This isn’t a blame game, but given that Australia is one of the World’s hottest spots for economic crime; with 32.3% of the $61 million stolen so far this year stemming from emails and a further 7.3% from general internet usage, shouldn’t the biggest internet players, like Google and Microsoft, be doing something to help?
Every year in Australia, there are well over 100,000 reported cases of scams or fraud, with the monies being stolen from our fellow Aussies often amounting to more than $50 Million.
In 2015, over $83 million was defrauded from people across the country, through a wide range of mediums including emails, phone calls, dodgy pop-up ads, fake lottery or other monetary winning schemes, romance scams and more – and these statistics are just a piece of a much, much bigger picture.
For each scam or case of fraud that we hear or read about, it is estimated that there are between two and three more cases that weren’t reported, due either to the victims being unaware that they have been scammed, or the fact that they don’t want to get involved in an all-new paper trail to reclaim what might only be a few dollars here and there. Others also avoid reporting their cases if they feel as though what happened to them was personal or embarrassing to an extent – relationship scams are a classic example of this.
So, with that in mind and looking back at that figure of 32.3% of all reported scams being linked to emails, should it not fall onto our email providers to do something about it?
While our email providers have developed some very clever junk filters, ensuring that a lot of potentially scammy emails are never read, there are always a few that tend to leak through. As some victims will be able to tell you, the biggest danger lies in the links in those emails; when people click on them a whole world of trouble can open onto your computer – from opening basic spyware, which installs itself onto your computer and records all of your computer’s activity before sending it off to its creators who then either sell that information or use it themselves. And there’s more:
Malware is software that is specifically designed to damage or otherwise disrupt a computer system and, in the case of emails, it is often coupled with other forms of software that do some vary devious things indeed.
As one might think, this one involves paying a ransom after a victim installs malware that renders their computers virtually useless. The computers in question then show a pop-up explaining that the computer has been infected and a fee is due in order to have the virus removed. In many cases where people have paid the ransoms, sometimes in excess of a thousand dollars, the software is never removed.
As we already saw, Spyware is a form of malware that aims to sit silently in the background, watching and recording every keystroke, mouse-click, program and internet site you visit or use. In other words, Spyware can see when you log on to your internet banking, it can see what information you type in (including passwords) to gain access and then, of course, with that information, the scammers can then access your accounts too and do with them as they please.
These scams are especially common amongst Nigerian and other North-African scamming communities. In most cases, the victim will receive a well thought-out email explaining that they were entered into some kind of prize draw, or, in more advanced cases, scammers will tap into activities that the victims may genuinely have enrolled in, such as shopping at Woolworths, and then offering the victim shopping vouchers or the like. These emails can offer up as little as a few thousand dollars, to several million, depending on the story and the reasons for the email. One that I’ve personally seen quite often is when some Nigerian prince or other high-profile individual explains that they were sent your details by a third party and, having recently planned a trip to Australia, require help in transferring their money overseas. They then ask that they send you the money and, after they arrive, have it sent back to them, for which they offer to pay upwards of 20%. The last one said they’d be looking to transfer $1.2 Million, leaving me with $240,000 after I assisted. The catch is, however, that before they send you the money (which they never will, by the way), they ask that you prove your accounts are working by sending a “small amount” to their bank. They have a huge range of excuses as to why this needs to happen, all of which seem fairly legitimate, but the end game is simply to keep that money you send. Whether it’s just $10 or $100, you’ll never see it again.
These are a little harder to trace as in a great many cases, the romance seems so real, up until you realise that you’ve just poured your life savings into someone’s account; someone that you’ve never met, yet started to develop feelings for… and now their parents are sick, their children are starving; they’ve broken their leg and can’t work; they need help transferring money; they’ve got an upcoming lawsuit and so on. Whatever the issue, if someone you’re interested in online starts asking you for money, even if it’s just a dollar here or there, it almost ALWAYS develops into something a lot more serious, with that dollar becoming ten, then a hundred, then a thousand and then… BROKE.
There are more examples like these, but for the sake of what we’re talking about, let’s turn our attention now to the way that Google, Outlook (Microsoft), Bing, Mail.com and even Telstra, Optus and the others should be handling these attacks.
For starters, instead of simply putting potentially harmful messages in the JUNK or SPAM folder, we should be presented with a SCAM folder, or options to label emails as SCAMS. A dedicated team should then analyse those emails and compile a list of similarities between each, with those similarities being put into an algorithm that actively monitors emails across Australia for related material… With their technological advances, it would be relatively easy for the likes of Google and Microsoft, at least, to determine that you’ve now received an email from a Nigerian IP address, from a sender you’ve never dealt with before and with the email talking about money. This should then be flagged as a SCAM.
Once the email has been flagged, the email platform should allow you to read the email without opening any hidden attachments that might be buried under the words or in the attachments. Once it has been confirmed by the reader to be a scam, that IP address and email address should be blacklisted from ALL Australian servers.
In other cases, you might notice that you were sent an email from “PAYPAL PAYMENTS LTD,” for example, but when you look at the contact’s information, you see that the email address for this Paypal division is actually “firstname.lastname@example.org,” which obviously is not a legitimate email address from such a reputable company. In these cases, Google and Microsoft’s systems should be able to recognise that the Name of the account has a major company name listed, with a free or web-based email address attached and should then, therefore, put that email into the SCAM folder we talked about earlier.
So many successful scam email campaigns are so due to people not reading the real email addresses behind the account names. A recent client of ours told us of her boss receiving an email from a client, explaining a change in bank account information, yet on closer inspection, the account’s name was very different from the email address… an email address that was in no way related to the company that they were supposedly dealing with. Luckily for them, they spotted the fake email and, after confirming with the company in question, binned it as a scam.
Perhaps if we all push together, we can have these internet giants do more to protect our online interests because, as we know, Australian’s have shown, time and time again, that we are not overly capable of protecting ourselves online.
I know that sounds bad, but every week, as I look over the statistics, I have to slap my own forehead after reading that, yet again, our fellow Aussies have lost several million dollars to what should ultimately be an easily-avoidable scam.
What do you think?
Is it our responsibility to stay informed and keep ourselves protected, or does the responsibility fall on those providing us with the email services in the first place?