OJ Computers - Meeting all your IT needs since 1995!

Online scams for 2020

The following are some of the latest email scams we've become aware of.  The list is by no means conclusive and there appears to be new ones every day.  Many seem to be coming from reputable brands such as banks, telcos and even government agencies but closer looks can reveal that the senders are not who they say they are.
Fake and scam emails can result in damage to your computer, hacking into your financial accounts, password and identity theft (among other risks).

Simple checklist when dealing with emails:

  • Do not open any attachment or click on any link unless you are absolutely sure that the email is genuine.
  • Check the sender's email address - the majority are from overseas email addresses (no au on the end)
  • If you don't know the sender or where the email is from DELETE it
  • If you know the sender but aren't sure about the content contact the person who sent it to verify it's genuine ... but not by simply replying to the email

MyGov SMS warning

17 July 2020:
The following warning comes via the Australian Cyber Security Centre:

The Australian Taxation Office (ATO) is receiving increased reports of several myGov-related SMS and email scams.
At this time of year, when people expect some form of interaction with the ATO during tax time, be aware that cybercriminals take advantage by pretending to be the ATO or myGov. These scams look like they’ve come from a myGov or ATO email address and they ask you to click on a link to verify your details.
To make them seem more legitimate, cybercriminals use technology that causes these messages to appear in the same conversation thread as genuine messages from myGov or ATO addresses. The image below is an example of this scam message.
If clicked on, the hyperlink takes you to a fake website that asks you to provide your details and other personal information for ‘verification purposes’.
As always our advice is DON’T click any links and DON’T provide the information requested.
Does it affect me?
These SMS and email scams are widely circulating around Australia, so anyone can receive them.
Protect yourself and others from these scams
If you receive one of these scam texts or emails, do not click on the links and do not provide the information requested.
* Know that the ATO will never send an email or SMS asking you to access online services via a URL.
* Sign into your myGov account at my.gov.au to check the status of your online tax affairs at any time.
* For added security on your myGov account, turn on two-factor authentication (2FA). For example, opting to receive a security code via SMS when you log into your myGov account.
* To set up your security code, sign in to your myGov account and turn it on in 'Account settings'.
* If you receive an SMS or email that looks like it’s from myGov but it contains a link or appears suspicious, email reportascam@servicesaustralia.gov.au.
* If you have clicked on a link or provided your personal information, contact Services Australia on 1800 941 126.

Where possible, hover over web links without clicking on them to check where the link will take you – if it looks like it will take you away from the platform’s official website, don’t click on it.  
More information 
The ACSC’s Stay Smart Online program has more advice on how to protect yourself from tax related scams.

"Sendgrid" malicious email

11 June 2020:

Do not be fooled by a new email scam purporting to be from sendgrid.

Some companies use ‘sendgrid.net’ to facilitate sending bulk emails and they also receive emails through ‘sendgrid.net’.
If you receive the following email, which will probably go to all users, it is a Phishing email. The link takes you to a malicious duplicate of your Webmail login page.

Warning on 'spoof' emails

9 April 2020:

There's a number of "spoof" emails entering inboxes at present - these are emails that appear to be sent from someone you know ... but aren't.
They often ask for a payment or giftcards. Some will ask about a document or contract. They usually require a response from the recipient and then the sender will reply with bank details or a malicious attachment or link – it’s the second reply which is the problem, so never reply to the first email!
One way to check if you're unsure if the sender is genuine is to hit FORWARD. This will often reveal the true sender (see the example below).
If you're unsure about an email or if it does fall into this category DELETE immediately.


COVID-19 Superannuation scam

6 April 2020:

The following is an alert from the ACCC's ScamWatch:

Scammers are now trying to exploit Australians financially impacted by the COVID-19 crisis with new superannuation scams being reported to Scamwatch in recent weeks.

Scammers are already trying to take advantage of the Government’s recent announcement that people suffering financial hardship can have partial access to their superannuation from mid-April.

“Scammers are cold-calling people claiming to be from organisations that can help you get early access to your super,” ACCC Deputy Chair Delia Rickard said.

