In the 25 years that Helen Cahill has run books for her small business near Melbourne Airport, she has never had a problem with online banking.
- Helen Cahill accidentally entered a fake Bendigo Bank website and had $30,000 stolen
- Since January, more than 35,000 attempts have been made to collect personal information from Australians
- Fraud victims are encouraged not to be ashamed and to report it quickly
Sitting at her desk on a particularly busy afternoon on May 26, she found it odd that signing in was taking so long.
He Googled “Bendigo Bank” and clicked on the first link that came up, which was a Google ad for the bank.
He then entered his access data including a two-factor authentication PIN.
Ms. Cahill soon learned that instead of clicking on Bendigo Bank’s website, she had clicked on a malicious ad and that a fraudster had gained access to her account.
“It took me maybe two minutes to log into the actual Bendigo bank … and find that $30,000 had been withdrawn from my account,” Ms. Cahill told 7:30 a.m.
“I felt really hurt… I was like, ‘How can this be?’ I really feel like I’m a very careful, cautious person when I’m banking.”
Fake Bendigo Bank link clicked by Helen Cahill. (Reference: Ignite Systems)
Ms Cahill immediately called the bank to report the incident and also spoke to the IT company called Ignite Systems, which looks after her company’s computers.
They were able to trace back the steps taken by Ms. Cahill and found that the website contained a fake URL, easy to miss in a hurry, which pointed to “bendigohunk” instead of “bendigobank”.
“It looked like a replica of the real Bendigo Bank website,” Ms. Cahill said.
“My takeaway message would be: This can happen to anyone.”
After days of non-stop calls and inquiries from Ms. Cahill, Bendigo Bank was able to return the money within a week.
However, she remains concerned that the bank promoted a malicious website on Google without warning customers of its existence.
“At first I was very angry and then I got very angry that a real Google ad could be linked to a fake online banking site.
“I don’t understand how…the bank didn’t know about this. I think something needs to happen at Google for them to be able to show these ads.”
The URL of the Bendigo Bank fake website contained the word “Bendigohunk”. (Reference: Ignite Systems)
Bendigo Bank said in a statement that after discovering the ad, “the financial crime team alerted the platform owner and removed the fraudulent ad.”
Cybersecurity expert Dave Lacey pointed out that the 7.30 Google Ads scam was particularly sophisticated.
“They use third parties, called advertising partners, who have the ability to virtually manipulate or alter ads after going through a review process,” Lacey said.
Google did not explain how the scam ad appeared on its search engine.
The tech giant said just last year it had blocked or removed nearly 60 million ads worldwide for violating financial services guidelines and said it was constantly developing new tools to protect its users from scammers. was.
Scams are on the rise
Since January, more than 35,000 attempts to obtain personal information from Australians have been reported.
The Australian CyberSecurity Center reported that cybercrime is expected to cost the economy an estimated $33 billion in 2021.
National identity and cyber support service IDCare has never been so busy, according to its chief executive, Mr. Lacy.
“I don’t think there’s a lot of crime that you could say breaks into a family home on an almost daily basis,” he said.
Dave Lacey says scammers know how to deceive. (ABC News: Chris Gillette)
,[Scammers’] The whole business is about deception and they are well trained and experienced at it.”
A popular method used by scammers is “phishing,” which uses things like emails that impersonate a bank or telecom company to encourage people to give out their personal information.
“Smishing” is a similar method that involves text messaging.
“So smishing is done via SMS and phishing is usually done via email or phone,” said Mr. Lacy.
“What’s yours is ours”
Police seized promotional materials during a cybercrime operation. (ABC News)
One of the leaders of a group involved in a prolific scam operation has been jailed after scamming dozens of Australians in May when most of the population was under COVID-19 lockdown in 2020.
Court documents show the group created a fake identity on a website called “1-Stop-Rort-Shop” and boasted online about software capable of bypassing SMS spam filters.
Self-promotional videos of their adventures confiscated by police as part of the operation contained dangerous music with special logos and cash.
“In this particular case, we would say the perpetrators were skilled enough,” Cyber Command Deputy Commissioner Chris Goldschmidt said at 7:30 p.m
“We estimate they’ve sent more than 20 million text messages…that’s a significant number of people who could potentially have their information and access to their bank accounts stolen.”
Chris Goldschmidt says victims of scams should report them quickly. (ABC News: Greg Nelson)
The motto of “Rort Corp” was “What is yours is also ours”.
Police found the men had a staggering amount of personal information, including secret people’s questions and answers online.
In one instance, a group member boasted about sending “13 sets” of personal and financial information, specifically bank account user numbers, account passwords, full names, credit cards, expiration dates, and CCV numbers.
Syndicate had dozens of Medicare card identities and templates.
“It’s difficult for law enforcement and government agencies to use traditional means of deterrence and interference,” Lacey said.
“Of course, if the arrest happens, we’ll go and enjoy it.”
The newly elected Labor government has promised to crack down on cybercrime, including introducing new industry codes for banks and telecoms.
Experts place the emphasis on preventing crime in the first place and taking immediate action if someone’s accounts are tampered with.
“If you think you’ve been the victim of a scam, don’t be shy. Contact your bank,” Acting Deputy Commissioner Goldschmidt said.
“The sooner you report it, the more likely you are to get… the money back.”
Watch this story tonight at 7:30 p.m. on ABC TV and ABC Eyeview.