their legitimacy has not been verified by Optus or the Australian Federal Police; the FBI in the United States <a href="https://www.afr.com/companies/telecommunications/more-optus-data-details-dumped-online-overnight-20220927-p5bl7s">has now been called in</a> to help the investigation).</p>
<p>The question then is – why would the hacker express remorse and claim to delete the data?</p>
<p>Unfortunately, while the purported hacker did appear to possess the legitimate data, there is no way to verify the deletion. We have to ask: what would the hacker gain from claiming to delete them?</p>
<p>It is likely a copy still remains, and it’s even possible the post is a ploy to convince victims not to worry about their security – to increase the likelihood of successful attacks using the data. There is also no guarantee the data were not already sold to a third party. </p>
<h2>What next?</h2>
<p>Whatever the motivations of the person claiming to be the hacker, their actions suggest we should continue to expect all records stolen from Optus do remain in malicious hands.</p>
<p>Despite the developments, <a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">recommendations still stand</a> – you should still be taking proactive action to protect yourself. These actions are good cyber hygiene practices no matter the circumstances.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide</a>
</strong>
</em>
</p>
<hr>
<p>An extra measure offered recently is <a href="https://www.theguardian.com/australia-news/2022/sep/27/optus-data-breach-australians-will-be-able-to-change-their-drivers-licence-with-telco-to-pay">changing your driver’s license number</a>, <a href="https://www.passports.gov.au/optus-data-breach">ordering a new passport</a> and <a href="https://www.servicesaustralia.gov.au/what-to-do-if-youve-been-affected-recent-optus-data-breach">Medicare card</a>.</p>
<p>However it is unclear at this early stage whether free options to change these documents will be made to all data breach victims, or only a subset of victims.</p>
<h2>Can I find out whether my data were part of the 10,200 leaked records?</h2>
<p>Reports of <a href="https://eftm.com/2022/09/scammers-already-targeting-optus-customers-exposed-in-million-dollar-ransom-demand-227627">people being contacted by scammers</a> suggest they are already being used.</p>
<p>Troy Hunt, the Australian cyber security professional who maintains <a href="https://haveibeenpwned.com/">HaveIBeenPwned</a> – a website you can use to check whether your data are part of a known breach – has announced he will <a href="https://twitter.com/troyhunt/status/1574582128385224705">not add the leaked data to the site</a> at this stage. So this method will not be available.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1574582132969656320"}"></div></p>
<p>The best course of action in this case is to assume your data may have been released until <a href="https://www.linkedin.com/posts/victordominello_digital-cybersecurity-activity-6980423491669946368-UWWj">Optus notifies people in the coming week</a>.</p>
<h2>Are the released data already being used?</h2>
<p>The least technically sophisticated method of targeting Optus customers is to use the details to make direct contact and ask for a ransom. There are reports blackmailers are <a href="https://www.theguardian.com/business/2022/sep/27/alleged-optus-hacker-apologises-for-data-breach-and-drops-ransom-threat">already targeting breach victims</a> via text message, claiming to have the data and threatening to post it on the dark web unless the victim pays.</p>
<p>The data have already leaked and claims about deleting the data are untrue. Paying anyone who makes these claims will not increase the security of your information.</p>
<p>Data recovery scams – where scammers target victims offering help to remove their data from the dark web or recover any money lost for a fee – <a href="https://7news.com.au/technology/optus/cyber-criminals-using-optus-hack-to-target-anxious-australian-customers-with-new-scams-c-8371154">have also become prominent</a>. Instead of helping, they steal money or obtain more information from the victim. Anyone who claims to be able to scrub the data from the dark web is claiming to put toothpaste back in the tube. It isn’t possible.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1574614032858124288"}"></div></p>
<p>The data could also be used to identify family members to make the “<a href="https://www.accc.gov.au/media-release/accc-warning-of-suspicious-messages-as-%E2%80%9Chi-mum%E2%80%9D-scams-spike">Hi Mum</a>” or family impersonation scam more convincing. This involves scammers posing as a family member or friend from a new phone number, often using WhatsApp, in need of urgent financial help. Anyone receiving this kind of text message should make every effort to contact their family member or friend by other means.</p>
<h2>What else can my data be used for?</h2>
<p>The scams involved with these data will only grow in the coming days and weeks and may not be confined to the digital world.</p>
<p>Other possible uses involve activities like attempting to take over valuable online accounts or your SIM card, or setting up new financial services and SIM cards in your name. The advice we provided in <a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">our previous article</a> applies to these.</p>
<p>Additionally, anyone with reason to be concerned about physical safety if their location is known (for example domestic abuse survivors) should consider the possibility that their names, telephone numbers and address may have leaked or may in the future.</p>
