We know that scam calls (aka vishing) and scam SMSs (aka smishing) are out of control, and for most unaware Australians, they continue to cause pain and suffering. According to the Australian Competition and Consumer Commission (ACCC) Australians reported at least $3.1 billion in scam losses in 2022, an 80% increase from 2021. What that says to me is that something is missing.
More of us know about these types of phishing scams just by the increase of those who have fallen victim to them. There are daily headlines of scam alerts across traditional and non-traditional media. The reported amount of scam calls and SMSs is nearly unbelievable, with the Australian Communications and Media Authority (ACMA) releasing the ‘Action of scams, spam and telemarketing: April to June 2023’ report this week.
From April to June 2023, the ACMA reported that “Telcos blocked over 256 million scam calls and over 85 million scam SMS in the quarter, bringing the totals to over 1.4 billion scam calls and 257 million scam SMS blocked” in the past year. It is worth noting that these numbers are a 33% increase in the reported calls in the three months before this.
Let’s ponder the numbers and do some math.
Scam Call breakdown (vishing)
256,000,000 calls over 91 days, 2,813,186 calls per day, and if we break that down between 8 a.m. and 8 p.m., that is 234,432 calls per hour and 3,907 calls per minute.
SMS breakdown (smishing)
85,000,000 SMSs over 91 days, 934,065 SMSs per day, and if we break that down between 8 a.m. and 8 p.m., that is 7,838 SMSs per hour and 1,297 SMSs per minute.
And these are only the calls and SMSs being blocked.
What about the calls and SMSs not being blocked?
If you are anything like me, I receive an average of three scam calls and five scam SMSs in a week (possibly more calls because I ignore the majority of ‘No Caller IDs’ or unknown numbers.)
As a cybersecurity professional, I spend a lot of time reading headlines, reports, government initiatives and facts about cybersecurity. The focus is consistently on stopping cybercriminals from accessing individuals and organisations with an equal measure of focus on supporting those who become victims of cybercriminals. Let me be clear – there is nothing wrong with that. There is, however, a glaring gap between these two elements. Have you worked it out? It is the people, humans, end users who are reading this right now.
Do not believe me? Consider the number of scam calls and SMSs that are blocked, and now consider the number of scam calls and SMSs that are getting through. According to ScamWatch, 63,821 scam calls with losses of $141 million and 79,835 scam SMSs with losses of $28 million were reported in 2022.
Now, humor me and consider how many Australians do not report their losses to scam calls and SMSs. Non-reported scam numbers and losses could easily be doubled or tripled as people are embarrassed or scared to report their experiences.
I am confident that those 63,821 Australians wished they had known more about spotting a scam call (vishing) as much as the 79,835 scam SMSs (smishing) victims would have wanted to know more about avoiding these scams.
How to avoid scam calls (vishing)
The simple version
For every single incoming call requesting information about you or telling you that you are in trouble for something, do not respond other than politely asking for their name and reference number.
If the call is legitimate, they will not have an issue with it. Seek out the official phone number of the organisation and call them.
On the other hand, if it is a scam, they will get defensive and pushy with you, so just hang up.
The not-so-simple version
- If the recorded message or person on the call says they need to confirm some details with you, such as name, address, phone number, email, Medicare number, Tax File Number, Driver’s License, Passport number, bank details, credit card details, superannuation details – ANYTHING ABOUT YOU, STOP and politely ask for their name and reference number.
OR
If the recorded message or person on the call informs you that you are in trouble with a fine, you have avoided paying tax, you owe money, there is a warrant out for your arrest, your credit card has been reported for illegal purchases, you have been reported for money laundering or a multitude of other situations that result in you feeling fear – STOP and politely ask for their name and reference number. - If they give you this information, do not use the phone number they give you; instead, seek out the official phone number of the organisation and call them with the reference number. If it is not a scam, they will not have a problem with this at all.
- Conversely, they will get defensive and pushy with you if it is a scam or insist that you call on a phone number they give you, so just hang up. I can promise they will be rude, full of accusations and sometimes scary if you challenge them, so be ready and hang up – do not engage.
How to avoid scam SMSs (smishing)
The simple version
Do not click on any links in SMSs. Full Stop. Do not click.
If you think the SMS might be real, find another way to interact with the sender. For example, if it is from the ATO or Australia Post, go to their official app or website and contact them there.
The not-so-simple version
See the simple version, plus the following.
The complexity and sophistication of technology these days have meant that cybercriminals can program fake SMSs to appear under other legitimate SMSs. For example, Australia Post has been made aware of fraudulent text messages circulating as an update to parcel delivery and prompting customers to click on a link to “update your information”.
These scam messages are sent using the ‘AusPost’ sender ID and, due to the way smartphones group these communications, the scam text would appear together with the legitimate thread of Australia Post messages.
If you are a digital citizen, accept that you are responsible for keeping up to date with current threats and scams just as you are responsible for being a safe driver. You have the essential tips to help you avoid vishing, smishing and phishing. Perhaps you can share them on social media with your online world. The more people know, the harder it is for the scammers. Additionally, continual security awareness training can give your organizations an essential layer of defense by teaching employees how to recognize social engineering tactics.
Stay safe out there!
Here's how it works:
