Get yourself off the hook when things get phishy

by Rebecca Moonen

It seems scammers will jump on just about any bandwagon and this time they’re ‘going green’. Reports of customers getting calls from government representatives asking for bank details to “refund” the carbon tax have surfaced this week, with one unlucky customer taking the bait. After all, we’re only human and there are so many tricks in the book that we’re often just not reading the right page.

So what happens after you hang up the phone and your stomach drops as you realise you’ve been duped? Well to start with, iiNet customers can request the call to be traced by yours truly. While legislation prevents me from giving you the number, we can refer the matter to the police.
Your second plan of attack should be to call your bank- specifically the number listed on the back of your card or on your statement. They can arrange a stop on your card that will prevent any transactions from being processed, issue you a new card in the mail, and put a fraud alert on your credit report. Don’t contact the bank using the details provided on the phishing email or call, as they’re likely to lead you straight back to the fraudsters.

Check your mailbox daily for the new card and the PIN number (sent separately), and alert the bank if they don’t arrive. After all, the fraudster is perfectly capable of using social engineering (or the good ol’ White Pages) to find your address and collect your mail for you. Remember that while it’s tempting to cut up your credit cards, it’s pretty handy to have two accounts in case one is compromised and out of action for the 3 – 5 business days it takes to send out a new one.

Alerting the bank will limit the amount of money that you’re liable for, and enable you to perform a chargeback for any purchases that you have been fraudulently billed for. If your bank is willing to reimburse you for any unauthorised amounts, then the criminal offence has been committed against the bank and not you. Thus, the responsibility to submit a police report falls to the bank and you can spend your free time a little more productively. Perhaps scouring through your credit card statements?

In the event your card has been stolen, the bank might get you to contact the boys in blue, just in case. In the meantime, sit back with a nice glass of red (god knows you’ll need it) and get to work on changing your passwords and pin numbers for any accounts you think might have been compromised.

Over the next 12 months, be on the lookout for anything suspicious because the fraudsters might not use your information right away. Missing snail mail, application forms for products or services you haven’t asked for or being refused credit are all signs you may be a victim.

And finally, don’t feel too bad. There are various methods by which your details can be obtained – many that don’t even involve you. Fraudsters can use a generator to ‘create’ numbers, remembering that the first 4 digits are vendor specific (Visa or Mastercard etc..), and simply guess the rest. Your number could be retained by a sneaky retail merchant who later uses your number unlawfully, or has their systems hacked and unknowingly passes them on. A crim could use a skimming machine (would you like fries with that?) to record multiple sets of numbers, or even dumpster dive through your rubbish bin for copies of bank statements that you’ve discarded without shredding first. (Assuming they can make it past the empty bottles of red that is!)

If you’d like to learn more about keeping your information safe, check out the latest fact sheet in our Online Safety Series or read the press release.


  1. Jack Cola says:

    What about giving passwords over the phone?

    By reading this article, I would think, if a person calls you and asks for your username and password, you would say don’t give it to them, right?

    It’s funny that I emailed iiNet, and they arranged a callback. First thing your representive says is what is your iiNet username and password? Hmmm, real secure.

    1. Calls are monitored – listeners will get my password
    2. Representative may be dodgy, and use my details to log on to my account
    3. Someone in the room may be listening to get my details

    I asked why he wanted my password. So I think iiNet better rethink their approach here.

    “Rebecca is iiNet’s Compliance Manager. In between keeping our customers safe online” – asking for passwords is not keeping your customers safe online.

    Nevertheless, I love iiNet, and I hope you take on my feedback.

    • Geoff Searle says:

      All good points Jack and feedback is always appreciated.

      I also agree with the points you raised, if you are receiving a call and you have any concerns always offer to call the company back. This is pointed out in the fact sheet.

      We do use passwords for identifying an account holder for incoming calls. However, if you are not comfortable providing your password, then you can provide other information to confirm your identity.

      In regard to your first two points, representatives do sign confidentiality agreements and while calls are monitored, this can be disabled by request. More importantly, any access to this sort of information is logged.

  2. Andy says:

    We take PayPal payments & 3 times now they’ve sent very authentic looking emails that say something like,

    “You’ve just sent a payment of $53.86 for a Silk Scarf”

    You say, “eh? I don’t remember that!”

    Then there’s a link to check the details which you click which takes you to a paypal login screen, it’s different to your usual login screen.

    The first time I logged in & then I realised it was a scam & quickly logged into PayPal proper & changed my password, & then reported it to both them & WA Scamnet.

    Paypal assures me I hadn’t been compromised, but I just thought we ought to be aware of this one because I’ve had it in my INBOX 3 times & it looks so genuine.

    Thanks for the opportunity to share.