<p>If you have been the victim of fraud or identity theft as a result of this breach or any others, you can contact <a href="https://www.idcare.org">IDCare</a> for additional aid and <a href="https://www.cyber.gov.au/acsc/report">Cyber Report</a> to report the crime.</p><img src="https://counter.theconversation.com/content/191494/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>If you’ve been affected by the Optus data breach, the danger is far from over – no matter what the purported hacker is claiming.Jennifer J. Williams, PhD Candidate, Macquarie UniversityJeffrey Foster, Associate Professor in Cyber Security Studies, Macquarie UniversityTamara Watson, Associate Professor in Psychological Science, Western Sydney UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1881592022-08-04T05:17:15Z2022-08-04T05:17:15ZDon’t fall for the snake oil claims of ‘structured water’. A chemist explains why it’s nonsense<figure><img src="https://images.theconversation.com/files/477541/original/file-20220804-11251-3piin1.jpg?ixlib=rb-1.1.0&rect=8%2C26%2C5796%2C3838&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://unsplash.com/photos/i14h2xyPr18">Yoann Boyer / Unsplash</a></span></figcaption></figure><p>Is there a “fourth phase of water”? From time to time you might see people talking up the health benefits of so-called hexagonal water, or structured water, or exclusion-zone (EZ) water.</p>
<p>A few weeks ago Kourtney Kardashian’s Poosh website was <a href="https://www.the-sun.com/entertainment/5814713/kourtney-ripped-urging-fans-to-buy-2-5k-filter/">spruiking</a> a US$2,500 “structured water filter”. Last weekend even Australia’s Sydney Morning Herald got in on the act, running a now-deleted story on the virtues of “structured water”.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1553511426077011968"}"></div></p>
<p>So what’s going on? </p>
<p>As a professor of chemistry, I can tell you “EZ water” is nonsense. But let’s talk about what it’s supposed to be, and how it’s supposed to work.</p>
<h2>What is EZ water?</h2>
<p>EZ water has its origins in <a href="https://www.pollacklab.org/research">observations by Gerald Pollack</a>, a professor of bioengineering at the University of Washington. He was studying the behaviour of water near “hydrophilic” surfaces, which are made of materials with a very strong attraction to water. </p>
<p>Pollack found that water pushes away objects such as plastic microspheres, salt and even dye molecules from the region close to a very hydrophilic surface. </p>
<p>Pollack’s explanation for this behaviour is that the structure of water changes in the “exclusion zone”. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-snake-oil-got-a-bad-name-165574">How snake oil got a bad name</a>
</strong>
</em>
</p>
<hr>
<p>While water molecules are made of two hydrogen atoms and one oxygen atom (with the familiar formula H₂O), Pollack believes EZ water has an extra hydrogen atom and an extra oxygen atom (formula H₃O₂). This change supposedly results in a negative electric charge and a layered hexagonal network arrangement of atoms in the water. </p>
<p>Hydrophilic surfaces exists in the cells of the human bodies, so some have argued EZ water is “more natural” than ordinary water, and therefore must have manifold health benefits.</p>
<h2>Tenuous health claims</h2>
<p>The now-deleted <a href="https://web.archive.org/web/20220730111003/http://www.smh.com.au/lifestyle/health-and-wellness/better-than-tap-the-science-behind-structured-water-20220725-p5b4bn.html">Sydney Morning Herald article</a> interviewed a supposed expert in water structure science called Rob Gourlay. </p>
<p>He makes many common claims for structured water: it is more natural, it has negative electric charge, it flows into our cells more quickly than ordinary water, and has many other supposed health benefits.</p>
<p>Though the article failed to mention it, a quick search reveals Robert Gourlay’s job title as <a href="https://www.phion.com.au/about-us/">“chief scientist” of a company called Phi’on</a>, which sells water structuring devices. </p>
<h2>From the plausible to the preposterous</h2>
<p>Let’s have a look at these claims. Some of them are plausible, while some are preposterous.</p>
<p>We know that water behaves differently near an interface with another substance, because it is no longer only interacting with other water molecules. Surface tension is a familiar example of this phenomenon.</p>
<p>We also know that water behaves differently if it is confined in a very small space, on a scale of billionths of a metre.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/an-untapped-resource-how-water-became-the-ultimate-consumer-product-9609">An untapped resource: how water became the ultimate consumer product</a>
</strong>
</em>
</p>
<hr>
<p>As such, there is no special reason to be immediately sceptical of Pollack’s experimental findings about the behaviour of water in the “exclusion zone”. They are indeed interesting, and many aspects have been reproduced. </p>
<p>But Pollack’s explanations for the behaviour have no basis. </p>
<h2>Follow the atoms</h2>
<p>If water somehow changed into a H₃O₂ form, simple arithmetic shows that turning two molecules of H₂O into one of H₃O₂ would leave an extra hydrogen atom floating around. </p>
<p>We would expect to see this hydrogen released as H₂ gas. Alternatively, the reaction would need to bring in extra oxygen from the air. A simple experiment would show that neither of these happen. </p>
<p>EZ water, for all its interesting properties, cannot be anything but H₂O. Pollack does not propose the H₃O₂ structure in a peer-reviewed publication, and other explanations have been put forth to explain his published experimental findings. </p>
<p>And the hexagonal structure for H₃O₂ which Pollack proposes, if stable and rigid, would not flow like a liquid.</p>
<h2>Water has no memory</h2>
<p>But suppose water in the exclusion zone did have some special structure. Could it be bottled and keep its properties?</p>
<p>All signs point to no. </p>
