Cybersecurity expert Garrett O’Hara said these Big Four bank scams are becoming ‘increasingly realistic’. (Source: Mimecast/AAP)
Tens of thousands of scam emails have been sent out to Australian businesses that look “increasingly realistic”. Scammers have been impersonating the Big Four banks to dupe unsuspecting victims into giving away hundreds of their hard-earned dollars.
Businesses in the education, legal and insurance sectors have been particularly targeted by the callback scam, according to global human risk management platform Mimecast. The platform’s senior director of solutions engineering, Garrett O’Hara, told Yahoo Finance businesses need to be extremely careful if they get emails like this.
“Scammers will use a trusted brand that people know and love,” he said. “They’re relying on your psychology being wired to see something you trust, as it shortcuts your ability to make good decisions in that moment.”
Millions of Aussies are now familiar with the threat of clicking on a link from a suspicious-looking email, known as phishing attacks.
But scammers are also using phone numbers to con victims.
The scam emails mimic legitimate bank account statements that claim to show unauthorised transactions of around $1,500.
They’ll also contain transaction details of fake merchants, with realistic-sounding names, locations and reference codes.
Scammers are able to produce these fraudulent statements en masse and send them out to businesses all across the country. (Source: Mimecast)
“When you think about small businesses, their operating margins are so thin sometimes,” O’Hara said.
“That $1,500 is a big deal. That’s a panic stations moment. And that’s potentially what the scammers are relying on.”
The messages encourage recipients to call a particular number to rectify the issue, and scammers will answer and impersonate representatives from the likes of Commonwealth Bank, Westpac, NAB, and ANZ.
They’ll try extract peoples’ personal financial details or convince them to make fraudulent transfers.
Do you have a story? Email stew.perrie@yahooinc.com
O’Hara said phone calls can be particularly effective in scams because they’re “very dynamic” and operators know how to apply pressure and create a sense of urgency over the phone.
“That’s what worries me. My mind goes straight to older people in our society and just how awful it would be for them to think they’re talking to somebody legitimate who is trained in how to extract personal details,” he said.
“When you combine the starting point of an email, and then flip them over to a phone call… it’s frightening.”
O’Hara said callback scams aren’t relatively new, and they used to revolve around fake subscription notifications from services like PayPal.
But he revealed the pivot to impersonating the biggest banks in Australia represented a “significant shift” in the way scammers were operating.
The cybersecurity expert added that scammers are also able to use new technology to whip up these fraudulent emails en masse.
“What you’re now seeing is attackers are using AI in a way that they couldn’t before so they can scale and they get the realism of the attacks,” he told Yahoo Finance.
“Before, you’d have somebody sitting down and manually creating this stuff and it was probably a heavy lift on the attacker side. So much of it is now automated that their profitability just goes through the roof.”
Mimecast said there were more than 70,000 attempts to extract money out of Aussie businesses in callback scams in July alone.
But O’Hara said the scale of this threat is likely much higher and scammers could soon move from targeting businesses to everyday Aussies.
Mimecast said callback scam emails usually involve the following subject lines:
“Alert Completed Details Enclosed”
“Financial Summary Sent Recently”
“Invoice Completed Recently”
“Your Recent Payment: Summary Notification”
The platform added that some of the most common phone numbers used are 03 8256 7521, 02 5621 1059, and 1800 458 259.
O’Hara said the Big Four banks and other legitimate financial institutions will not request urgent callbacks via email.
He added that if Australians suspect something fishy when receiving an email like this, it’s better to call their bank through legitimate and trusted channels like through their app, website or a phone number that they’ve used before successfully.
Get the latest Yahoo Finance news – follow us on Facebook, LinkedIn and Instagram.