Big change coming to parcel deliveries to combat scammers
A common practice is set to become a thing of the past in an attempt to ward off scammers, the boss of Couriers Please predicts.
E-commerce companies are set to phase out text messages alerting people of when their parcels are likely to be delivered this year in an attempt to close a common entry point for cyber criminals.
That’s the top prediction from Richard Thame, chief executive of Singapore Post-owned Couriers Please, who said more companies are set to switch to Amazon-style app notifications.
“It’s very rare for consumers in advanced overseas economies to get a tracking link via SMS,” Mr Thame said.
“Clickable links on mobile devices will die off over the next year. Its life has probably been prolonged here in Australia. And I think there’s a whole new generation of consumers who are using social platforms, so I think the next stage is that more seamless integration with the various other social platforms as well.”
SMiShing, a variant of phishing, is a common tactic cyber criminals use, involving sending simple text messages with an urgent ‘call to action’ such as asking someone where they would like their parcel delivered or to unlock and verify an account.
Once a fraudulent link is clicked from an unsuspecting person, hackers can gain access to personal information, and even access to mobile phones, banking apps and email inboxes, potentially fleecing people of their life savings.
CBA warns that once a person clicks on a link, they are often asked to enter personal information, including card numbers and banking passwords. “Malware could also be installed on your device or you might receive a call where scammers attempt to convince you to share personal or banking details with them,” CBA says.
In the first 10 months of last year, Australians reported more than 11,000 parcel delivery scams to Scamwatch, with more than $720,000 lost. It is understood many more scams are left unreported out of embarrassment.
People are at greatest risk of falling victim to the scams during the peak delivery Christmas period, when people are in a rush to get presents under the tree and might not scrutinise SMS alerts as closely as they normally would.
Scammers are getting more sophisticated at impersonating legitimate companies such as Australia Post and other delivery providers, making it harder for customers to tell what is genuine and what is not.
And it’s not just consumers that are being targeted. Australia’s corporate leaders say a cyber attack now represents the single biggest external threat to the running of their businesses and is the top issue that keeps them awake at night, according to The Australian’s 2024 CEO Survey.
No matter how prepared they think their business is, the chief executives believe the risk of a crippling attack is real and have highlighted how little control they have as it can unknowingly come from anyone they do business with.
In the past two weeks, cyber criminals have targeted one of Australia’s biggest private hospital operators St Vincent’s Health Australia, the country’s largest car dealership Eagers Automotive, probiotic drink maker Yakult Australia, and Victoria’s court system.
The attacks came a month after an Australian Securities and Investments Commission report revealed “deficiencies in cyber risk management” across most companies.
Almost two-thirds of Australian companies have limited or no capability to protect confidential information, according to an ASIC ‘pulse’ survey based on almost 700 voluntary participants. This “significant gap” is costing Australians $42bn a year, based on the latest data from the Australian Cyber Security Centre.
Eagers - which generates annual revenue of $8.5bn and a brand portfolio which includes BMW, Jaguar, Land Rover, Nissan, MG, Skoda and Volvo - said a third party accessed data from the company’s servers in the cyber incident which disrupted parts of its operations across Australia and New Zealand.
“Based on investigations to-date, the company is in the process of notifying a small number of individuals identified who may face serious risk of data misuse,” Eagers said on Tuesday.
“The company is committed to providing these affected individuals with the support and assistance they need as the company works to respond to this incident.”
Eagers has not revealed what data was stolen and exactly how many people were affected. Given cars are often the second highest value purchase after a home, customer data falling into cyber criminals’ hands represents a significant threat.
A common type of scam that has hit car dealers and their customers is fake invoicing. After a cyber criminal gains access to sensitive personal information, including email addresses, car order history or buying intentions, criminals send invoices to customers that look nearly identical to a car dealer’s, except for different bank account details, leading to customers being potentially fleeced of tens of thousands of dollars.
Real estate agents have been hit with similar scams. Car dealers advise customers to verify bank account details whenever a payment is requested in writing via email to mitigate the risk of such attacks.
The Australian Competition and Consumer Commission offers similar advice, particularly in regard to SMS parcel delivery scams.
“Our advice to consumers is to never click on links in text messages or emails, even if you’re expecting a delivery,” ACCC deputy chair Catriona Lowe said.
“Instead, consumers should independently check the status of their delivery by going to the Australia Post app or website or the courier service they’re expecting the delivery from.”
To join the conversation, please log in. Don't have an account? Register
Join the conversation, you are commenting as Logout