How cyber criminals are getting smarter at stealing money

'Anyone with a laptop': How cyber criminals are getting smarter at stealing money

** Taken from **
When Sydney mother Anna Smith received a text from her bank advising the mobile number on her savings account had been changed, her heart sank. She immediately tried to phone her bank. As she waited on hold, she tried to log into her account online but her password had been changed too. "For three weeks, I cried every day because I don't know what they did, did they do something with my ID? You don't know," Ms Smith told 9News.

That sickening feeling that someone had hacked her account is becoming increasingly common as cybercriminals become more savvy and take advantage of the fact that we're all spending more time online. And with all of us handing over more information than ever before as we check into venues, pay for goods online and accept deliveries, securing personal data has never been more critical. The hacker spent $25 at a Sydney cinema a week earlier on Ms Smith's account. When that went undetected, the hacker then spent $980 at a Sydney hotel.

Hi, was this letter supposed to go to me? It all seems quite a wee bit official like. I have never been beneficiaried before. Just want to make sure I am who I am before I get too excited.

Ms Smith was filled with anxiety. She felt violated. It took a month to get her money back and during that time, she had no access to her closed account. Benjamin Sullivan, technical director of cyber security at NEXTGEN, said hacking someone's account can be relatively easy.

The criminal finds details of their victim online or in any social media platform they use. They call the person's mobile provider and say that they want to change their back up number. When asked, they reply that they can't remember their password. The operator assists using prompts such as kids' names or birthdays – information the criminal has collected from social media.

Once the password is changed, the criminal moves to the bank account and changes its access details too. They then start spending small amounts to test it out. If that goes undetected, they start spending larger sums.

Mr Sullivan, a former Australian Army special forces officer, said it can take 12 months to know the full extent of the damage after being hacked. "Your typical hacker doesn't look like the dark room, the hoodie, the sunglasses, it's not about the LED keyboards," he told 9News.

"It's anyone with a laptop, anyone with YouTube and a willingness to learn." Hacking has become big business. The latest data from the Australian Cyber Security Centre shows self-reported losses from cybercrime totalled more than $33 billion in the last financial year.

The Centre received 67,500 reports of cyber attacks in 2020-21 – the equivalent of a cyber attack every eight minutes. Fraud, online shopping Scams and online banking Scams were the top reported cyber crime types.

The Australian Banking Association has a campaign running until the end of the month warning customers about online security. Scamwatch received 84,000 reports of Scams last financial year, up 145 per cent on the previous year.

Australian banks will spend an eye-watering $19 billion on their IT systems this year but a growing numbers of Australians – especially those working from home are falling victim.

Tips to improve your cybersecurity

Report any crime to The Australian Cyber Security Centre (ACSC). Although it's after the fact, it could be the missing piece of information needed to stop the person from hacking someone else.
Do pre-hab. This is how you avoid doing rehabilitation. Go to the app store and download antivirus software on your phone (Apple AND Android). Select a known brand name.
Reassess your passwords and make sure you're not using the same one across all of your log-ins. Download a password management tool that generates a one-time password that logs in for you.
Look at what accounts are associated with your email address. You should sign up a fake email that you then use to provide for any sign-ups so if one of the companies is hacked, it doesn't have your personal email address.
Take note of things that are happening that are out of the ordinary. If you get, for example, a text message from Australia Post, saying click here to track your delivery and you don't have anything coming, this is a red flag. Currently with COVID, hackers are praying on people using this method. If you click on the link, go immediately to ACSC, report it and run your antivirus phone software.
If an email comes from a service you don't use, or haven't used recently, check the sender's address against the company's website. If they don't match exactly (watch for tiny changes), delete it and remove it from trash. Do not open it. Also delete an email if it looks as though it has been made from copy and paste material or contains a spelling mistake.
Don't chat to cold callers. Never tell anyone you don't know anything at all about yourself.