<p>In water with a neutral pH (neither acidic nor alkaline), about one molecule in every billion has an extra hydrogen atom that has jumped across from another molecule. This creates one positively charged H₃O<sup>+</sup> ion and one negatively charged OH<sup>–</sup> ion.</p>
<p>The extra protons (H<sup>+</sup>) that make H₃O<sup>+</sup> ions are highly mobile – they rapidly leap from one molecule to another. This happens so fast that each of the hydrogen atoms in a given water molecule is replaced 1,000 times each second.</p>
<p>There are also short-lived attractions between the oxygen atoms in one molecule and the hydrogen atoms in a neighbouring molecule called “hydrogen bonds”. In liquid water at room temperature these bonds only last millionths of a millionth of a second. </p>
<p>The rapid movement of hydrogen atoms, and the flickering on and off of hydrogen bonds, mean that any structure in EZ water would dissipate very quickly. In bulk, water has forgotten its neighbours within picoseconds and has switched its hydrogen atoms in milliseconds. This is why it is liquid. </p>
<p>Experiments using intense laser pulses to disrupt the structure of water also show that it <a href="https://aip.scitation.org/doi/10.1063/1.1288690">recovers within picoseconds</a>. So any bulk water structure that is different from the usual kind that flows from our taps does not last much longer than a few millionths of a millionth of a second.</p>
<h2>Water is water</h2>
<p>So what does it all add up to? Put simply, it is not possible to buy any other type of water than regular water. You can change the pH, you can change the dissolved ions and gases, but not the water itself.</p>
<p>The snake-oil merchants selling structured water products use scientific-sounding words that are generally meaningless and are at best based on misinterpretations and abuses of Pollack’s experiments. </p>
<p>Pollack distances himself from most companies selling structured water products. He has his own structured water company, which among other products sells a “filterless water filter”.</p><img src="https://counter.theconversation.com/content/188159/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Timothy Schmidt does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>What is ‘structured water’ (aka hexagonal water, EZ water, or H3O2)? You might see people advertising it, but it’s not a real thing.Timothy Schmidt, Professor of Chemistry, UNSW SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1863802022-07-06T19:55:47Z2022-07-06T19:55:47Z5 big trends in Australians getting scammed<figure><img src="https://images.theconversation.com/files/472737/original/file-20220706-16-4kib7q.jpg?ixlib=rb-1.1.0&rect=600%2C413%2C3987%2C1959&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Greed, desire, wishful thinking and naivety are lucrative markets for scam artists – and their age-old hustles are increasingly being supplemented by digital chicanery.</p>
<p>In 2021 Australians lost an estimated $2 billion to fraudsters, more than double that of 2020, according to the Australian Competition and Consumer Commission.</p>
<p>The consumer watchdog’s latest <a href="https://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity/targeting-scams-report-of-the-accc-on-scams-activity-2021">scam report</a> details more than 20 different scam types, primarily based on reports made to its <a href="https://www.scamwatch.gov.au/">Scamwatch</a> agency. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/australians-lost-2b-to-fraud-in-2021-this-figure-should-sound-alarm-bells-for-the-future-186459">Australians lost $2b to fraud in 2021. This figure should sound alarm bells for the future</a>
</strong>
</em>
</p>
<hr>
<p>Some scams are perennials. Topping Scamwatch’s list are investment scams, dating and romance scams, false billing, remote access scams (convincing you to allow access to your computer or phone), and threats or blackmail.</p>
<hr>
<p><iframe id="FiF12" class="tc-infographic-datawrapper" src="https://datawrapper.dwcdn.net/FiF12/3/" height="400px" width="100%" style="border: none" frameborder="0"></iframe></p>
<hr>
<p>This article is going to focus on the five scam types that have grown most in value from 2020. </p>
<p>These aren’t necessarily the scams anyone (including you) is most likely to fall for. But they provide a useful snapshot of how scam techniques that rely on human nature are increasingly being executed via technology.</p>
<h2>1. Ransomware and malware</h2>
<p>This type of scam has been on the wane due to the use of anti-malware protection. But in 2021 it roared back with a 1,482% rise in reported losses over 2020. </p>
<p>This was mostly due to 2020 numbers being much lower than 2019, but the reported costs per incident (about $21,704) are still worrying given how easily such scams can be spread.</p>
<p>They typically involve installing malicious software on your computer or phone to make files inaccessible or lock the device. This is done by sending a bogus email, text message or voicemail with an enticing message directing you to a link that automatically installs the malicious software when you open it. The scammer then demands a payment to “unlock” the system. </p>
<figure class="align-center ">
