The remarkably simple way hackers can access your phone
At a secret location in Sydney, experts have revealed the terrifyingly simple way Australians are being fleeced more than any other country by scams.
After a number of high-profile cyber attacks in recent years, the chances are strong that your phone number is somewhere on the dark web.
Scammers are able to create systems where they sell your details over and over again, and while it might not happen immediately after a scam, once they have a number that matches the ID of a loved one or friend of yours, they are able to spoof a call.
After all, who bothers to change their phone number?
Australia is currently the biggest national victim of scams in the world, with Australians losing $100 per head compared with $45 per head in the United States. In the United Kingdom, victims of scammers are losing around $34 per person.
To demonstrate this, I was invited to go inside TPG’s hi-tech cybersecurity lab to see just how easy it was to fake a conversation between myself and my partner.
Deep fakes: Scammers are taking it to the next level
If getting a phone call from a loved one wasn’t easy enough to fake, thanks to AI, scammers are now able to create convincing deep fakes of the person.
During a hacking session, the experts showed how scammers can clone a person’s face to create an even more compelling story.
Currently scammers who use AI require existing video to recreate a person’s face in real time to enact a scam, but experts warn that, as technology improves, AI could be used to make fake videos from scratch.
Scammers are using this technology to make fake kidnapping calls, trick people into handing over passwords, and even steal money.
Just how good are these scammers?
TPG general manager of technology security Lee Barney said scammers can threaten customers, businesses, and even telcos themselves.
When it comes to individuals, the experts warn it is pretty easy to hack a phone with only limited data.
The scarier part is when it comes to the telecommunications sector.
“As a telco we come under threat from nation states, which have significant resources at their disposal,” Mr Barney said.
Without naming names, he said “there is a nation state that has 50 to 1 capability to that of the US in terms of their offensive capabilities and they have between 60,000 to 100,000 people dedicated to offensive security.”
“They target infrastructure like ours and they are looking to elicit, sabotage … and opportunities to infiltrate (the infrastructure) so they can get access to where people are, their location,” Mr Barney explained.
Gone in seconds
Mr Barney said he has witnessed money going missing in just a few seconds as scammers foster a sense of panic.
“People fall for phishing scams within 10 seconds of arriving in the mailbox. I have seen people fall for a phisher within a second,” he said.
“If I was to give advice to anyone, slow down, question everything, if you’re doing anything electronic, fully engage with it.”
Australian Federal Police cybercrime investigations team leader Kris Wilson said while it depends on the scam, once the victim has sent the money to a scammer, it can be incredibly hard to get the money back.
Using the example of an investing scam, Mr Wilson said these scams are usually a two-step process.
“There will be an initial lure. Once a person’s identification has been collated and is on sale, they will typically have a conversation with someone advertising a fake investment scheme to lure them in,” he said.
“These sales pitches are pre-planned and predetermined with a script similar to what an actor would see. It is professional level and designed to make the victim say yes.”
Mr Wilson said the victim will initially be lured in by a smaller investment, with a professionally designed investment website used to show the victim has made strong financial gains.
“The website will show false gains and they will be called again, for a new investment. But this time the person thinks they are doing well and then it will be a big hit and the money is gone within a matter of minutes,” he said.
How the experts think you can stay safe
While cyber security is ever evolving, the experts say there are a few things Aussies can do to avoid falling victim to a scam.
According to TPG, the key is to break the cycle. If a scammer contacts you on WhatsApp for example, try calling back on the phone or via Messenger. Breaking the loop can help reveal a hoax call.
TPG telecom customer security investigations manager Amelia Limbrick shared a few additional tips to stop scammers.
“There are so many different types of scams and there is a risk people get used to what scams used to be, but they are ever evolving,” she said.
Ms Limbrick said there are small things Aussies can do to protect themselves, including creating multi-factor authentication.
“What is really important, someone might have all your information, but if they ask you for the code, it is important you do not give it over the phone,” she said.
“You can end the call, find the legitimate number on a website and make that call yourself. These days companies aren’t going to force you to give away that information.”
Ms Limbrick said that if you receive a message from someone claiming to be a loved one asking for money or financial help, you should stop, slow down and think before responding. Call them directly, or set up a predetermined safe word that can verify friends or loved ones.
Regardless of who the message appears to have come from, if you receive an unsolicited call or SMS, never click on a link asking for personal or payment information.
If you receive an SMS asking you to call a number back, stop, find the company’s number on a trusted website and call that back instead.
‘Smashed it’: JB Hi-Fi’s $5.7bn boom
Figures from one of Australia’s major retailers show shoppers have found room in their budgets despite cost-of-living pressures.
Incredible call on looming rate cut
The money markets are rapidly backing the idea that the Reserve Bank will cut interest rates when they meet in a weeks’ time.