How to spot an impersonation scam
By Mark Bardzinski | 05/07/2023
Impersonation scams, where a person pretends to be an authority, such as the police or an organisation (e.g. your bank or the Australian Tax Office) are on the rise. Unfortunately, it can take a scammer mere minutes via phone, email, SMS or other messaging application to obtain the information required to change a password, access your accounts and/or make a fraudulent transaction.
These contacts, whether via phone or in writing, aim to do two things: build trust quickly and create a sense of urgency. There’s typically a tried and tested formula to leave you feeling worried and fearful about the potential consequences, making you feel you need to act immediately without your usual due diligence.
One increasingly common impersonation scam involves the caller pretending to be tech support at an internet service provider. They often tell their intended victim that their account has been compromised and they need to act quickly to secure it. The action requires the victim to give the caller access to their computer via a remote application.
Once this access has been granted to ‘fix’ the problem, the scam caller can quickly access stored passwords, email accounts and personal information – a gold mine for a scammer. They may also use the access to secretly install third-party software that monitors your activity so the scammers get real-time access to your data.
These scams are truly insidious. They can trick even the most savvy of us because they create a sense of fear and panic, designed to leave the intended victim with little time or ability to think clearly. So, it’s essential to be aware of the red flags.
And even more importantly, know that you should never give anyone access to personal information via email, text, message app or phone without being sure you are genuinely speaking to someone from that organisation.
The best way to do this is to simply say that you will call them back directly before the conversation has passed their introduction and hang up. Numbers for local police offices, banks and utilities will be readily available online or on your bank card, phone bill, etc. Never contact a number or visit a website provided by the caller. Look it up yourself via the usual channels and call.
If it was a genuine call, the organisation will have the information on your account, and the representative who takes your call will help or transfer you to the person who can. No genuine caller will be angry that you want to do this due diligence. If the caller creates further urgency, gets annoyed or makes threats, this is simply a further indication that it may be a scam.
How impersonation scams work
Making contact: These scams often start with unexpected contact by phone, email, SMS or messaging application, often claiming to be from your bank, utilities, government department, other supplier or even the police.
Building trust: The scammer will often use an innocuous reason for the call initially, such as a routine check-in or a straightforward problem with a payment or account that can be quickly resolved.
Creating urgency: This routine check or small problem will often lead them to quickly ‘find’ a far more ‘urgent’ problem. Then they will reassure you that they can help – you just need to act immediately.
Requesting information: Next, they will ask for personal information under the guise of resolving this pressing issue. This information will be used to request a genuine code from the bank/supplier/government department, which will be sent to you.
Confirming identity: Now, they’ll tell you you’ll receive a code that will allow them to fix the problem or confirm your identity. And you will receive it, but it will be a genuine code from the actual organisation.
Code received: Once you provide the code to the scammer, it will be used immediately to reset your password, change your contact details or authorise a transaction. It may be days before you know that a transaction has been made or that access to your account has been changed.
We encourage you to take a look at Moneysmart’s Scams Factsheet for more helpful advice.
Ask before you act
Your Apt Adviser is happy to answer any questions or concerns you have about these scams. And remember, there are no silly questions when it comes to your online safety.
It’s always better to ask before you act. If it turns out to be a legitimate request, you’ve only spent a little extra time doing some due diligence. This should not be a problem for the institution, company or government department requesting the information. In fact, they should encourage you to exercise caution in the current climate.
And, if it turns out to have been a scam, you’ve likely saved yourself from significant financial and emotional impact.
What should you do if you think you have fallen victim to a scam?
Contact your bank immediately if you have given any personal information or provided codes to an unknown or suspected scam caller so they can put an immediate stop to any action on your accounts.
You should also check and monitor your credit report to ensure no fraudulent credit applications are being made in your name.
You may also want to call IDCARE, Australia and New Zealand’s national identity and cyber support service, a free service to help you navigate your next steps and limit any future damage.
If you are being asked to provide information and are unsure if it is a scam, call the institution concerned (e.g. your bank) on their publicly listed phone number, or speak to a trusted adviser, family member or friend before taking any action.
General Advice warning
The information provided in this blog does not constitute financial product advice. The information is of a general nature only and does not take into account your individual objectives, financial situation or needs. It should not be used, relied upon, or treated as a substitute for specific professional advice. Apt Wealth Partners (AFSL and ACL 436121 ABN 49 159 583 847) and Apt Wealth Home Loans (powered by Smartline ACL 385325) recommends that you obtain professional advice before making any decision in relation to your particular requirements or circumstances.