<img alt="Messages about deliveries are a common way to spread malware." src="https://images.theconversation.com/files/472733/original/file-20220706-21-826fz2.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/472733/original/file-20220706-21-826fz2.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=370&fit=crop&dpr=1 600w, https://images.theconversation.com/files/472733/original/file-20220706-21-826fz2.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=370&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/472733/original/file-20220706-21-826fz2.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=370&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/472733/original/file-20220706-21-826fz2.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=465&fit=crop&dpr=1 754w, https://images.theconversation.com/files/472733/original/file-20220706-21-826fz2.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=465&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/472733/original/file-20220706-21-826fz2.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=465&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Messages about deliveries are a common way to spread malware.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<p>Contributing to ransomware’s resurgence was the Flubot scam, in which tens of thousands of Australians with Android phones received scam text messages about missed calls or deliveries. The malware could harvest banking details as well as use contact lists to spread to other devices. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/is-australia-a-sitting-duck-for-ransomware-attacks-yes-and-the-danger-has-been-growing-for-30-years-161818">Is Australia a sitting duck for ransomware attacks? Yes, and the danger has been growing for 30 years</a>
</strong>
</em>
</p>
<hr>
<h2>2. Pyramid schemes</h2>
<p>The pyramid scheme promises you riches by recruiting others to the scheme. While such recruitment is also a feature of multi-level marketing (also known as referral selling schemes), in an illegal pyramid scheme financial returns are entirely or substantially reliant on convincing other people to join.</p>
<p>In 2021 reported losses from pyramid schemes were 368% higher than in 2020. This was due, as with malware, to losses in 2020 being abnormally low. But even though the total number of reported cases was quite low (fewer than 500) the percentage of of those reports involving people losing money was one of the highest (44%), with an average loss of $6,239. </p>
<p>This suggests pyramid scams remain quite alluring to some people. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/1QkZcdCDJJg?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Pyramid and ponzi schemes explained in one minute.</span></figcaption>
</figure>
<h2>3. Identity theft</h2>
<p>Identity theft – using your personal information to steal money from you or someone else – is one of the most challenging scams to deal with. It may involve stealing money from your own account or using your identity for credit purchases, which you then have to untangle. </p>
<p>This is a true growth area. In 2021 there 22,354 identity theft reports, up from 20,939 in 2020. While only 951 of these cases (about 4%) reported losses, average losses more than doubled to about $10,683. The total losses ($10,159,930) were 230% higher than in 2020. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-cybercriminals-turn-paper-checks-stolen-from-mailboxes-into-bitcoin-173796">How cybercriminals turn paper checks stolen from mailboxes into bitcoin</a>
</strong>
</em>
</p>
<hr>
<h2>4. Investment scams</h2>
<p>Investment scams tempt victims with promises of large profits from share deals and crypto-currency opportunities. In 2021, 4,068 Australians reported losing more than $177 million on such scams – an average loss of about $45,350.</p>
<p>While investment scams come in many varieties, the Scamwatch report itemises three main types. Cryptocurrency scams accounted for $99 million of reported losses. The selling of fake high-yield corporate or government bonds accounted for $16 million. Ponzi schemes, which create the charade of investment success by paying dividends from the money of new victims, accounted for $8 million. </p>
<p>Ponzi schemes are named after Charles Ponzi, who in the 1920s promised to double people’s money in 45 days. One such scheme doing the rounds in 2021 was the <a href="https://www.abc.net.au/news/2021-08-26/qld-hope-business-investment-app-scam-pyramid-scheme/100396922">Hope Business</a> app, which promised windfall returns simply by paying money into an account. </p>
<p>Interestingly the consumer watchdog’s report says men were almost twice as likely to be victims of investment scams and reported double the losses of female victims.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/scams-and-cryptocurrency-can-go-hand-in-hand-heres-how-they-work-and-what-to-watch-out-for-182033">Scams and cryptocurrency can go hand in hand – here's how they work and what to watch out for</a>
</strong>
</em>
</p>
<hr>
<h2>5. Phishing</h2>
<p>Phishing, closely linked to identity theft, was the most reported scam in 2021 – with 71,308 cases, compared to 44,079 in 2020 and 25,168 in 2019. </p>
<p>These scams are usually seeking to obtain our credentials (passwords) to various services including email, online banking and government services such as MyGov.</p>
<p>That just 861 cases reported a direct financial loss suggests this is one of the most recognised scams. We’ve all had emails or SMS messages asking us to confirm our details or click a link to listen to a voicemail or receive a parcel.</p>
<p>Even so, a total of $4.3 million was reported lost from phishing scams in 2021 – 156% more than in 2020. The average loss was slightly more than $5,000. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/your-digital-footprints-are-more-than-a-privacy-risk-they-could-help-hackers-infiltrate-computer-networks-177123">Your digital footprints are more than a privacy risk – they could help hackers infiltrate computer networks</a>
</strong>
</em>
</p>
<hr>
<h2>How to avoid being scammed</h2>
<p>If something seems too good to be true, it probably is. If you have any inkling you may be being scammed, the best advice is to stop and think. </p>
<p>If you are being asked to move money, make an unexpected payment or send personal information to someone, stop. </p>
