7 June 2012

A range of phone-based scams have been documented in recent months. This message will help you understand the nature of common phone scams, and how you can avoid them.

About scams

Scams all rely on a method of trickery, regardless of where they take place. They each need to convince you to take some form of action against your better judgement.

Usually, online scams attempt to get you to grant access to your computer, install a piece of software or provide personal or banking details. With Internet connected phones now ubiquitous, scams can reach right into our pockets.

The methods scammers use continue to evolve. There are still plenty that have a go using basic approaches we've all probably heard of; "Guess what, you've won a million dollars, we just need you to send us your bank details to pay it", but there are also newer and far more subtle efforts that take advantage of our behavioural tendencies and knowledge.

Phone scams are not new, but it's important to understand how they can defraud you, and the techniques to watch out for.

Recent examples

Have you received an SMS congratulating you for winning a prize - perhaps something from Apple?

Have you received a phone call from Microsoft who has detected malware on your computer?

Neither of these are practices undertaken by these vendors. These are scams.

SMS Phishing

In the first example, an unsolicited SMS message was received congratulating the recipient for winning a competition.

"Congratulations, Your entry into our competition
last month made you a WINNER! Go to [illegitimate link] to claim your prize!
You have 24 hours to claim."

Sample hoax text message including illegitimate link to claim prize

Image Credit: http://nakedsecurity.sophos.com/2012/05/08/spam-scams-sms/

The illegitimate link includes www.apple.com, so you might be forgiven for dropping your guard, but this is a scam because:

  • It is an unsolicited SMS
  • Reputable companies do not interact with customers in this way
  • The link is not a legitimate Apple URL

Following the link may take you to a range of possible sites. They might request your mobile number or personal details and result in you unwittingly subscribing to a premium rate phone service. This can prove extremely expensive.

Phone Call Centre Scam

In the second example, an operator claiming to be calling on behalf of Microsoft states that Microsoft has detected malware or viruses infecting your computer. In many cases the caller claims your computer is sending error messages.

In this scenario, the victim is guided through a number of technical and probably confusing steps, allegedly intended to identify, confirm and remove the malware.

The steps commonly include granting the caller remote control access to your computer so they can assist you in identifying and removing the software.

The caller may also suggest installing some software, or recommend purchasing a warranty, or antivirus software to solve the problem. They might attempt to charge you over the phone by credit card, or direct you to a website to enter your details.

This is a scam because:

  • The call was unsolicited
  • The claimed service provided, "error's detected' is unsolicited
  • Remote control access was requested (untrusted caller)
  • Software installed on computer (untrusted, likely to be malware)
  • Personal or credit card details requested (untrusted caller)
  • Reputable companies do not interact with customers in this way

Credit: http://www.troyhunt.com/2011/10/anatomy-of-virus-call-centre-scam.html

Avoiding scams

The good news is that you can avoid scams if you stay smart online. In any example, including those cited here, there are usually primary clues that suggest a scam. In most cases there will be enough to arouse suspicion, which warrants checking things out.

Firstly, phone scams are usually unsolicited. As soon as you are dealing with something or someone you weren't expecting - be suspicious.

Secondly, a reputable company will be unlikely to operate in these ways. A reputable company will take care to protect your information and their reputation. If you have given personal or financial information to a reputable company, you'll be unlikely to need to give it to them again (especially over the phone). You'll also have been provided with the terms in which they'll use and request your information - and you can check this. A reputable company can be called back, checked out, confirmed and cross checked.

Don't be afraid to state your suspicions and cross-check the scenario you've encountered before you act.

Visit http://www.staysmartonline.gov.au to learn more.


Thank you to those subscribers who have provided feedback to our Alerts, Advisories and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Broadband, Communications and the Digital Economy.

The information included in this advisory is intended for use by private individuals and small to medium sized businesses. It is general information only and not intended as specific advice. It was accurate and up to date at the time of publishing.

As the material and information included in this advisory is general in nature and not adapted to any particular person's circumstances, it cannot be relied on to address specific cases. If you are concerned about a specific cybersecurity issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for:

  1. information included or referred to in the advisory; any damage,
  2. loss or expense incurred as a result of the information included or referred to in the advisory, whether by way of negligence or otherwise.

Nothing in this advisory (including the listing of a person or organisation) should be taken as an endorsement of a particular product or service. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service.

Please note that third party views or recommendations included in this advisory do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. Material on this site or in this advisory may also include information provided by third parties. The Commonwealth cannot verify the accuracy of any third party information included in the advisory or on the site.


Email: staysmartonline [at] dbcde.gov.au
You are receiving this message at the address webrequests [at] communications.gov.au.
Click here to update your profile preferences.
If you no longer wish to receive the SSO newsletter, you can unsubscribe.

© 2012 Australian Government. All rights reserved

Connect with Stay Smart Online