This couple lost $98k in a sophisticated text message scam. Here's the one thing to look out for

Scammers are using increasingly sophisticated techniques to fool victims with one Melbourne couple devastated at losing $98,000 thanks to one key error.

An image of a couple with some text messages they received

Sarah and James lost $98,000 in a text message scam. Source: SBS News

KEY POINTS
  • A Melbourne couple lost $98,000 in a text message scam.
  • The message appeared in the same thread as other messages from their bank.
  • People are warned never to click on links in messages.
When James Green saw the text message on his phone there was one reason he trusted it straight away.

The message appeared in the same thread as he'd received many other legitimate texts from his bank Westpac.

"A new transfer to JOSEPH STEPHENSON for $5500 has been attempted. If this was NOT you, please call us on ..."

The 26-year-old had not authorised the transfer so he called the number provided straight away.

James thought he was speaking to a representative of Westpac and was told that the best thing he could do to secure his money was to close his accounts and set up a new one.

James and his partner Sarah Gerendasi, 26, followed that advice and then transferred money to a new account but after a couple of days it hadn't shown up. They called Westpac to double-check if the man they'd spoken to was who he said he was.

"James had been talking to this guy all throughout the week and having regular communication, I think probably when that communication stopped, and we could no longer get in contact with him - that's really when I think both of our stomachs dropped," Sarah said.

In just a matter of days, the couple had lost $98,000 - their life savings.
A couple looking serious
Sarah Gerendasi and James Green lost $98,000 through a text scam Source: SBS News / Charis Chang

Text message scams getting harder to detect

Despite being fairly tech-savvy young people, the couple were surprised at the sophistication of the scam and how they had been tricked into believing they were speaking with a representative of their bank.

"It's sort of scary to think that we've technically grown up in a heavily technological age - people that don't have that sort of savvy-ness, it really doesn't matter, it's so sophisticated these days - everything we've known about scams just basically didn't apply in this case," Sarah said.

In hindsight, the couple say there were warning signs they could have noted but at the time, things made sense.

The scam kicked off when James got a text from what he thought was Uber asking him to update his payment details.

"We'd just been on a trip to Sydney so it kind of made sense ... and I even checked my Uber account and my old card was in there," he said.

"Being busy with work and that sort of thing, I didn't think too much of it."
James made the mistake of clicking on a link sent in the text message to update his payment details. About an hour and a half later he got the first text from what appeared to be his bank Westpac, advising him to call them on a particular number.

When he contacted the number he was advised to transfer his money into a new account.

Throughout the whole process James said he kept coming back to the fact the text message had appeared in the same thread as other legitimate texts from his bank. It's a practice he now knows is called spoofing.

"To receive a text in there, I just thought, 'well, if all the rest of the texts are legitimate, these ones must be as well'," he said.

Even now, he still receives text messages from Westpac in that same thread.
A text message thread
Scam text messages appeared in the same thread as James' legitimate Westpac messages. Source: Supplied
The bank has only offered $3000 to the couple in compensation, something they are fighting.

A Westpac spokesman said it was unable to comment on individual customer matters due to confidentiality obligations.

But he said the bank invests heavily in fraud and scam prevention and has robust processes in place to alert and protect customers.

"We’ve seen a recent spike in impersonation scams where scammers pose as a known business to trick you into sending them money or personal information," the spokesman said.

"Customers should be wary of any unexpected calls, SMS or emails claiming to be from their bank or other reputable organisation, and always stop to consider what you’re being asked to do.

"If in doubt, hang up and call back on a publicly listed number to confirm if the call was genuine. Westpac will never ask a customer to transfer their money to another bank in order to protect their account."

Links in text messages should be removed

RMIT University telecommunications expert Associate Professor Mark Gregory believes regulation should be introduced to stop financial organisations such as banks from including links in text messages or emails to their customers, which he describes as a "point of weakness".

"Until technology catches up, my belief is there should be a complete blanket [ban] - there will be no links," he said.

"We need to get rid of that so that if someone sees a link there, then they will know that it's a problem."
Until technology catches up, my belief is there should be a complete blanket [ban]
Associate Professor Mark Gregory
If organisations want to continue to provide links, Professor Gregory believes they should offer a two-factor authentication system so any message the phone identifies as coming from a financial institution is then sent to the bank's website for authentication.

"That's a bit more difficult and a bit more technical," he said.

There were more than 200,000 scams reported in Australia last year, costing people more than $568 million, according to the Australian Competition and Consumer Commission's ScamWatch.

One of the difficulties in putting in place a better system to detect and deal with scams is determining who should be responsible.
Bar graph showing the number of scams reported by method
Text message scams were the top reported scam in 2022. Source: SBS News
"The question is who pays? Should the consumer pay? Should the financial institutions pay? Should the people that sold the devices and the operating system - should they pay? The arguments have been going around in circles for 25 years," Professor Gregory said.