<p>If you are being asked to provide information or take some action, contact the organisation involved using a number you already have (bank statement, credit card etc) or find the number yourself.</p><img src="https://counter.theconversation.com/content/186380/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Paul Haskell-Dowland does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Scam techniques that rely on human nature are increasingly being executed via technology. Here are five that recorded big increases in 2021.Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1820332022-06-21T11:47:15Z2022-06-21T11:47:15ZScams and cryptocurrency can go hand in hand – here’s how they work and what to watch out for<figure><img src="https://images.theconversation.com/files/469023/original/file-20220615-25-5sc87d.jpg?ixlib=rb-1.1.0&rect=17%2C26%2C5779%2C3966&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The anonymous nature of cryptocurrency transactions is ideal for con artists.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/hacker-stealing-password-and-identity-computer-royalty-free-image/992840396">seksan Mongkhonkhamsao/Moment via Getty Images</a></span></figcaption></figure><p>When one of our students told us they were going to drop out of college in August 2021, it wasn’t the first time we’d heard of someone ending their studies prematurely.</p>
<hr>
<iframe id="noa-web-audio-player" style="border: none" src="https://embed-player.newsoveraudio.com/v4?key=x84olp&id=https://theconversation.com/scams-and-cryptocurrency-can-go-hand-in-hand-heres-how-they-work-and-what-to-watch-out-for-182033&bgColor=F5F5F5&color=D8352A&playColor=D8352A" width="100%" height="110px"></iframe>
<p><em>You can listen to more articles from The Conversation, narrated by Noa, <a href="https://theconversation.com/us/topics/audio-narrated-99682">here</a>.</em></p>
<hr>
<p>What was new, though, was the reason. The student had become a victim of a cryptocurrency scam and had lost all their money – including a bank loan – leaving them not just broke, but in debt. The experience was financially and psychologically traumatic, to say the least.</p>
<p>This student, unfortunately, is not alone. Currently there are hundreds of millions of cryptocurrency owners, with <a href="https://assets.ctfassets.net/hfgyig42jimx/5i8TeN1QYJDjn82pSuZB5S/85c7c9393f3ee67e456ec780f9bf11e3/Cryptodotcom_Crypto_Market_Sizing_Jan2022.pdf">estimates predicting further rapid growth</a>.
As the number of people owning cryptocurrencies has increased, so has the number of scam victims. </p>
<p>We study <a href="https://scholar.google.com/citations?hl=en&user=tLkeURsAAAAJ">behavioral economics</a> and <a href="https://scholar.google.com/citations?hl=en&view_op=list_works&gmla=AJsN-F4Duqf9w-yRoxI_zWEQFHqsNVBbjyTuzE_DcB9qQZd43DA-MXVCyxnE5gPF2STCeZGNVUb9yS-Dw3pwJFdrL22oit3ZKA&user=NsBe-cYAAAAJ">psychology</a> – and recently published a <a href="https://www.routledge.com/A-Fresh-Look-at-Fraud-Theoretical-and-Applied-Perspectives/Hanoch-Wood/p/book/9780367861445">book about the rising problem of fraud, scams and financial abuse</a>. There are reasons why cryptocurrency scams are so prevalent. And there are steps you can take to reduce your chances of becoming a victim.</p>
<h2>Crypto takes off</h2>
<p>Scams are not a recent phenomenon, with <a href="https://www.routledge.com/A-Fresh-Look-at-Fraud-Theoretical-and-Applied-Perspectives/Hanoch-Wood/p/book/9780367861445">stories about them dating back to biblical times</a>. What has fundamentally changed is the ease by which scammers can reach millions, if not billions, of individuals with a press of a button. The internet and other technologies have simply changed the rules of the game, with cryptocurrencies coming to epitomize the leading edge of these <a href="https://consumer.ftc.gov/articles/what-know-about-cryptocurrency-and-scams">new cybercrime opportunities</a>. </p>
<p>Cryptocurrencies – which are <a href="https://www.coindesk.com/learn/what-is-cryptocurrency/">decentralized, digital currencies that use cryptography to create anonymous transactions</a> – were originally driven by “<a href="https://nakamoto.com/the-cypherpunks/">cypherpunks,” individuals concerned with privacy</a>. But they have expanded to capture the minds and pockets of everyday people and criminals alike, especially during the COVID-19 pandemic, when <a href="https://harbert.auburn.edu/news/is-cryptocurrency-going-mainstream-yes-but-theres-more-to-the-story.html">the price of various cryptocurrencies shot up and cryptocurrencies became more mainstream</a>. <a href="https://www.bitdefender.com/blog/hotforsecurity/fake-covid-19-cryptocurrency-emerges-promising-to-gain-value-with-each-death">Scammers capitalized on their popularity</a>. The pandemic also caused a disruption to mainstream business, <a href="https://doi.org/10.1016/j.frl.2021.102049">leading to greater reliance on alternatives such as cryptocurrencies</a>. </p>
<p>A January 2022 report by <a href="https://www.chainalysis.com/">Chainanalysis</a>, a blockchain data platform, suggests <a href="https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction/">in 2021 close to US$14 billion was scammed</a> from investors using cryptocurrencies. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1408117635481485318"}"></div></p>
<p>For example, in 2021, two brothers from South Africa managed to <a href="https://www.bloomberg.com/news/articles/2021-06-23/s-african-brothers-vanish-and-so-does-3-6-billion-in-bitcoin">defraud investors of $3.6 billion</a> from a cryptocurrency investment platform. In February 2022, the FBI announced it had arrested a couple who used a fake cryptocurrency platform to <a href="https://www.euronews.com/next/2022/02/09/us-couple-arrested-for-alleged-fraud-after-3-6-billion-stolen-bitcoin-seized-in-a-record-h">defraud investors of another $3.6 billion</a> </p>
<p>You might wonder how they did it. </p>
<h2>Fake investments</h2>
