When banking online or making investment decisions, always ask yourself: “COULD THIS BE A SCAM?”

What is an Investment Scam?

Investment scams involve promises of high returns, large payouts, quick money, or guaranteed income. We are aware of recent scams involving legitimate looking businesses that offer to help people build their share portfolio quickly.

Investment Scams typically originate through unexpected contact – this could be via phone, email or social media, fake trading identities, fake comparison websites, and paid ads on Google searches. We have also noticed a trend where scammers, while working on one victim, will encourage that person to make referrals to their own social networks. This includes family, friends, acquaintances, and colleagues.

Once contact has been initiated, a scammer may pretend to be a stockbroker, investment adviser or claim to work on behalf of a reputable financial institution. Contact is usually frequent and persistent to create a sense of urgency about the opportunity and to demonstrate a high level of customer service.

Investment scams can be sophisticated, and scammers often sound legitimate and knowledgeable, provide fake prospectuses and investment related documentation to deceive you into believing the opportunity is real.

How to detect an Investment Scam

Be suspicious of anyone:

offering high interest rates that you cannot access yourself through reputable entities
operating from overseas which can make it difficult to verify that they are who they say they are or that their registrations/credentials are legitimate
asking for payment using crypto-currency
that constantly contacts you and pressures you to make a quick decision
that provides you with documentation you cannot verify through independent sources
that provides multiple account numbers and / or account names for you to make deposits
that encourages you to make multiple high-value payments over consecutive days and / or discourages you from using over counter services such as your local branch to conduct payments
that contacts you from an email address that has no apparent connection to the entity that you believe you are dealing with.

If an investment return looks too good to be true, then it most likely is. Be rigorous in your independent research into any company or individual who claims to offer investment opportunities to determine whether they are legitimate – even if you’ve been referred by someone you know. Google searches will often provide results that the scammer has created themselves – from fake websites to fake reviews, to paid advertisements. All in an attempt to make their business appear to be legitimate. So, when conducting due diligence, look for independent reviews and if the person you’re dealing with purports to be from a well-known organisation, check with the organisation before entering into any agreements.

Consult Someone You Trust - before you make an investment decision, or arrange a significant financial transaction, we strongly recommend that you talk to someone you trust or consult a financial advisor or accountant.

Keep a detailed record of all interactions and investment advice you’ve been given – including email addresses, phone numbers, any documentation, payment instructions, and the steps you’ve taken to fulfil those payments.

Missed delivery, call or voicemail (‘Flubot’) scam

The ‘Flubot’ scam is a type of ‘phishing’ scam that was first reported in early August 2021. To date, the ACCC has received over 12,000 reports of the scam from the general public and IMB wants its members to be aware of how this scam works. The scam uses text messages (SMS) to download malware onto your phone. The malware at present particularly affects Android phones, although iPhones are also being targeted.

How does the ‘Flubot’ scam work?

You receive a text message about voicemails, missed calls or, more recently, parcel deliveries from Australia Post, DHL or another reputable organisation. All messages will contain a link and instruct you to click the link or download an app to check a voicemail, track a parcel, schedule a delivery time etc.

IMPORTANT: If you click the link and download the app presented, the phone will be infected with malware.

Once installed, the application is able to read and send text messages, make calls and access contacts which are uploaded to a central server then targeted with similar Flubot scam texts.

The application page that the links send you to can look legitimate. Here is an example:

Further examples of what the SMS messages can look like and what to do if you think you have downloaded the scam are available at https://www.scamwatch.gov.au/news-alerts/missed-call-or-voicemail-flubot-scams.

How can the Flubot scam steal money?

Once the malware has been downloaded it has access to all typed passwords and data, which can ultimately lead to theft.

Plus, the scammers’ strategy and tactics are evolving quickly, so Flubot may change, and these phishing text messages may come from other reputable organisations or your bank, substituting home screens for web pages or apps with convincing fraudulent copies, as in the fake-DHL illustration above. There have been cases of this occurring overseas.

REMEMBER: Once cyber-criminals have your passwords, they can steal from your bank accounts.

CHECKLIST: Avoid the ‘Flubot’ scam

✓ Does the SMS look legitimate?

