Refund Scams: How Australians lost $634 million in 2019

Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on facebook
Facebook
IT Security

Australians lost over $634 million to scams in 2019, according to the latest figures in the ACCC’s Targeting Scams report and the figure is expected to be much less than the real loss because it’s estimated that 1 in 3 people don’t report their loss.

The 2019 report broke the losses down into “business email compromise scams” accounting for the biggest losses, followed by “investment scams” at $126 million, and dating and romance scams at $83 million.

The Refund Scam, or rebate scam, is growing quickly in popularity because it is much harder to detect by authorities but requires a gullible, empathetic victim and, statistically, these are most commonly older people.

The ‘New’ Refund Scams

ACCC Scams Report OInThe old scams usually started with an email or a phone call saying you’d been charged for using a bogus service and if you believed that was incorrect you should call for a refund.

The scammer would try and get you to login to your bank while controlling your PC so they could capture your account details, login and password – and then drain the account.

That SCAM is just a little too easy to track. Banks and the authorities started making it very hard for this scam to be profitable so it has evolved.

Step 1: The set up

The set up is still the same. You get a phone call or email saying you’ve been charged for using a service. The service changes depending on the scammer. They might pretend to be Amazon, Apple or an Anti-Virus company. Either way, they are counting on you calling straight away to tell them it was a mistake.

FIRST CHECK: The easiest way to confirm this is a scam is to login in to your bank and look for a debit that matches. No debit? No worries. Ignore the call/email. You can stop reading here!

Now if they have managed to get your credit card details they may have actually put a charge on your card. This could be possible because, believe it or not, scammers share information. If one scammer manages to con someone, they put their victims details into a database and that database is valuable. They can sell that information to other scammers.

So let’s say they’ve managed to get your credit card details and put a charge of $400 on it – or that you just didn’t check and rang them to tell them they’ve made a mistake.

Step 2: The Con

You’ll usually get a very friendly and helpful person that apologises for the misunderstanding and will process the “refund”.

Then, to confirm you have received the refund, they’ll probably start by getting you to visit a website that allows them to remotely access your computer. TeamViewer, AnyDesk, FastSupport, etc.

SECOND CHECK: There is no reason for someone processing a refund to access your computer. You can check yourself and tell them. If they get upset by that, you’re probably being scammed.

Obviously the refund won’t be there and they’ll make some excuse as to why that may be the case. What they really wanted was to see is how much money you have in your account so they know how much they are able to scam.

Next they will show you they are signing out of your account and then they blank the users screen and simply sign back in using the browsers stored username/password feature.

They use the browser’s built-in tools to edit the web page and make it look like there has been a deposit of $4000.

Then they let the victim see their computer again and take them through entering their details into a fake form (that is actually just collecting all their contact details for the victim database) and when the victim enters “400” in the refund field – the scammer adds a couple of zeros remotely.

Now they’ve made the victim believe the error is their fault. The scammer will get the person, who is now emotionally off balance and probably starting to panic, to check their bank statement and the victim will see the phony refund the scammer set up earlier.

THIRD CHECK: Logout and log back in to your bank account or hit the “refresh” button to reload the real bank webpage. Refreshing the page will update the screen with the real data and the scammers ‘fake’ entry will disappear.

The victim now believes they have messed up and received too much money. The scammer will play on that and convince the victim they need to save the scammers job and send the ‘over-payment’ back.

After building the panic, they will come up with an ingenious method to get the money back quickly so the scammer doesn’t loose their job. They’ll convince the victim to withdraw cash or buy gift vouchers and then courier them to an address local to the victim.

At this point the scam is almost over and the victim is likely to do as they say to “make things right” and because there are no bank transfers, it is very hard for the authorities to track down the scammers.

Step 3: How they get away with it

What happens after the victim mails the cash or gift cards is quite devious. The scammers use temporary addresses to receive the parcel. They frequently use AirBnB to book a room and then have a “mule” waiting at that address to collect the parcel from the courier. The mule takes their share and then forwards the parcel to another address making the money impossible to trace electronically, almost like a laundering scheme.

The scammers use different addresses, different mules and different couriers to make it even harder for them to be traced. 

A “Live” Demo of the Scams in Action

There is an engineer named Mark Rober who invented a “Glitter Bomb” that looked like a parcel he would leave on his doorstep and if someone stole it and opened it – they got an unpleasant (but amusing for everyone else) surprise.

Mark Rober teamed up with another YouTuber named Pierogi to try and deliver a Glitter Bomb to the people responsible for the scam.

The video is entertaining but it also shows you just how the Refund Scams work and how the scammers manipulate people into parting with their money. It is well worth watching.

Want to stay up to date with useful tech-tips?  

Follow us on LinkedIn, Facebook or Twitter to be notified when we post new content. Or, even better, scroll down to the very bottom of this page to sign up for our Newsletter. We only send them once a month and you can always unsubscribe.