<p>There are two main types of cryptocurrency scams that tend to target different populations. </p>
<p>One targets cryptocurrency investors, who tend to be <a href="https://doi.org/10.1093/rof/rfab034">active traders holding risky portfolios</a>. They are mostly younger investors, under 35, who <a href="https://blog.bitpanda.com/en/understanding-cryptocurrency-holders-in-europe">earn high incomes, are well educated and work in engineering, finance or IT</a>. In these types of frauds, scammers create fake coins or fake exchanges. </p>
<p><iframe id="3DI61" class="tc-infographic-datawrapper" src="https://datawrapper.dwcdn.net/3DI61/4/" height="400px" width="100%" style="border: none" frameborder="0"></iframe></p>
<p>A recent example is SQUID, a cryptocurrency coin named after the TV drama “Squid Game.” After the new coin skyrocketed in price, its creators <a href="https://www.cnn.com/2021/11/01/investing/squid-game-cryptocurrency-scam/index.html">simply disappeared with the money</a>. </p>
<p>A variation on this scam involves enticing investors to be among the first to purchase a new cryptocurrency – a process called an initial coin offering – with promises of large and fast returns. But unlike the SQUID offering, no coins are ever issued, and would-be investors are left empty-handed. In fact, <a href="https://research.bloomberg.com/pub/res/d28giW28tf6G7T_Wr77aU0gDgFQ">many initial coin offerings turn out to be fake</a>, but because of the complex and evolving nature of these new coins and technologies, even educated, experienced investors can be fooled. </p>
<p>As with all risky financial ventures, anyone considering buying cryptocurrency should follow the age-old advice to thoroughly research the offer. Who is behind the offering? What is known about the company? Is a white paper, an informational document issued by a company outlining the features of its product, available? </p>
<p>In the SQUID case, one warning sign was that investors who had bought the coins were unable to sell them. The SQUID website was also riddled with grammatical errors, which is typical of many scams. </p>
<h2>Shakedown payments</h2>
<p>The second basic type of cryptocurrency scam simply uses cryptocurrency as the payment method to transfer funds from victims to scammers. All ages and demographics can be targets. These include ransomware cases, romance scams, computer repair scams, sextortion cases, Ponzi schemes and the like. Scammers are simply capitalizing on the anonymous nature of cryptocurrencies to hide their identities and evade consequences.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/469076/original/file-20220615-14-58glsr.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Close-up of man's fingers typing an 'I love you' text message on a mobile phone." src="https://images.theconversation.com/files/469076/original/file-20220615-14-58glsr.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/469076/original/file-20220615-14-58glsr.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=376&fit=crop&dpr=1 600w, https://images.theconversation.com/files/469076/original/file-20220615-14-58glsr.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=376&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/469076/original/file-20220615-14-58glsr.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=376&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/469076/original/file-20220615-14-58glsr.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=473&fit=crop&dpr=1 754w, https://images.theconversation.com/files/469076/original/file-20220615-14-58glsr.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=473&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/469076/original/file-20220615-14-58glsr.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=473&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Romance frauds often result in requests for cryptocurrency.</span>
<span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/sending-i-love-you-text-message-with-mobile-phone-royalty-free-image/1158779123">Tero Vesalainen/iStock via Getty Images</a></span>
</figcaption>
</figure>
<p>In the recent past, scammers would request wire transfers or gift cards to receive money – as they are irreversible, anonymous and untraceable. However, such payment methods do require potential victims to leave their homes, where they might encounter a third party who can intervene and possibly stop them. Crypto, on the other hand, can be purchased from anywhere at any time. </p>
<p>Indeed, Bitcoin has become the most common currency requested in ransomware cases, <a href="https://blog.emsisoft.com/en/33977/is-ransomware-driving-up-the-price-of-bitcoin/#:%7E:text=Bitcoin%20accounted%20for%20about%2098,part%20of%20the%20ransomware%20model">being demanded in close to 98% of cases</a>. According to the U.K. National Cyber Security Center, sextortion scams often request individuals to <a href="https://www.ncsc.gov.uk/guidance/sextortion-scams-how-to-protect-yourself">pay in Bitcoin and other cryptocurrencies</a>. Romance scams targeting younger adults are <a href="https://www.ncsc.gov.uk/guidance/sextortion-scams-how-to-protect-yourself">increasingly using cryptocurrency</a> as part of the scam. </p>
<p>If someone is asking you to transfer money to them via cryptocurrency, you should see a giant red flag. </p>
<h2>The Wild West</h2>
<p>In the field of financial exploitation, more work has been done to study and educate elderly scam victims, because of the <a href="https://doi.org/10.1007/s11606-014-2946-2">high levels of vulnerability in this group</a>. Research has identified common traits that make someone especially vulnerable to scam solicitations. They include <a href="https://doi.org/10.1177/0963721421995489">differences in cognitive ability, education, risk-taking and self-control</a>.</p>
<p>Of course, younger adults can also be vulnerable and indeed are becoming victims, too. There is a clear need to broaden education campaigns to include all age groups, including young, educated, well-off investors. We believe authorities need to step up and employ new methods of protection. For example, the regulations that currently apply to financial advice and products could be extended to the cryptocurrency environment. Data scientists also need to better track and trace fraudulent activities. </p>
<p>Cryptocurrency scams are especially painful because the probability of retrieving lost funds is close to zero. For now, cryptocurrencies have no oversight. They are simply the Wild West of the financial world.</p><img src="https://counter.theconversation.com/content/182033/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>From initial coin offerings that are totally fake to fraudsters demanding payments in crypto, scams involving cryptocurrencies are on the rise. Two experts explain why – and how to protect yourself.Yaniv Hanoch, Associate Professor in Risk Management, University of SouthamptonStacey Wood, Professor of Psychology, Scripps CollegeLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1817202022-04-27T19:58:25Z2022-04-27T19:58:25ZCan your mobile phone get a virus? Yes – and you’ll have to look carefully to see the signs<figure><img src="https://images.theconversation.com/files/459988/original/file-20220427-24-hwrpt4.jpeg?ixlib=rb-1.1.0&rect=75%2C67%2C5531%2C3665&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>With nearly <a href="https://www.bankmycell.com/blog/how-many-phones-are-in-the-world">84%</a> of the world’s population now owning a smartphone, and our dependence on them growing all the time, these devices have become an attractive avenue for scammers. </p>
<p>Last year, cyber security company Kaspersky detected nearly <a href="https://securelist.com/mobile-malware-evolution-2021/105876/">3.5 million</a> malicious attacks on mobile phone users. The spam messages we get on our phones via text message or email will often contain links to viruses, which are a type of malicious software (malware).</p>
<p>There’s a decent chance that at some point you’ve installed <a href="https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6138859">malware</a> that infected your phone and worked (without you noticing) in the background. According to a global report commissioned by private company Zimperium, more than <a href="https://www.zimperium.com/global-mobile-threat-report/">one-fifth</a> of mobile devices have encountered malware. And four in ten mobiles worldwide are <a href="https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/">vulnerable</a> to cyber attacks.</p>
<p>But how do you know if your phone has been targeted? And what can you do?</p>
<h2>How does a phone get infected?</h2>
<p>Like personal computers, phones can be compromised by malware. </p>
<p>For example, the Hummingbad virus infected <a href="https://www.wired.co.uk/article/hummingbad-malware-10-million-android-devices">ten million</a> Android devices within a few months of its creation in 2016, and put as many as <a href="https://www.theguardian.com/technology/2016/jul/06/what-is-hummingbad-malware-android-devices-checkpoint">85 million</a> devices at risk. </p>
<p>Typically, a phone virus works the same way as a computer virus: a malicious code infects your device, replicates itself and spreads to other devices by auto-messaging others in your contact list or auto-forwarding itself as an email.</p>
<p>A virus can limit your phone’s functionality, send your personal information to hackers, send your contacts spam messages linking to malware, and even allow the virus’s operator to “spy” on you by capturing your screen and keyboard inputs, and tracking your geographical location. </p>
<p>In Australia, Scamwatch received <a href="https://www.scamwatch.gov.au/news-alerts/missed-delivery-call-or-voicemail-flubot-scams">16,000 reports</a> of the Flubot virus over just eight weeks in 2021. This <a href="https://suretyit.com.au/blog/what-is-the-flubot-virus/">virus</a> sends text messages to Android and iPhone users with links to malware. Clicking on the links can lead to a malicious app being downloaded on your phone, giving scammers access to your personal information. </p>
<p>Flubot scammers regularly change their <a href="https://www.bitdefender.com/blog/labs/new-flubot-and-teabot-global-malware-campaigns-discovered">target countries</a>. According to cyber security firm Bitdefender, FluBot operators targeted Australia, Germany, Poland, Spain, Austria and other European countries between December 1 2021 and January 2 of this year. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/being-bombarded-with-delivery-and-post-office-text-scams-heres-why-and-what-can-be-done-167975">Being bombarded with delivery and post office text scams? Here's why — and what can be done</a>
</strong>
</em>
</p>
<hr>
<h2>Is either Apple or Android more secure?</h2>
<p>While Apple devices are generally considered more secure than Android, and <a href="https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6637558">less prone</a> to virus attacks, iPhone users who “jailbreak” or modify their phone open themselves up to security vulnerabilities.</p>
<p>Similarly, Android users who install apps from outside the Google Play store increase their risk of installing malware. It’s recommended all phone users stay on guard, as both Apple and Android are <a href="https://www.forbes.com/sites/zakdoffman/2021/03/16/iphone-12-pro-max-and-iphone-13-not-more-secure-than-google-and-samsung-android-warns-cyber-billionaire/?sh=596442d623f8">vulnerable</a> to security risks.</p>
<p>That said, phones are generally better protected against viruses than personal computers. This is because software is usually installed through authorised app stores that vet each app (although some malicious apps can occasionally slip through <a href="https://blog.pradeo.com/spyware-facestealer-google-play">the cracks</a>). </p>
<p>Also, in comparison to computers, phones are more secure as the apps are usually “<a href="https://source.android.com/security/app-sandbox">sandboxed</a>” in their own isolated environment – unable to access or interfere with other apps. This reduces the risk of infection or cross contamination from malware. However, no device is entirely immune.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/459712/original/file-20220426-12-4550kz.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A smartphone with a virus alert warning is held up by a hand in front of a dark background." src="https://images.theconversation.com/files/459712/original/file-20220426-12-4550kz.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/459712/original/file-20220426-12-4550kz.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=338&fit=crop&dpr=1 600w, https://images.theconversation.com/files/459712/original/file-20220426-12-4550kz.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=338&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/459712/original/file-20220426-12-4550kz.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=338&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/459712/original/file-20220426-12-4550kz.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=424&fit=crop&dpr=1 754w, https://images.theconversation.com/files/459712/original/file-20220426-12-4550kz.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=424&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/459712/original/file-20220426-12-4550kz.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=424&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Apple devices are generally considered more secure against malware than Android devices, but they’re still at risk.</span>
<span class="attribution"><span class="source">Pixabay/Pexels.com (edited)</span>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<h2>Watch out for the signs</h2>
<p>While it’s not always easy to tell whether your phone is infected, it will exhibit some abnormal behaviours if it is. Some signs to watch out for include:</p>
<ul>
<li><p>poor performance, such as apps taking longer than usual to open, or crashing randomly</p></li>
<li><p>excessive battery drain (due to the malware constantly working in the background)</p></li>
<li><p>increased mobile data consumption</p></li>
<li><p>unexplained billing charges (which may include increased data usage charges as a result of the malware chewing up your data)</p></li>
<li><p>unusual pop-ups, and</p></li>
<li><p>the device overheating unexpectedly.</p></li>
</ul>
<p>If you do suspect a virus has infected your device, there are some steps you can take. First, to prevent further damage you’ll need to remove the malware. Here are some simple troubleshooting steps:</p>
<ol>
<li><p>Use a reliable antivirus app to scan your phone for infections. Some reputable vendors offering paid and free protection services include <a href="https://apps.apple.com/us/app/avast-security-privacy/id1276551855">Avast</a>, <a href="https://www.avg.com/en-au/antivirus-for-android#pc">AVG</a>, <a href="https://www.bitdefender.com/solutions/mobile-security-android.html">Bitdefender</a>, <a href="https://www.mcafee.com/en-us/antivirus/mobile.html">McAfee</a> or <a href="https://us.norton.com/products/mobile-security-for-android">Norton</a>.</p></li>
<li><p>Clear your phone’s storage and cache (in Android devices), or browsing history and website data (in Apple devices).</p></li>
<li><p>Restart your iPhone, or restart your Android phone to <a href="https://www.digitaltrends.com/mobile/how-to-turn-safe-mode-on-and-off-in-android/">go into safe mode</a> – which is a feature on Android that prevents third-party apps from operating for as long as it’s enabled.</p></li>
<li><p>Delete any suspicious or unfamiliar apps from your downloaded apps list and, if you’re an Android user, turn safe mode off once the apps are deleted.</p></li>
</ol>
<p>As a last resort, you can back up all your data and perform a factory reset on your phone. Resetting a phone to its original settings will eliminate any malware.</p>
<h2>Protecting your phone from infection</h2>
<p>Now you’ve fixed your phone, it’s important to safeguard it against future viruses and other security risks. The mobile security apps mentioned above will help with this. But you can also:</p>
<ul>
<li><p>avoid clicking unusual pop-ups, or links in unusual text messages, social media posts or emails</p></li>
<li><p>only install apps from authorised app stores, such as Google Play or Apple’s App Store</p></li>
<li><p>avoid jailbreaking or modifying your phone</p></li>
<li><p>check app permissions before installing, so you’re aware of what the app will access (rather than blindly trusting it)</p></li>
<li><p>back up your data regularly, and</p></li>
<li><p>keep your phone software updated to the latest version (which will have the latest security patches).</p></li>
</ul>
<p>Continually monitor your phone for suspicious activity and trust your gut instincts. If something sounds too good to be true, it probably is.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/nvIXGeB1WgE?wmode=transparent&start=38" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Google’s tips on how to spot malware.</span></figcaption>
</figure><img src="https://counter.theconversation.com/content/181720/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Ritesh Chugh does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>It’s true that phones aren’t as prone to viruses as computers – but they’re still far from immune.Ritesh Chugh, Associate Professor - Information and Communications Technology, CQUniversity AustraliaLicensed as Creative Commons – attribution, no derivatives.