Fake apps pretending to be trusted brands

Please take a few minutes to check out a new app before you download it.

There have been recent media reports of fake apps appearing in the Google Play store earlier this year.

The reported fake apps impersonated trusted bank brands. However, scammers will frequently set up fake apps across a range of well-known goods and services to collect large amounts of bank account, credit card or log-in details.

Does it affect me?

If you use or purchase mobile apps from app stores, you should be on the lookout for apps that impersonate trusted brands.

While Apple’s App Store or Google Play for Android are recommended official stores to install apps, fake, impersonating or malicious apps can still make their way onto any app store.

How do I stay safe?

Before downloading a new app, take a few minutes to do your online research:

• What do reviews from others say about the name of the app or its developer?
• If you are not sure if an app is legitimate, first check the official website and contact details of the business the app claims to be from.
• If it looks like a fake app, let the legitimate business know.

You should also:
• Use your device’s automatic update feature to install new applications and operating system updates as soon as they are available.
• Read the fine print about how an app will protect your personal data—some apps collect information such as your location, contacts, and other sensitive details like credentials. At the end of the day, if you are not comfortable with how your data is protected, don’t use the app!

Australians are losing more money to NBN scams, with reported losses in 2019 already higher than the total of last year’s losses.

Consumers lost an average of more than $110,000 each month between January and May this year, compared with around $38,500 in monthly average losses throughout 2018 – an increase of nearly 300 per cent.

“People aged over 65 are particularly vulnerable, making the most reports and losing more than $330,000 this year. That’s more than 60 per cent of the current losses,” ACCC Acting Chair Delia Rickard said.

“Scammers are increasingly using trusted brands like ‘NBN’ to trick unsuspecting consumers into parting with their money or personal information.”

Common types of NBN scams include:

  • Someone pretending to be from NBN Co or an internet provider calls a victim and claims there is a problem with their phone or internet connection, which requires remote access to fix. The scammer can then install malware or steal valuable personal information, including banking details.
  • Scammers pretending to be the NBN attempting to sell NBN services, often at a discount, or equipment to you over the phone.
  • Scammers may also call or visit people at their homes to sign them up to the NBN, get them a better deal or test the speed of their connection. They may ask people to provide personal details such as their name, address, date of birth, and Medicare number or ask for payment through gift cards.
  • Scammers calling you during a blackout offering you the ability to stay connected during a blackout for an extra fee.

It is important to remember NBN Co is a wholesale-only company and does not sell services directly to consumers.

“We will never make unsolicited calls or door knock to sell broadband services to the public. People need to contact their preferred phone and internet service provider to make the switch,” NBN Co Chief Security Officer Darren Kane said.

“We will never request remote access to a resident’s computer and we will never make unsolicited requests for payment or financial information.”

“If someone claiming to work ‘for the NBN’ tries to sell you an internet or phone service and you are unsure, ask for their details, hang up, and call your service provider to check if they’re legitimate. Do a Google search or check the phone book to get your service provider’s number, don’t use contact details provided by the sales person,” Ms Rickard said.

“Never give an unsolicited caller remote access to your computer, and never give out your personal, credit card or online account details to anyone you don’t know – in person or over the phone – unless you made the contact.”

“It’s also important to know that NBN does not make automated calls to tell you that you will be disconnected. If you get a call like this just hang up.”

“If you think a scammer has gained access to your personal information, such as bank account details, contact your financial institution immediately.”

Scams reported to the ACCC involving identity theft or the loss of personal/banking information have cost Australians at least $16 million this year, and this figure is likely to be just the tip of the iceberg.

Four in 10 Scamwatch reports in 2019 involve attempts to gain information or the actual loss of victims’ information.

“If you think scammers might have gained access to your personal information, even in a scam completely unrelated to your finances, immediately contact your bank,” ACCC Deputy Chair Delia Rickard said.

“Timeliness in alerting your financial institution is absolutely crucial, and will give you the best possible chance at recovering your funds.”

Some of the ways scammers obtain personal or banking information are:

  • phishing emails and text messages which impersonate banks or utility providers seeking your login details
  • fake online quizzes and surveys
  • fake job advertisements
  • remote access scams in which the scammer has direct access to everything on your computer
  • sourcing information about you from social media platforms
  • direct requests for scans of your driver’s license or passport, often in the course of a dating and romance scam.

“No one is really selling an iPhone for $1, or rewarding the completion of a survey with expensive electronic goods or large gift vouchers. They’re scams to get your valuable personal information,” Ms Rickard said.

“The identity thieves can make victims’ lives a nightmare. They’ll change the victims’ phone carrier so they lose service and set up mail redirections so they’re in the dark about what’s going on.”

Scammers can empty victims’ bank accounts, take out tens of thousands of dollars in bank loans under victims’ names, and purchase expensive furniture or electronics under ‘no-repayments for 12 months’ schemes.

Lost personal information also leaves victims more susceptible to future scams. Scammers will use the victim’s personal information to seem more convincing in cold calls.

“The trick is to be alert to the signs. If your mobile phone suddenly loses coverage, you haven’t received expected electronic or physical mail, or you receive unexpected notifications from a financial institution, call your bank.”

Australians are set to lose a record amount to scams in 2019, with projections from losses reported to Scamwatch and other government agencies so far expected to exceed $532 million by the end of the year, surpassing half a billion dollars for the first time.

