Threats to Macquarie's clients and customers continue to evolve and impact users of financial services through various methods, and in different ways. Being aware of the different threats that exist, and what you can do to prevent them, is the best way of avoiding them.
Online threats can refer to any type of fraud or scam generated through the internet or via email. Most online threats are designed to steal personal information such as credit card numbers, user names and passwords. These are typically executed through social engineering scams. The main intent is to gain a financial benefit via fraud.
Cheque fraud may be committed by:
Protect yourself against cheque fraud:
Protect yourself against card fraud:
If you believe that you may be a victim of card fraud, or your card has been lost or stolen, contact your card provider.
Protect yourself from ATM and EFTPOS scams:
Business e-mail compromise (BEC) is when a cybercriminal hacks into an email account and impersonates the real owner to defraud the company, its customers, partners, and/or employees into sending money or sensitive data to the attacker’s account.
BEC is also known as a “man-in-the-middle” attack where two parties think that they are talking to each other directly, but in reality, an attacker is listening in and possibly altering the communication.
While a BEC scam can target anyone in the company, high-level executives and people working in the finance department are the most likely targets. “Whaling” and “CEO Fraud” are two emerging terms used to describe the phenomenon of targeting high-level executives and are typically more difficult to detect than traditional phishing scams since they are so targeted.
Example BEC’s include, but not limited to:
Phishing emails often impersonate large, trustworthy organisations or government agencies. They may contain a link asking you to enter your information or to respond quickly to their request via email.
Malicious software, often shortened to malware, can be used by cybercriminals to:
Malware can infect your device through a variety of methods such as:
If you’ve been affected by malware, you might notice your device is running slower than usual, ads popping up on your machine you didn’t expect or notice websites asking for more details than they normally do to do something like logging in. You may also notice alerts from your anti-virus software telling you about an infection.
Some of the ways to reduce your risk of being affected by malware include:
Ransomware is a type of malware that locks your device and its files down so you can’t use them without paying a fee.
Ransomware can be very costly to recover from. It commonly uses encryption techniques to lock your files, making them unreadable, and some go one step further and make your computer unusable.
Ransomware infects users’ devices through the same techniques as malware and can include:
It is not recommended to pay the ransom if you’re affected by ransomware. There is no guarantee that paying the ransom will see you get your files back and your computer fixed. You should engage a technical resource for assistance if affected.
Some of the ways to reduce your risk of being affected by ransomware include:
Identity theft happens when a criminal steals personal information and uses it to commit a crime such as opening fraudulent loans or stealing money from your bank accounts.
Cybercriminals can steal information including contact details, tax file numbers, credit card details, online account usernames and passwords.
Some of the signs of possible identity theft include:
Some of the ways you can minimise the likelihood of having your identity stolen include:
Scams have existed for centuries, however the internet allows scammers to reach a much larger audience.
A scam might come in the form of an email, contact from an unknown person through websites such as dating sites, online forums or social networking sites. Scams are usually designed to either steal your money or trick you into revealing personal information. They use techniques to manipulate you and appeal to your good nature, and are constantly evolving.
'Cold calling' scams are an unexpected or unsolicited telephone call offering investments or financial advice. The investments they offer usually guarantee high returns or encourage you to invest in overseas companies. The scams sound professional and may have other resources to support their claims. Cold callers often claim to be stock brokers or portfolio managers.
Technical support scams involve cybercriminals getting in contact with users and pretending to have identified a serious problem with the user’s computer or internet connection and offer to help.
They’ll ask for remote access to the user’s computer but in doing so, will access files, intercept bank account logins and other sensitive information on the machine. They may also ask the user to pay a fee to fix the machine.
This scam works on intimidating the user, often using technical words and phrases to confuse the victim and employing techniques to build urgency. The scams can be initiated via a cold call, mass-messaged emails to users or via pop-up ads suggesting you’ve got a virus and to call a 1800 number for help.
Some of the ways you can protect yourself from scams such as these include:
The most common scams share some key characteristics. When it comes to protecting yourself from scams, it’s important to be vigilant around providing personal information or making payments to an account.
Characteristics of a scam:
If you’re being offered a product or investment at a much lower price than normal or promised a return much larger than what you might get from the bank, you may be falling for a scam. If it seems too good to be true, it probably is.
Scammers rely on building trust with their victims before exploiting this relationship for financial gain. Ask yourself if you really know the person you’re talking to. It’s important to seek independent advice around investments.
If you have experienced an online threat or have fallen victim to phishing or any other type of online fraud, please notify us by email at firstname.lastname@example.org. If possible please send your contact phone number and the suspicious email as an attachment, rather than forwarding the email. This helps to identify the author and source and will be used to help reduce online fraud.
For more information pertaining to online threats and how to protect yourself you can visit:
|Region||Market||Financial Regulator / Reporting Authority / Consumer Assistance|
|Americas||Canada||Investment Industry Regulatory Organisation of Canada (IIROC)
|Mexico||National Banking and Securities Commission (CNBV)
https://www.gob.mx/cnbv (Spanish version)
|Brazil||Securities and Exchange Commission of Brazil (CVM)
|Chile||The Commission of the Financial Market (CMF)
|USA||U.S. Securities and Exchange Commission (SEC)
Commodity Futures Trading Commission
Financial Crimes Enforcement Network (FinCEN)
|ANZ||Australia||Australian Securities & Investment Commission (ASIC)
Australian Competition & Consumer Commission (ACCC)
|New Zealand||Financial Markets Authority (FMA)
|Asia||China||China Securities Regulatory Commission (CSRC)
China Banking and Insurance Regulatory Commission
|Hong Kong||Securities and Futures Commission
|India||Securities and Exchange Board of India
|Indonesia||Financial Services Authority of Indonesia
|Japan||Financial Services Agency
Securities and Exchange Surveillance Commission
|Malaysia||Securities Commission Malaysia
|Philippines||Securities and Exchange Commission (SEC)
|Singapore||Monetary Authority of Singapore (MAS)
|South Korea||Financial Services Commission (FSC)
|Taiwan||Financial Supervisory Commission (FSC)
|Thailand||The Securities and Exchange Commission (SEC)
|EMEA||Austria||Oesterreichische National Bank
|Denmark||Danish Financial Supervisory Authority (DFSA)
|France||Autorité des marchés financiers (AMF) (Financial Authority)
Autorité de Contrôle Prudentiel et de Résolution, (ACPR) (Prudential Authority)
|Germany||Federal Financial Supervisory Authority (BaFin)
|Ireland||Central Bank of Ireland
|Luxembourg||Commission de Surveillance du Secteur Financier (CSSF)
|Netherlands||Netherlands Authority for the Financial Markets
|South Africa||Financial Sector Conduct Authority (FSCA)
|Spain||National Securities Market Commission (CNMV)
|Sweden||Swedish Financial Supervisory Authority (Finansinspektionen (FI))
|Switzerland||Swiss Financial Market Supervisory Authority (FINMA)
|United Arab Emirates||Securities & Commodities Authority
|United Kingdom||Bank of England
Prudential Regulation Authority (PRA)
Financial Conduct Authority (FCA)
Urgent and high-risk security threats or incidents, such as extortion attempts, violence towards staff, bomb threats and suspicious packages and any life safety incident can be reported immediately to the Macquarie 24/7 Global Security Operations Centre (GSOC):