He noted telcos had made more efforts to limit the use of fake phone numbers over the past decade.

"The links within the message are really something beyond what the telcos can fix, but they can work harder to prevent the [spoofing] that goes on, and the misuse of phone numbers," he said.

Professor Gregory believes more regulation is also needed to set out exactly what security features should be provided by companies that sell devices such as mobile phones.

He has long argued that companies providing operating systems such as Microsoft, should provide antivirus programs.

"We're slowly seeing Microsoft moving in that direction ... however if you want good antivirus, you have to pay for Microsoft Office 365 Enterprise - or whatever is the top level - otherwise you're getting cut down versions of it."

He said every country was grappling with how to deal with scams.

"Part of the problem is that there's no simple regulation, there is no simple approach that the average person can follow and understand," he said.
Part of the problem is that there's no simple regulation, there is no simple approach that the average person can follow and understand
Associate Professor Mark Gregory
"It's an arms race, where really the money that's being spent to stop the scams is being matched by the companies that are creating the scams. It's a multi-billion dollar business."

Professor Gregory said the people affected were not just those falling prey to get-rich-quick schemes.

"It's gone beyond the poor pity them, it'll never happen to me - it is happening to the average person," he said. "For that reason alone it's time for the government to step in."

A spokesman for Communications Minister Michelle Rowland said the Albanese Government had allocated funding in the October budget to establish a National Anti-Scams Centre.

"It is anticipated that the Anti-Scams Centre will provide a single contact point for advice on how to prevent scams, and what to do when impacted by a scam," he said.

He said the government is also exploring options to block SMS sender ID impersonation. This would combat scammers impersonating trusted brands to defraud citizens.

What can consumers do to protect themselves?

Professor Gregory's advice to consumers is to never click on links, and to never reply to an SMS or an email from an organisation.

"Go to the website of the financial institution [and] login," he said.

"They all have message systems where you can contact them once you've logged into your account.

"And if they don't have it, then the ACCC and the ACMA need to come down hard on them because that's the only secure approach we have."
Two people hold mobile phones
People should never click on links in text messages, Associate Professor Mark Gregory says. Source: AAP

More work needs to be done to protect people

The Australian Communications and Media Authority (ACMA) acknowledged more could be done to protect people and says combating SMS and identity theft phone scams is a compliance priority for it in 2022/23.

"Unfortunately scammers are continually finding new and inventive ways to perpetrate their fraud," an ACMA spokeswoman said.

"We continue to work with government partners and industry to identify further steps that could be taken to stop scams including those where scammers pretend to be trusted brands."

The spokeswoman said telcos had blocked nearly 50 million scam SMS in the first three months following the that require them to identify, trace and block SMS scams.

Text message scams were the most common complaint in 2022, according to the ACCC's ScamWatch with 79,835 reports lodged, costing $29 million.

The CEO of communications industry body Communications Alliance, John Stanton, said fraudsters had focused more strongly on scam SMS and short messages during the COVID-19 pandemic, partly because of the measures put in place by the industry to fight scam calls.
Bar graph showing the cost of scams by age group
Older Australians lost the most amount of money due to scams in 2022. Source: SBS News
He said an industry-wide enforceable code had been introduced in 2020 with extra provisions introduced in 2022 to specifically target SMS scams.

All companies that offer telco services are bound by the Reducing Scam Calls and Scam Short Messages Code.

"It puts obligations on telcos to monitor their networks for scam activity, to identify scam messages and calls, to block them, to share the information across the industry and report it back to the regulator," Mr Stanton said.

Mr Stanton said the code is enforceable by the ACMA and telcos that were not compliant could suffer financial sanctions.

One thing to recognise however, is that telcos are not allowed to look at the content of an SMS message to determine whether it was a scam or not, he said. They could only assess factors such the frequency of the texts, their origin and whether they contained any links.

"It's a complex problem and it's not one that telcos can just solve," he said.

A spokesman for Telstra said some communications service providers were not yet compliant with the code and spoofing of legitimate companies was still happening.
"In these cases, the code helps carriers to work with each other and the ACMA to trace back where the spoofed calls and SMS are coming into Australia, to help close any gaps," he said.

The spokesman said it was extremely difficult to know where an SMS had originated from when it was not sent directly from Telstra's network.

"Unfortunately, no one can be 100 per cent safe from spoofing, and we strongly suggest that customers remain alert for any SMS or calls where the caller or sender is proposing to represent a legitimate company," he said.

"Telstra has made huge advances in blocking scam calls and SMS; in the past 10 months we have blocked more than 225,100,000 scam SMS and we block 100 million scam calls yearly.

"We remain committed to protecting our customers from criminal scammers, who regularly find new ways to scam and circumvent Australian laws."

Share
11 min read
Published 24 January 2023 12:45pm
Updated 24 January 2023 2:54pm
By Charis Chang
Source: SBS News



Share this with family and friends