“For most people, outside of their home, superannuation is their greatest asset and you can’t be too careful about protecting it.”

“The Australian Taxation Office is coordinating the early release of super through myGov and there is no need to involve a third party or pay a fee to get access under this scheme.”

“Never follow a hyperlink to reach the myGov website. Instead, you should always type the full name of the website into your browser yourself,” Ms Rickard said.

Since the Government’s announcement in March, there have been 87 reports of these scams, but no reported losses.

In most cases the scammers are seeking to obtain personal information, including information that will help them fraudulently access the victim’s superannuation funds.

“While older people are more commonly affected by superannuation scams, the new early-access scheme means a range of age groups are now experiencing these scams,” Ms Rickard said.

“We also have reports of scammers offering to check if a person’s super account is eligible for various benefits or claiming the new scheme will lock people out of their accounts.”

In 2019, Australians lost over $6 million to superannuation scams with people aged 45–54 losing the most amount of money.

“Never give any information about your superannuation to someone who has contacted you. Don’t let them try to pressure you to make a decision immediately, take your time and consider who you might be dealing with.”

“Be wary of callers who claim to be from a government authority asking about your super.  Hang up and call the organisation directly by doing an independent search for their contact details,” Ms Rickard said.

If you have provided information about your superannuation to a scammer, immediately contact your superannuation institution. If you have provided personal or banking details, you should also contact your financial institution.

You can also contact IDCARE, a free Government-supported service which will work with you to develop a specific response plan to your situation and support you through the process.


Excel attachments latest scam

1 April 2020:

There's a new email scam that includes .xls attachments ... in other words documents from Microsoft Excel.
Anyone receiving one is being urged not to click on the attachment on either a PC of Apple Mac as it will threaten your computer security.
If you don't recognise the sender you're urged to DELETE IMMEDIATELY!!

Attachments pose risk too

27 March 2020:

Don't be sucked in by pleas from people for money or offers of money and work opportunities during the COVID-19 pandemic. Unsolicited emails such as this seek to tap into your financial and personal information and, more often than not, are seeking money for someone who isn't really in need.

Scammers are sending phishing emails targeting an increasing number of Australians that are seeking to work from home, wanting to help with relief efforts or requiring financial assistance if they find themselves out of work.

In this example, the email offers recipients $2,500 in ‘COVID-19 assistance’ payments if they complete an attached application form. Opening the attachment may download malicious software onto your device.

OJ Computers reminds everyone to not click on links and attachments unless you're confident of where they have come from and their authenticity. Our advice is simply to delete them immediately.

Fake Australia Post email

27 March 2020:

A warning has been issued about a COVID-19 phishing email impersonating Australia Post which aims to steal personal information from the recipient.

Under the pretense of providing advice about travelling to countries with confirmed cases of COVID-19, this phishing email aims to trick you into visiting a website that will steal your personal and financial information. 

Once they have your personal information, the scammers can open bank accounts or credit cards in your name, often using these stolen funds to purchase luxury items or transfer the money into untraceable crypto-currencies such as bitcoin.

Warning on COVID-19 video links

27 March 2020:

The Australian Cyber Security Centre (ACSC) is stepping up warnings about fake emails and SMS messages relating to COVID-19 which pose a serious threat to your cyber security and put your personal banking and identification details at risk.

Here's one examples of the text messages being sent with the links leading to malicious websites.
You should also be wary of any videos and links being sent in the form of chain messages via Messenger, even if forwarded by a known friend. These too have been known to go to dangerous sites and put your personal security at risk.

Dangerous coronavirus text

17 March 2020: 

The Australian Cyber Security Centre is warning about a COVID-19 themed scam being distributed via text message.

The text messages appear to come from ‘GOV’ as the sender and they include a link to find out when to ‘get testing in your geographical area’ for COVID-19.

The link is NOT LEGITIMATE and, if clicked on, may install malicious software on your device designed to steal your banking details.

You are advised to delete the message immediately.