Voicemail scam Your voicemail is never an external link or app. Do not open the SMS or click the link. Delete it immediately.
Delivery or Tracking scam Do you have a parcel coming? If so, do not open the SMS and instead check via the supplier’s website where you made the order. Do not open the SMS or click the link. Delete it immediately.

✓ NEVER click on links in text messages (SMS)

Simply: do NOT click on links or download buttons.

✓ Remain vigilant with your interactions on your phone and computer

Remote Access Scams

Unlike hacking scenarios, which will usually occur without your direct involvement or prior knowledge, Remote Access Scams (also known as Technical Support Scams) involve a scammer contacting you directly to deceive you into giving them access to your device and personal data over the phone, through email or text or through pop-ups and chat functions on the internet.

The fraudster will try to convince you to give them access to your computer by downloading remote desktop software and providing them with other personal data such as passwords and authentication codes.

Scammers usually pose as someone from a well-known and reputable organisation, such as a bank, a telecommunications provider, a government agency or the police. They often play on their position of trust or may use fear and intimidation tactics to obtain your co-operation.

How to spot a Remote Access Scam?

There are many types of Remote Access Scams, but the methods are similar. Here’s how they work – stay alert to these red flags:

You’ll receive an unexpected call from a person of a reputable organisation saying that they need to help you fix an important computer issue. The scammer will say they’re calling from your bank, the NBN, Telstra, Amazon, eBay, Microsoft, the ATO, Centrelink and even the police. Alternatively, they might contact you through an SMS, email or pop up on a screen in your web browser while you are using the internet.
The scammer pretends that they want to assist you or that they need your help to catch a scammer. A scammer may say:
- Your computer is infected or it has been hacked or compromised in some way;
- You have been overcharged for a service or purchase, and they would like to arrange a refund to your bank account;
- They have mistakenly credited your account with funds that must be repaid immediately.
Scammers will often use technical language and tactics to scare or intimidate you into following their instructions. They may act aggressively and threaten you if you do not assist them.
They’ll tell that you need to download remote access software such as TeamViewer, AnyDesk or Go-To-Meeting. Doing this gives the scammer access to your computer from where they are located.
They’ll ask you to log into emails, internet banking or other payments systems, and will be able to see you doing this, which enables them to access your banking and personal information and ultimately to make transactions from your accounts or to steal your identity.
They will often directly ask you to disclose your personal details and your bank or credit card details, passwords, and authentication codes.

How to avoid becoming a scam victim

Never give a stranger or unsolicited contact remote access to your computer. If you are asked to do this – hang up.
If you think the call is legitimate, confirm the identity of the caller.
- Ask for the person’s name and contact details and advise you will call them back.
- Once you have hung up, validate their contact details by looking up the organisation’s official website and calling the organisation’s advertised number.
- Never call back on details provider by the caller; if they are a scammer, this number will be false.
Never disclose your login details, PINs, or SMS authentication codes to ANYONE. A reputable organisation or financial institution will NEVER ask you for this information.
Never provide information like account details and credit card numbers over the phone unless you have initiated the call and are satisfied that the phone number you are using is a trusted source.
Beware of pop-ups advising you that you need to fix your computer and can do so by calling a particular number.
Regularly update your computer and digital devices with security protections such as anti-virus, anti-spyware software and firewalls from a reputable provider.
Do not open suspicious or unusual texts or click on links or attachments in unsolicited emails.

Scam Call Checklist

Hang up!

✓ Is the caller trying to create urgency about a so-called sum of money owed, a banking issue, a technical problem or a legal problem?

✓ Is the caller trying to get you to download software, to reveal your password or answers to your secret questions?

✓ Are they trying to get you to log into your bank accounts or to move your money?

Remember!

✓ A legitimate organisation will NEVER ask you to download software through an unsolicited call, email, or text.

✓ NEVER share your login details with anyone.

What to do if you think you have been scammed

If you think you have been scammed:

Please contact us as soon as possible on 133 462 and we can help you navigate the next steps. Please tell us as much as information as possible about what happened as this will help us help you.
Delete any programs you have installed, including from the device itself. You will need to get the device professionally cleaned.

We strongly encourage you to report any scam incidents to Scamwatch.

Stay Updated

Stay informed about scams and how to avoid them at: