Managing Online Fraud

There is nothing more heart-breaking than watching your life savings evaporate through fraud. At a time when the fruits of literally years of work, savings and investment can be stolen in seconds, it is critical that all investors be especially vigilant about their financial security.

Online Fraud - a risk you must manage

The proliferation of online banking and investments in recent years has been an extraordinary boon for Australian investors. Remember the days when withdrawing money meant a trip to the bank (during business hours, of course!) and waiting in line to speak to a teller? These days we have the convenience of 24/7 access to our funds from the comfort of our own living room.

On the other hand, these changes have also ushered in a new age of tech-savvy fraudsters. These fraudsters spend considerable time and expertise looking for ‘chinks in the armour’ – ways that they can obtain and profit from investors’ personal information.

Most of these fraudsters don’t want to steal your identity in the traditional sense. They don’t want to get a credit card or a mortgage or a bank account in your name and live their life off of your good credit history. They simply want to take your money and move on to their next prey.

The good news is that there is a lot you can do to protect yourself against these scams. Whilst banks and financial institutions work very hard at protecting your details, your first and best defence continues to be the sound and prudent management of your online banking, payments and investment.

Fraud 1 - Keystroke Logging or Keylogging

A particularly potent form of online fraud is “keystroke logging” or “keylogging”. This involves the surreptitious installation (via a ‘virus’) of a specially designed program that records your keystrokes and reports them to the fraudster.

These programs can be particularly dangerous because they allow the fraudster to capture your user ID and password, account numbers, security questions and answers and anything else you have typed. If you are like most other users and have the same ID and PIN/Password for many different online accounts, you’ve essentially granted the hacker access to any organisation with whom you conduct business.

For these reasons, it is critical that you keep your computer protected against keylogging. In particular, you must:

  • Use a strong (and current) anti-virus software. This software works to block viruses from entering your system and is the single most important step you can take. Importantly, make sure you keep this software up to date - the relatively small amount you spend is worth it for the peace of midn.
  • Keep your operating system up-to-date with the latest security patches: these patches are designed to block-off vulnerabilities in your system and often are generated in reaction to actual frauds and securities breaches.

Fraud 2 - Phishing

Phishing is a scam where Internet hackers request personal information from users online. These requests are most commonly in the form of an email from an organisation with which you may or may not do business. In many cases, the email has been made to look exactly like a legitimate organisation’s email would appear complete with company logos and other convincing information.

The email usually states that the organisation needs you to update your personal information or that your account is about to become inactive. Of course, this is really just an attempt to have you enter your information. If you do, the fraudsters will have just captured all the necessary information to access your accounts online. No reputable organisation will ever email you requesting that you update your personal information, including account numbers, or system passwords via a link to their site.

Follow these guidelines to protect yourself from phishing scams:

  • Never click on a link from an organisation requesting that you provide them with personal information.
  • Scrutinise the URL (internet address) behind the link. Often in phishing attempts, if you hover the cursor over the link the hackers want you to click on, it has nothing to do with the actual company they claim to be.
  • Report any phishing attempts to your financial institution.

If you are unsure that the request is valid, open a new Internet session and manually key in the organisation’s web address.If the organisation genuinely needs information from you, they will have you log in to your online account to see the request. In most cases, you’ll just be greeted with a message indicating that the organisation will never email you requesting personal information.

There is no security system available that will stop fraud if the perpetrator has your login credentials, so it is vital to take the necessary steps to prevent them from getting the information in the first instance!

What else can I do to protect myself from online fraud?

Besides following the tips mentioned in the previous examples, there are other things you should do to safeguard your personal and financial information:

  • Change your passwords often. Even if your financial institution doesn’t require it, it is a good practice to change your passwords at least every six months. An easy way to remember is to change them when you change your clocks to adjust for Daylight Savings Time (or – if there is no Daylight Savings where you live – perhaps at the start and end of the football season!).
  • Don’t use the same ID and PIN/Password for every online account you have.
  • Never disclose your login credentials to other people or organisations.
  • Do not store your ID and Password information where others could gain access to it. It is best not to write the information down at all.
  • If offered by your financial institution, take advantage of tokens, which provide a unique one-time-use password each time you access your account. This is especially important for business accounts with multiple users.
  • Set up an oral password on your bank account where this is offered.
  • Set up SMS and/or email alerts on your bank account which provides balances alerts and notifies you when withdrawals are made from your account.
  • If accessing information via a wireless network, ensure that the network is secure. Accessing sensitive information (or any website) over a non-secure network simply leaves the door open for hackers. Even if you aren’t visiting a site where you enter an ID and password, you are still leaving your computer exposed to possible threats.

It’s true that there is no such thing as a foolproof system. New scams and viruses are being developed every day and fraudsters never sleep! On the other hand, if you keep a healthy vigilance about your personal information, you can do business online with more peace of mind.

For more information about online frauds, check out the Australian Competition and Consumer Commission’s excellent website:

Gain exclusive insight, financial advice, updates & market reports