This year’s National Scams Awareness Week (12-16 August) theme is ‘too smart to be scammed?’ and the ACCC, along with over 100 campaign partners from government and industry, is urging consumers to test their scams knowledge and refresh their scam protection and detection skills.

“Many people are confident they would never fall for a scam but often it’s this sense of confidence that scammers target,” ACCC Deputy Chair Delia Rickard said.

“People need to update their idea of what a scam is so that we are less vulnerable. Scammers are professional businesses dedicated to ripping us off. They have call centres with convincing scripts, staff training programs, and corporate performance indicators their ‘employees’ need to meet.”

Investment scams are one of the most sophisticated and convincing scams and continue to have the highest losses. Nearly half of all investment scams reported this year resulted in a financial loss.

These scams are prominent on social media, with ‘Facebook lottery’ scams, the ‘Loom’ pyramid scheme, and cryptocurrency scams particularly common.

Cryptocurrency investment scams have seen record losses, with reports to the ACCC alone of $14.76 million between January and July 2019. Many use social media platforms, fake celebrity endorsements or fake online trading platforms that are made to look legitimate.

Protection advice

“Our advice is to be wary of ads you see on the internet. Don’t be persuaded by celebrity endorsements or ‘not to be missed’ opportunities. You never know for certain who you’re dealing with or whether they’re credible,” Ms Rickard said.

“If you think you’re speaking to a friend on social media, call them, or find another way to contact them before acting on any advice that might result in you giving away your personal details or money.”

Scamwatch also suggests that people check ASIC's list of companies you should not deal with. If the company that contacted you is on the list — do not deal with them, and even if they are not listed, continue researching and speak to a financial advisor before investing.

Be vigilant on social media, when shopping online and when answering the phone, and never give anyone who has contacted you out of the blue your personal details, banking details or remote access to your computer, no matter who they say they are. It’s best to assume scammers are everywhere, waiting for you to let your guard down.

“Remember, anyone could fall victim and no one is ‘too smart to be scammed’. Always ask yourself, ‘could this be a scam?’ and if you’re ever in doubt, decline the contact or hang up the phone — it’s often the safest option,” Ms Rickard said.

The ACCC has produced a series of videos with tips and tricks on how to spot a scam, and to test people’s awareness of scams. The full series is also available on YouTube.

You can also follow @scamwatch_gov on Twitter and subscribe to Scamwatch radar alerts.

Stay Smart Online Week is an annual event focused on empowering people, businesses and the community to protect themselves online.

This year’s event will run from 7–13 October and focuses on:

  • reviewing privacy settings
  • knowing how to spot phishing scams
  • creating strong and unique passwords
  • turning on two-factor authentication.

In line with the week’s theme, Scamwatch is presenting a quick guide to how privacy, phishing and device security lead to your personal data being lost — and what you can do about it.

How does my personal data end up in the hands of scammers?

There are four main ways scammers gain your personal information.

You inadvertently provide it to them

Social media is a common source of information for scammers. Be careful how much personal information you reveal.

Phishing emails, texts, phone calls and even faxes are created just to trick you into providing your data. Scammers will use tricks like 'you’ve won a prize!' or 'your bank needs you to update your details'.

Email attachments and downloads from websites can contain malware that infects your computer. Malware can tell scammers what keys you pressed, grant them outright access to your computer, or present fake pages that look like the real thing when you go to important websites such as your bank's.

If you’ve consented to having your information provided to third party advertisers at some point, some of your personal information is likely to be available for purchase from companies specialising in marketing leads lists.

Your friends provide it to them

Social media settings often include permissions for access by friends of friends. Many people still accept friend requests from strangers.

'Refer a friend’ rewards can incentivise your family and friends to provide your email address, name and other details to scammers directly or indirectly.

An organisation with your information suffers a data leak

Many legitimate companies and organisations have had their data breached. Historic data breaches are available for purchase and download on the Dark Web by criminals.

Criminals trying the password and email combination from these data leaks on your email and social media accounts is a common source of access.

Your physical or electronic mail is stolen

Credit cards, drivers licences and utility bills serve as proof of identity and can be sent by mail, making them a target for thieves.

Many people’s email accounts are invaluable repositories of job histories, friends, scanned identity documents, and even passwords to other accounts.

I’m concerned my data may be in the hands of scammers – what do I do?

Check your credit score with Equifax:

  • it’s free to do once per year and will tell you your financial history
  • if you see a loan application you didn’t make, contact Australia and New Zealand’s IDCARE.

Check public data breaches for your email address through haveibeenpwned.com:

  • it’s free to do as often as you like
  • you can also subscribe to the service which will let you know if your email address appears in any future public data breaches.

What you should do differs depending on what details were made public in the breach. At the very least, make sure to change your password.

If you use Facebook, follow these steps to check your Facebook settings.

  1. Log in to Facebook and click Settings -> App Settings.
  2. Remove all applications you’re not actually using.
  3. For the ones you are using, click ‘edit’ and remove any permissions that the application shouldn’t need to function.

If you use Gmail, follow these steps to check your connected devices and accounts.

  1. Log in to Gmail and click ‘Settings’ in the left hand column.
  2. Click on your account name.
  3. Click ‘Manage account’ and go to ‘Security’.
  4. Click ‘Manage Devices’ and ‘Sign-out’ of any unrecognised phones or computers.
  5. Click ‘Manage third-party access’ and ‘Remove Access’ from any apps you do not use or do not think should have access to your device.

I’ve checked everything you suggest but am still concerned – what else can I do?

There are a number of guides to help you stay smart online — here are our top picks: