Stay Smart Online Week is an annual event focused on empowering people, businesses and the community to protect themselves online.
This year’s event will run from 7–13 October and focuses on:
- reviewing privacy settings
- knowing how to spot phishing scams
- creating strong and unique passwords
- turning on two-factor authentication.
In line with the week’s theme, Scamwatch is presenting a quick guide to how privacy, phishing and device security lead to your personal data being lost — and what you can do about it.
How does my personal data end up in the hands of scammers?
There are four main ways scammers gain your personal information.
You inadvertently provide it to them
Social media is a common source of information for scammers. Be careful how much personal information you reveal.
Phishing emails, texts, phone calls and even faxes are created just to trick you into providing your data. Scammers will use tricks like 'you’ve won a prize!' or 'your bank needs you to update your details'.
Email attachments and downloads from websites can contain malware that infects your computer. Malware can tell scammers what keys you pressed, grant them outright access to your computer, or present fake pages that look like the real thing when you go to important websites such as your bank's.
If you’ve consented to having your information provided to third party advertisers at some point, some of your personal information is likely to be available for purchase from companies specialising in marketing leads lists.
Your friends provide it to them
Social media settings often include permissions for access by friends of friends. Many people still accept friend requests from strangers.
'Refer a friend’ rewards can incentivise your family and friends to provide your email address, name and other details to scammers directly or indirectly.
An organisation with your information suffers a data leak
Many legitimate companies and organisations have had their data breached. Historic data breaches are available for purchase and download on the Dark Web by criminals.
Criminals trying the password and email combination from these data leaks on your email and social media accounts is a common source of access.
Your physical or electronic mail is stolen
Credit cards, drivers licences and utility bills serve as proof of identity and can be sent by mail, making them a target for thieves.
Many people’s email accounts are invaluable repositories of job histories, friends, scanned identity documents, and even passwords to other accounts.
I’m concerned my data may be in the hands of scammers – what do I do?
Check your credit score with Equifax:
- it’s free to do once per year and will tell you your financial history
- if you see a loan application you didn’t make, contact Australia and New Zealand’s IDCARE.
Check public data breaches for your email address through haveibeenpwned.com:
- it’s free to do as often as you like
- you can also subscribe to the service which will let you know if your email address appears in any future public data breaches.
What you should do differs depending on what details were made public in the breach. At the very least, make sure to change your password.
If you use Facebook, follow these steps to check your Facebook settings.
- Log in to Facebook and click Settings -> App Settings.
- Remove all applications you’re not actually using.
- For the ones you are using, click ‘edit’ and remove any permissions that the application shouldn’t need to function.
If you use Gmail, follow these steps to check your connected devices and accounts.
- Log in to Gmail and click ‘Settings’ in the left hand column.
- Click on your account name.
- Click ‘Manage account’ and go to ‘Security’.
- Click ‘Manage Devices’ and ‘Sign-out’ of any unrecognised phones or computers.
- Click ‘Manage third-party access’ and ‘Remove Access’ from any apps you do not use or do not think should have access to your device.
I’ve checked everything you suggest but am still concerned – what else can I do?
There are a number of guides to help you stay smart online — here are our top picks:
- the rest of the Scamwatch website and Little Black Book of Scams provide advice in several languages on how to identify and protect yourself from all sorts of scams including Dating & Romance scams and Investment scams.
- the Australian Cyber Security Centre's website provides advice across a range of techniques for staying smart online
- NSW Police have excellent guides in several languages on protecting our physical mailbox
- the Office of the eSafety Commissioner has some great quizzes and guides geared toward teaching children and adults cyber safety
- the National Broadband Company’s top 10 tips from 2017 is still excellent advice.