The federal government needs to do a better job of promoting best practice in cyber security to stem the flow of scams costing Australians millions, experts say.
David Markus, founder of IT services firm Combo, says high-profile data breaches are fuelling scams by providing fraudsters with high-quality personal information which allows them to target vulnerable Australians.
“There are databases leaking into the wrong hands that are making it possible for people to make contact with full knowledge of who you are and where you are,” he tells SmartCompany.
ATO sounds the alarm
Markus’ comments come as the ATO sounds its latest warning about an ongoing phone scam that cost taxpayers $800,000 in November alone.
In one case, an elderly person lost more than $236,000 to the scammers between June and November.
Scam phone calls where fraudsters pretend to be from the ATO were the subject of 37,000 reports in November.
“The ATO does not project our numbers using caller ID. You can be confident if there is a number displayed in your caller ID, it isn’t the ATO,” assistant commissioner Kath Anderson said in a statement.
Tax office scams have been popular with fraudsters in 2018, with a previous phone scam wave duping one taxpayer out of $9,000 in Bitcoin in September.
In that case, a voicemail was received alerting the taxpayer to “unpaid debt” and a need for immediate payment. The voicemail identified the scammer as the ATO and threatened five years jail time.
Are data breaches fuelling scams?
Markus’ says not enough people have made the connection between cyber security, data breaches and the increasing prevalence of damaging scams.
He believes the actual amount lost to the latest ATO phone scam is probably three times as high as reported.
“What’s reported is a fraction of what’s going on because people who have been scammed are typically embarrassed,” he says.
“The government needs to get much more active on recognising, identifying and promoting the scams so that people recognise them sooner.”
Last week the Morrison government announced $10 million in grant funding to help SMEs undertake cyber security health checks.
Markus welcomes that policy but says there are still lots of businesses out there which don’t even know they’ve been hacked, leaving customers unaware their information could be in nefarious hands.
Cyber security expert Andrew Bycroft, chief executive of the international cyber resilience institute, agrees the government could to more.
“It’s a lot easier to get information, with Facebook for example you can start getting information about friends, what people like, security question things,” he tells SmartCompany.
“The government could do more, they have a few sites available, but the information is usually hard to find and is out of date, it’s lacking in readability as well.”
Signs it may not be the ATO:
- Rude or aggressive behaviour and threats;
- Requests for payment via iTunes, prepaid visa cards or cryptocurrency;
- Request of fees in order to provide a refund supposedly owed; and
- Requests for personal information or file downloads.