Sunday, December 22, 2024

Coles and Telstra are being impersonated by scammers. Here’s how to spot a phishing scam

Must read

Ever received a text asking you to click on a link to stop your loyalty or reward points expiring?

It’s likely to be a scam.

The Australian Communications and Media Authority (AMCA) has reported a sharp rise in shopping points and rewards-based SMS scams, and is warning customers to be vigilant.

Here are some of the brands that have been impersonated, and the steps to follow when trying to spot a scam.

Which companies have been impersonated?

The AMCA said scammers had been impersonating well-known brands including:

  • Coles
  • Telstra
  • Optus
  • Woolworths

Data analysts at Australia and New Zealand’s national identity and cyber support service IDCARE detected a spike in these scams in May.

“This was particularly evident with IDCARE clients engaging with Coles impersonation loyalty messages,” IDCARE’s Kathy Sundstrom says.

“Where we normally see a few, there was a sharp increase. But it’s still relatively smaller volumes when compared to other scams.”

Last year, the Australian Competition and Consumer Commission (ACCC) also warned customers holding loyalty points with major businesses to beware of a new phishing scam.

Telstra, like other well-known brands, is often impersonated through loyalty point scams.(Supplied)

How does a loyalty point phishing scam work?

Scammers send victims a message, telling them to click on a link to redeem their points before they expire.

The link then takes you to a website designed to look just like the company you have points with.

Here, you’re prompted to enter your login or financial details.

From there, the cyber-criminal will use this information — such as passwords, credit card or banking details — to carry out fraudulent activities.

The companies named in the AMCA’s warning have a list of active or recent scams on their websites. You can find them here:

A hook goes through a computer with someone's login, an illustration of a "phishing scam".

In 2023, Australians lost almost $26 million to phishing scams.(Pixabay: Mohammed Hossan)

Why do scammers use loyalty point programs to target customers?

Tyler McGee, from online protection company McAfee, says psychology plays a large role in why scams work.

“Scammers can appeal to your sense of trust by using well-known names, or your fear of missing out by creating a sense of urgency,” Mr McGee says.

“Loyalty programs can embody both those emotions.

“By using them as a tactic, they can gather your personal and credit card information, both of which are valuable.”

Ms Sundstrom says scammers are known for investing time in studying what makes Australians “tick”.

“They research what we like, how organisations communicate with us, and they are masters at trying to mimic the kind of messaging we would expect to see,” she says.

“They send messages out en masse because there is a strong likelihood it will connect with someone who may be interested or concerned enough about their loyalty program to not look too closely for the red flags in the messaging and click on a link.”

A screenshot of a Coles loyalty points scam text message that asks customers to click on the link to redeem their points

Scammers are trying to target Australians who are experiencing cost-of-living pressures.(Supplied)

According to Finder, 91 per cent of Australians are members of at least one loyalty program.

And this popularity hasn’t escaped the attention of scammers.

How can I spot a scam text message?

The Australian Cyber Security Centre says there are a few dead giveaways.

Suspicious links

Scam text messages with links are a very common tool used in phishing scams.

Any text asking you to follow a link should be treated with caution.

Incorrect website addresses

While the link leads to a web address that may contain the name of the impersonated company, the URL will likely have some inaccuracies such as:

  • Misspellings
  • Unusual words
  • Random letters or numbers
  • A different domain, e.g. “.net” instead of “.com” or “Am0z0n.com” vs “amazon.com”.

A sense of urgency and scarcity

Are you told you have a limited time to respond?

Scammers will try to rush you by saying that points are about to expire, and you need to act urgently by clicking on a link before time runs out.

You may also be driven to click on a link due to a fear of missing out on a good deal.

Authority

Is the message claiming to be from someone official, like your bank, a government department, a utility company, your doctor or a solicitor?

Criminals pretend to be important people or organisations to trick you into doing what they want.

Last month, Coles confirmed the “3022 points” text message was a phishing scam and was not sent by the supermarket giant.

“Coles will never request personal or banking details in unsolicited communications, and legitimate businesses or government agencies will never request payment in gift cards,” the statement read.

How can I protect myself from loyalty point scams?

Here’s what Scamwatch recommends you do:

  • Delete or ignore any message regarding a loyalty program that contains a link
  • Don’t click on a link included in a text message
  • Never provide any personal or financial details if the sender is unknown or suspicious
  • Use the reward program’s app or website to independently check on the status of your points

Latest article