Tech Insights with Alisha Christian
In today's rapidly evolving tech landscape, staying informed is more important than ever. "Tech Insights" by Mercury IT is your go-to podcast for expert analysis, industry trends, and actionable insights from top technology professionals.
Whether you're interested in cybersecurity, IT infrastructure, emerging technologies, or digital transformation, this podcast covers it all. Tune in to stay ahead of the curve and navigate the complexities of the tech world with confidence.
Tech Insights with Alisha Christian
From Fake Stores to AI Scams: Your Holiday Cyber Safety Guide
The festive rush is a gift to scammers: more shopping, more parcels, more “urgent” messages. We unpack the most common cons hitting inboxes and phones right now and show you how a short pause and a few simple checks can save your money and identity. From fake storefronts promoted through social ads to parcel “held at customs” texts, we explain how to verify senders, match domains, and trace your original order details so you never have to click blind.
We also dive into charity impersonations that mimic trusted brands and campaign tools. You’ll learn a safer donation flow that bypasses risky links altogether, plus quick ways to spot hidden URLs and domain tricks on desktop and mobile. At work and at home, gift card scams remain a favourite: we outline the classic “CEO request,” the two-step verification that kills it, and why retailers warn customers at checkout. For tax season, we break down ATO-themed lures that play on your expectations and emotions, and we share a simple system to catch fraudulent credit checks early with credit file alerts.
Scammers are levelling up with AI: voice-cloned calls and realistic video can sound and look like someone you love. We offer a practical defence you can set up at dinner tonight—a family code word—and we close with three cyber habits that outperform any gadget: keep devices and apps updated, use unique long passwords with a manager, and enable MFA or passkeys everywhere. If you’ve ever wondered what to do after you accidentally click, we cover that too: scans, resets, and when to call a pro.
If this helped you feel more prepared for the holiday season, follow the show, share it with someone who needs a friendly heads-up, and leave a quick review to help others find us.
Since recording the free credit service is no longer available. If you are still interested in protecting your credit identity visit here for more info
Good morning, Chris.
SPEAKER_03:Good morning.
SPEAKER_00:Welcome back. So today we're going to be talking a little bit about scams, as as we know, around the festive season, they do seem to amp up quite significantly. So we're just going to touch on a few of the most common scams, what our listeners can look out for, and just basically ways to protect yourself because I mean the worst thing, you would not want to be scammed over the Christmas period.
SPEAKER_03:No, it's not ideal. No, I mean no time's ideal, but No, no time's ideal, but over the festive season, uh money is tight, trying to buy presents, etc. So yeah. Yeah.
SPEAKER_00:Uh so I guess one of the um main scams that comes along around this time is online shopping scams, would you say?
SPEAKER_03:Yeah, definitely. So online shopping is a big one. Um, you know, we'd uh obviously got Timu and uh Sheen and the rest uh out there. And I think some of the tips there are just purchasing from places that you do know. Um, I'd be um very weary of uh ads that are popping up in your feed and socials uh to sell the next latest craze or whatever it is, and you think, oh, that'd be a good gift for so-and-so, and you go there, it's a website you don't know. Um then you are gonna need to uh do a lot more checks uh around that. Like um, I would definitely do some Googling uh of the kind of shop name, see if there's any uh people that have bought from there, if there's any negative feedback. That that sort of stuff does pop up quite quickly if if it is a uh scam. So you'd be able to check for those sort of things. Other basics, um, like looking for a certificate uh on the site, um, that I would be a little bit more careful of, um, mainly because bad cars can also purchase certificates and it could look relatively legitimate. So definitely look for that uh confirmation um from you know crowdsourcing, basically, uh, would be a good idea.
SPEAKER_00:Okay, because yeah, I can imagine it'd be quite easy to get drawn in by those um ads, especially if you're a bit stuck for uh gift ideas and that impromptu spend. So yeah, that's some good advice there. And um, I guess it's kind of not dissimilar around Black Friday sales as well.
SPEAKER_03:Yeah, similar. Look, any anything where there's a a bit of hype and you know people are gonna be purchasing more, they are gonna be on a lookout for a deal or something like that that is gonna be capitalized on by scammers. Yes, I mean it's the usual.
SPEAKER_00:I guess uh another one that kind of goes in line with online shopping is the parcel tracking.
SPEAKER_03:Yeah, uh I mean parcel tracking definitely. I think it's not that um the scams are necessarily uh kind of increasing uh around that time, but it a lot more people are gonna fall for it, right? Because uh, you know, we get those parcel tracking scams, and just explain what that is. You know, you you could get an email going, oh, your parcels being you know redirected, or your parcels being held at customs and we need further information, or your you know, your parcels arrived at blah, just click here to whatever. So the idea is that uh people purchase through the year and get lots of deliveries, right? So you quite often you you do have a parcel. So then you go and click the link, right? But the idea is to just double check, you know, uh did you purchase something? Who did you purchase it from? Who do they use for their shipping? Now that is something most people don't look at. It's just like purchase, right? It's a it's arriving in three days. Sweet. So who's actually doing the delivery? You know, is it OzPost? Is it DHL? Is it who who's actually doing it? So uh it is good if you can check. Quite often you'll get a notification that it's being dispatched to wherever, and you can see who the handler is of that package. So that when you do get the scam email coming through and it's a DHL, and you then you know, well, the where I've ordered from is not using DHL, they're using Ozpost. So you're you're gonna be much more skeptical about that DHL email, right? So that I would definitely check as far as you can. That look look for who you're purchasing, who the uh things are. Now I know what people are like, but generally you're not gonna take that extra step to go and see who it is, right? But you can check it retrospectively as well. So if you do get that email popping and it's from DHL, just pause. Don't click on the link. Go and go back to your original, you know, uh sales uh email and go and have a look at who's doing the shipping, when it should be coming, etc. Just that little bit of extra checks before you click on that link. If you do click on the link, there's a couple of things there. Your your machine is not compromised instantly all the time. It could be though, so that's why we say don't click, right? But if you have clicked, quite often it is just a phishing email. So it is to gain that information. But generally your username and password, so they might pop up a site that looks familiar and you know ask you for your Microsoft uh username and password or your Facebook username and password to access something. So just be wary of what that looks like when you click on, right? Don't don't input your details anywhere if you're not expecting it. Doesn't look right, it feels off. Like trust your gut instincts, I think a lot of the time as well is is a good idea.
SPEAKER_00:I mean, that's some really great advice there because I have definitely been known to not check to see who is delivering my parcel.
SPEAKER_03:I think we all do it, right? Because you you like normally you wouldn't have to. No, it's like purchase, it's coming in three days, sweet. Oh, I get a notification email, your parcel's coming tomorrow, click yeah. And maybe there are details missing. Like it could literally be legitimate, but take that extra time to double check, especially over this period, because we know there's a lot happening at the end.
SPEAKER_00:Better to be safe than sorry. And I was actually gonna ask you what would happen if you did click. So thanks for clarifying.
SPEAKER_03:Just to continue on that, there's a there, there's a couple of things. Remember, you could also get this not just via email, right? So you could also get a text message, yes, and that's quite common these days as well. Uh, so that's referred to as smishing, so it's the phishing, but via SMS, so smisher, they've got to come up with weird. So uh with the smishing, it's the same sort of thing, and then it's clicking on the link on the phone, and then it's taking you to a login site that wants your username and password, or confirm your credit card details, or anything that sounds like, oh, hold on a second. Yeah, like don't, right? So look for what they're asking for, look for like common things like urgency, things like that. Like you know, your package is being held by customs, you need to give whatever information.
SPEAKER_00:And if you're ordering um, if you're ordering off Sheen or Timu or one of those companies and you see that about customs, you would be kind of like, oh, yeah, well, I guess that could be right. Yeah, yeah. Yeah, so I think um just taking that extra time, like you say, everyone's always in a rush, but it could be beneficial to take extra minutes.
SPEAKER_03:You don't want to be in a huge rush and then lose your identity and then they wrap rack up twenty thousand dollars in you know uh credit card charges on a new account that you don't even know exists, etc. And it takes you two years to resolve.
SPEAKER_00:Yeah, that's right. That's more than a couple of minutes, too.
SPEAKER_03:It's not it's just not fun, right? No, so yeah, definitely take the extra time. Uh, a lot of people don't understand the uh repercussions of it. They'll be like, so what if they get like my detail? Like I've had that quite often. Or so what? Well, the so what part is if they get enough, like if they can, like maybe they just needed that one extra piece of information because they've already got your date of birth from some other compromise, and they can pull that data together just enough to get the hundred points of ID. Now they can open a bank account in your name, they could go and ask for credit, get a small$2,000 credit limit, and then they do that multiple times, and then all of a sudden you're dealing with lots of different entities that think you owe them money, and you had no idea.
SPEAKER_00:Well, that's the thing, isn't it? Because how would you know if that was happening behind the scenes? It's only, I guess, when you start to get notices to say that you're overdue on payment and that sort of thing, and then I guess you go down a whole rabbit hole.
SPEAKER_03:On that note, just to uh an extra step to protect yourself is you can go to uh credit agencies and actually sign up to like a like a credit watch. Um I've I've done that on a particular I can't remember which sites it is, so we'll we'll find the details and uh pop it up there. But it's basically a credit watch site. If you Google them, you'll probably come across uh some. But we'll we'll try and find the one um uh I've used. But basically, you'll get an email if there's any uh activity on your credit file. Now, if you apply for credit, even small, like a credit card and it's a$2,000 limit or something on a credit card, that goes into your credit file, right? Because they do a credit search on you. As soon as the credit search happens, they'll actually email you going, This bank has done a credit search. And you go, Hold on a second, like Bank of Queensland. I don't bank the Bank of Queensland, and why are they doing a credit? As soon as that happens, you call that bank and go and find out what's happening. So definitely go through to their security department, say, I think there's fraud happening, there's been this credit search, I haven't done it, and then they can start to look at it. They could put a hold on that account, etc. So you're trying to get ahead of that by having some sort of watch on your credit file.
SPEAKER_00:That's really interesting. Is it is it like a subscription-based kind of thing if you have to pay for it, it's free? Yeah, yeah, it's free.
SPEAKER_03:I'm sure there's ones that you would pay for. Yeah. I know the one I'm using is is for free.
SPEAKER_00:Well, I might have to check that out for myself.
SPEAKER_03:No, we definitely need to check it out. Everyone should have it uh in place, and it's a it's a simple email. And normally they'll send you an email at least once a month giving you your current credit score and things like that if you're interested or not. But the point is, is that credit file and who your creditors are, etc., and if there's any changes on it, that's that's quite important.
SPEAKER_00:Yeah, well, we'll definitely um get those details together so that we can share, we'll check it out for myself as well.
SPEAKER_03:Yeah. Now, just bear in mind I said uh your machine's not compromised always, but it can be as well. So if you do happen to click and it's more like it hasn't asked you for a username and password, it's like maybe it just popped up a screen and it's gone away, or it's blank, or something like that, or it's popped up some window with an error, and you've gone anything that it just looks weird, right? Something's happened and you don't know what, and you go, oh, that's weird, and you just close it. That might have installed software.
SPEAKER_02:Okay.
SPEAKER_03:Okay. And then that software could be monitoring your machine. So what it's looking for is it's an information stealer. So it's looking for your username and password and details when you log into banking and things like that. And it actually watches for that specifically and then pushes that data to the um the threat actor.
SPEAKER_00:So if you do think that potentially that has happened to your computer, what would you what would your next steps be?
SPEAKER_03:So your next steps is then running a full scan on your machine. So if you if you have uh clicked and it's something's happened, right? Um then whatever antivirus, anti-malware you have, whether it's Defender or whatever you've got running, just initiate a full scan on the machine initially. That that would be the the the first step. Those should be able to pick up any kind of something that's been installed that's not right. Uh with any luck, it would have stopped it from installing as well. Uh reboot your machine after that's probably a good idea just to clear memory and so forth, uh, get it back back online. Um once it's back up, if there's anything else strange happening that you like, you know, like oh, that's a bit odd, or a window flashed up and went away, anything like that, you're gonna want to call a specialist to come and have a look. So yeah. If you're a business, right, then definitely call your your IT team to to have a look. Explain what's happened. Uh the earlier the better, don't leave it and let them uh run through the analysis.
SPEAKER_00:Okay.
unknown:Yeah.
SPEAKER_00:That's good to know. Yeah. Hopefully no one will need to be doing this, but it is good to know what to do.
SPEAKER_03:We all make mistakes. Yeah, that's it, exactly. It definitely happens. So, yeah.
SPEAKER_00:Uh so another scam that quite often is a bit more prominent over the festive season is charity fundraisers and gift cards, those sorts of things.
SPEAKER_03:Absolutely. Um look, they they're probably two separate things, I suppose. The the charity one is obviously playing on the charity of people, right? Doing good things. It's over the festive season. People are thinking more about that. Um, so that definitely does come up. Uh, what could happen and what you're looking for is it's mostly a um scam to get money from you because you think you're paying, let's say, guide dogs. I'm donating to guide dogs. But what's happened is they've sent an email that's impersonating that organization. So whether it's guide dogs or whatever your favorite charity is, so it's impersonating it. They're making the email look like that. It's generally coming from a domain that's not theirs, but it might look similar, right? Uh, and you if if you think about it, there's lots of ways of doing that, you know, whether it's changing letters and numbers out so it looks similar or having a different word ahead of it, you know. So if we'll take, I'm not picking on guide dogs, but we'll take guide dogs as an example. But if you've got like uh guide dogs, um, I'll just say it's guide dogs.com.au, like as an example. That's not their domain, by the way. Uh well, not in Queensland. Uh, but if you if you got uh guide dogs.com.au, you might have something like guide dogs.spoto.com.au or guide dogs.donation.com.au. Now that looks correct, right? But it's not because you've got that donation or whatever the other word is before the dot com.au, that's the important part. That's the main part of that domain. So if you it's kind of like if you if you work the other way around, right? So you work you know right to left, you've got the AU, then you've got the dot com. The one that comes after dot com is the domain that's important.
SPEAKER_01:Yes, right?
SPEAKER_03:Nothing else actually matters, right? So they could put whatever they like there, whether it's Microsoft or guard dogs or you know, whatever. If there's a different word before that dot com, that's the part that should raise the alarm bells for you. So whoever the organization is, right, that should be the name that you recognize. In other words, go Google it, go to the actual website and look, right? That it's that name.com or dot org.au or dot so right after those last one or two. So those are known as top level domains, right? So the AU, the dot com, the org, the edu.au, all of those are your top level. So the very next one should match the company. Yes, you it should you should recognize what that is. So if you've just got that au.com random word dot the company, Amazon, yes, or it's not, so that's that's what you're looking for. Uh when you see the link. Now in the email, they're going to hide the link. And what I mean by that is the link says guide dogs.com.au. Click here to donate now. So you go, oh, that is the recognizable link. Now you've probably heard before to hover your mess. I love a hover. So if you hover the mouse, it will pop up the URL that it's going to. If that matches, right, so it's guide dogs.com.au as the as the hover, then you know, okay, they're not trying to hide the URL. That's the URL that I can click on, and you'd you'd go there, right? What they can do though is you hover and it pops up and it's got that guide dogs.randomdomain.com.au. Then then you are concerned. Like, no, this is probably a scam. The best thing about it though is if you get an email, and even if it's a scam and it goes, oh, don't, and you go, oh, I should do that. I I've been meaning to do that. It's a good time of year today. Just don't click on the link in the email. Go to their website, go to the donation page, and do it there. Yeah, exactly.
SPEAKER_00:Because all charities would have like a donation. Of course they would.
SPEAKER_03:So don't do it through the email anyway, right? Just go and find it. But yeah, you can hover, see the link. You can see if they've changed it. The only difference there is quite often these emails go out from uh a campaign manager. And what that means is quite often it might not come from that domain. It might be coming from like MailChimp or Zoho or etc. And those are valid, and that's what, but that's hard to tell. Like I don't know if card dogs are using Zoho or MailChimp or whatever it is. So just just don't just don't click on the link in the email. If you go, oh, that's a good idea, go to the website or give them a call.
SPEAKER_00:It's really only one extra step, isn't it? To you know, go from an email to their website.
SPEAKER_03:It's absolutely and then this gets probably maybe a little bit harder on a phone. So again, you got that whole uh that SMS type scam. So it comes through, oh donate now. You know, you've been thinking about it. Maybe you've donated before. Now it's even worse if you've donated before because if they mimic the number, right, it will actually come up as guide dogs. So it looks valid to you because you would have seen all the previous SMSs from guide dogs and go, oh yeah. And they'll have the link and you could click the link, right? Wow. And it will be going to the wrong place and you'd be donating your money elsewhere. So again, just don't click. I know this is absolute pain. Well, that empathy. Yeah, exactly.
SPEAKER_00:Well, that SMS one is a good red flag to point out because I have been known to do that myself to just scroll through and go, oh yeah, I've corresponded with them before.
SPEAKER_03:So unfortunately look, um, Telstra and the telcos are doing their best to stop that sort of thing happening, but it's not 100%. It used to be a lot worse. Um, I used to do demos, uh, actually live demos when I was uh doing a presentation, and I would literally send an SMS from two people sitting next to each other from one to the other just to prove how easy it is to do.
SPEAKER_00:I feel like you might have done that to me when I first started. I think I did. I think I did.
SPEAKER_03:I uh that's to make sure that you are well aware not to trust your phone.
SPEAKER_00:Yeah, I'm pretty sure all those years ago.
SPEAKER_03:Yeah, look, and I I can't even do that at the moment, right? I I'd have to go and find another service that would allow me to do that because they are locking those things down, as they should. Absolutely. So it is getting better, but it's not like I I on my phone, there's a couple I've seen a couple, like uh ATO would be another one. So, you know, tax fraud scams. But before we get onto that, uh, you also mentioned gift cards. Very, very common. Now, what what happens with gift cards is that is not normally what how this normally comes about is it's normally the boss or someone with authority in the organization, and it's normally organizational as opposed to personal, I would say. And quite often it would be like, you know, the CEO sends it to the CFO or to their uh their aide that that helps them or uh admin and goes, hey, I've been thinking about just Christmas every year, we've always got to come up with gifts. I know it's complicated. How about we just do it's a hundred dollar gift card per person, you know, for for Christmas. Let's do that. So if you could pop down uh with the uh company credit card and just purchase you know$500 gift cards, and then if you could just set email me those those numbers so I've got them for my records, that kind of thing. And people do it. So I think it was I think it was maybe two years ago. I was actually at uh in Melbourne uh on a cybersecurity conference, and we were on our way back to the airport, and we got a call uh from a customer that had fallen for this. Oh so we're like, oh okay, and then had to quickly walk through where we were. Luckily, it was only a thousand dollars in in this case, uh, and it was you know, it might have been Apple vouchers, I can't remember exactly. But yeah, always, always be suspicious of uh an email, especially around this time. Yes, asking for gift cards, exactly like it and it's and it's easy to to resolve, right? You just call the person to double check. That's it. Oh, it's it's kind of like accounting when um a supplier or someone's changed their bank account details and you get the email going, we've changed our bank account details. You don't just update the system and then pay because it could be fraud, right? So the way around that is a is a two-step system whereby you then calling, obviously not off that email, but you're calling the known contact of your uh contact database and you're calling them and you're confirming the change. Same. So you call your CEO or whoever requested and go, Hey, are we doing these gift cards? And if they go, what gift cards?
SPEAKER_00:Yes, that's then you know.
SPEAKER_03:At that point, I would definitely let again your IET or your cybersecurity team know this is what's happening because it could have gone to other staff members. So that's what you want to do. You want to make sure that the whole everyone knows that you're essentially being targeted now to try and extort money from the business.
SPEAKER_00:Because I guess it's a numbers game for the criminals, isn't it? Just to like send out those emails.
SPEAKER_03:From a personal perspective, I have heard of um it's normally again, unfortunately, it's uh normally the elderly. Um and I I don't know if they're specifically targeted, probably not. It's just that's the demographic they will generally fall for it. Whereas they've got um some sort of debt. I I don't know whether it would be a tax debt or something like that. And again, the criminals ask them to go and get gift cards. So you you might have seen uh at the cash registers uh or at the gift cards place in Woolies, at Kohl's, etc., they've actually got notices up and they've had them for over well over a year now. They've had those notices up going. If anyone's asking you to buy gift cards, it's a scam. Have you seen that?
SPEAKER_00:Oh no, I haven't seen it.
SPEAKER_03:You'll see it at the cash register.
SPEAKER_00:I'll have to check it out next time I'm there, which will be anytime soon.
SPEAKER_03:So yeah, so they they and staff are aware as well. So if they see an an elderly person with a stack of gift cards, wow, they will come and ask and stop them and see what's going on.
SPEAKER_00:So I hadn't heard of that.
SPEAKER_03:Yeah, I haven't actually noticed that, but I don't generally go to the gift card section there, so I'll have to and apparently the other one is these uh crypto ATM machines now. So same sort of thing where the the person thinks they're investing and they're gonna get a lot more money out of the and it's a crypto scam that's been running, and a the end game of that is literally getting them to go and move or deposit uh crypto into their account, into the criminal's account. So and it's off one of those machines.
SPEAKER_00:Well, these cyber criminals have no stone unturned, do they?
SPEAKER_03:It's it's like any criminal, right? You're just gonna find the next thing that you can work with and then use that. If I can use technology to make it quicker and easier, then that's what's happening, unfortunately.
SPEAKER_00:Goodness. Yeah, uh, so you were just gonna touch on the ATO as well, which I know we did have a chat about earlier.
SPEAKER_03:Yeah, not so festive.
SPEAKER_00:No.
SPEAKER_03:Um, but I I it it is around the season, though, and you'll see a lot of uh ATO scams uh around this tax season. Because we've just passed uh the end of October, which is that deadline for uh individuals to get their tax in. It's quite common then to get maybe an ATO message going, yeah, your your tax has been reviewed or some sort of notification, right? Like you're expecting notification. That's the point. So scammers know that. So they're gonna be sending those notifications, going, Oh, your tax return is done. We just need one final bit of information or something like that. And you and you expecting it, so you're not thinking about it, you're going, oh yeah, like oh, how much I'm getting getting back. You know, click, you know, it goes to a site, it looks like the AT, it's not, and then you've either given away your login, right? So hopefully you've got MFA and everything turned on for that, so you may be giving away a bit of information, but they might be asking, then going, oh yeah, so for your credit, we just need your account details or your credit card number, or and you know that you've given it, right? It's in your tax return. So they shouldn't be asking it. That's the type of stuff where you should be like, hold on a second. So it's just just to be wary, definitely we're fine. Yes, very, very common.
SPEAKER_00:And as you say, we're all hoping for that tax return, that refund.
SPEAKER_03:Yeah, or or worse, they'll they'll send that message and going, uh, you owe$11,000. And you'd be like, like, because you thought you were getting$2,000 back, and now all of a sudden they're saying you owe. So now your your heart rates jumped up, your blood pressures jumped up, you're like, What? Like, you're not even looking, you've clicked the link, you want to go see what's happening, and and of course they're gonna ask for details, and you're just gonna want to get in there as quickly as possible, going, what is going on? Why am I owing eleven thousand dollars? I don't have eleven thousand. People will panic.
SPEAKER_00:So everyone just needs to slow down.
SPEAKER_03:That's literally the point. Yeah, so slow down, look at it. You know, you know you've done your tax return, and it shouldn't be that. Just have a think. They're definitely going around, and there's a lot of them.
SPEAKER_00:Yeah, yeah. Well, I'm glad that we touched on that then. Yeah. Um, are there any other scams that you can think of that we should be on the lookout for?
SPEAKER_03:Look, those those are the main ones, and as we've uh spoken through this, we've mentioned uh email, still primary, right? So quite very, very common. Uh SMS, common, uh being being used. Both of them are very, very efficient uh for them to use. Like I said, the SMS ones sometimes a little bit more difficult to spot because it might fall in line with someone that you've spoken to before, whether it's the ATO or someone else. So be wary of that. Um, calls, actual calls we haven't touched on, but it's similar to anything else, where you might get like this robotic type call, right? Just bear in mind that we do have AI doing voice and that, and it's gonna make it start to sound quite realistic. So that could come up as well. So there was a um, there was one a little while ago, uh, you've probably read about it as well, where they're talking about where like a parent would get a call from a uh like their daughter or son going, oh, this is my temporary number, uh, you know, because I've lost my phone, I just need a thousand dollars to, you know, I don't know, whatever it is, right? So that's normally done by SMS, right? Just be aware that that could move over to impersonating the voice so it could sound real. And I think, you know, as a parent myself, if I got a call and it sounded like my daughter, like generally you're not gonna question it.
SPEAKER_01:Yes.
SPEAKER_03:So you're gonna have to keep your wits about you of going, okay, that sounds like but you she wouldn't be asking this of me. That's odd. And uh the general advice for families is to actually come up with a code word that only your family use. So sit down at dinner tonight, come up with a word. If you're ever in trouble and you need to like verify yourself or whatever it is, so it's an out of the ordinary type situation. Use your code word so that verif only you do not discuss it with anyone that's our family secret, etc. And that's it. Yeah. Um, so that is a good one to use and think about.
SPEAKER_01:Yeah.
SPEAKER_03:So if that call comes through, all you would have to do, like, even though you you're pretty sure it's her, right? Or him, you just go, like, this sounds weird. Well, what's the code word? Generally, you're gonna get the hang up at that point.
SPEAKER_00:I mean, that's a really good suggestion. And yeah, when those SMS ones were going around, my mum did get an SMS. She did, and I was actually out to dinner with a friend, so I didn't have my phone on me, but and she tried to ring me and I didn't answer. And then she was like, At least she had the mouse to actually ring my husband and say, I've just had this message, is everything okay? Perfect. And yeah, he said your mum is thinking, yeah, nice. And um, yeah, he said, Oh, she's just out to dinner. No, everything's fine, must be a scam.
SPEAKER_03:But if you want to send the money here.
SPEAKER_00:But yes, I mean I do talk to her about obviously because we talk about it all the time, and you know, she's in her seventies, but she's pretty switched on.
SPEAKER_03:Nice.
SPEAKER_00:But yeah, I always talk to her about those things because you just comes up and it's just it's and especially like you're saying with the voice, yeah. That's even scarier.
SPEAKER_03:It it is scary. I like that, like it's not a lot yet. So I I do worry about where that's gonna go.
SPEAKER_02:Yeah.
SPEAKER_03:And some of the videos that you're seeing now are starting to get so realistic. Like at the moment, you can probably still tell. There's there's bits where you can see uh that's AI, etc. It's gonna get to a point where you're not gonna be able to tell, and then that is a bit scary. Well, even those few examples that you've done and shared on LinkedIn is yeah, pretty they they're definitely out there, and they've got so much better since then as well.
SPEAKER_00:I know because that was actually probably a few months back when you did those.
SPEAKER_03:Well, you've had like what three or four different new models uh come out since then, like uh Sora 2, etc. All really, really good at what they do.
SPEAKER_02:So it's happy. We will see.
SPEAKER_03:We will see. There have been video ones uh that companies have been targeted, but they tend to be the larger ones. Like there's there's some famous stories that go around, uh that and they are true, where um it was I think the CEO of Ferrari uh got got called, I think it was. So I think that was just a phone call, but there's been others where the person came on to a uh like a Teams meeting and it was a f a full AI um system. So it's yeah, okay.
SPEAKER_00:There's all sorts of there's all sorts of avenues for them.
SPEAKER_03:Yeah, and I and I do think that's when they they're targeting those larger organizations because it takes resources, but the problem is as with all technology that becomes cheaper and cheaper and more available, and as it becomes more available, then those scams are gonna increase and target more people. So at the moment, your you know ASX listed bigger companies are gonna get targeted, but eventually everyone's gonna get targeted.
SPEAKER_00:So something to look forward to.
SPEAKER_03:Yay.
SPEAKER_00:So we'll probably wrap it up there. Um, I was just actually going to say though, if you I know we've touched on lots of different scams, if you could maybe share like your top three tips just for keeping on top of it over the festive season.
SPEAKER_03:Yeah, look, the top three tips pretty much don't change, right? It's uh making sure I I think right at the top is uh updating your software, right? So people still don't do it, businesses don't do it, uh, or not properly. So making sure you updating your your PC, your tablet, your phone, whatever it is. So update the software and don't forget to update the applications as well. So those those are uh big ones. Passwords. Like there's no cybersecurity conversation without talking about passwords. Yes, I know they're a pain. Uh maybe this Christmas you should get yourself a password manager.
SPEAKER_00:Give me a present to yourself.
SPEAKER_03:Finally, look, you can get free ones, so it's not even like, but if you want to purchase them, there's you there's some great ones out there. Um password manager. So the idea around this is using uh long, complex passwords. Um, and you're not gonna remember long, complex passwords. So password manager is the way to go. The other thing is password reuse. So don't use the same password on all the different sites. Now, for the the average person, we've got well over 100 that we need to remember. You can't do that, there's no way you can do it. I mean, you might be genius and you could okay. So there's a few, but very few. Use a password manager. So, like my passwords where it allows you, like mine are like 90, 99 characters long as a password. Why? Because I don't need to remember it, right? It's in the password manager. It's like someone goes, like, so what's the password for your, I don't know, Facebook account? It's like, I have no idea. I don't know what it is. It's long and complex, and it's in my password manager, right? However, it doesn't stop there though. The third one is obviously MFA. So multi-factor authentication. Turn it on everywhere. So this doesn't matter if it's uh in individual for personal or it's for business, it's just as critical. So any application that you're using should have MFA on. So uh social accounts get targeted a lot, you know. So whether it's Facebook, Insta, your TikTok account, etc., just bear in mind if they can get access to any of these things, they can use that to then gain more information or scam other people or get your more identity information, and then you're in that identity issue anyway. So update all your software regularly, passwords, don't reuse them, use a password manager. Make sure you've got MFA or pass keys if you can do that, like Google supports pass keys, etc. Get that switched on. Those would be the top three.
SPEAKER_00:Okay, I feel like you want to keep going, but there's lots.
SPEAKER_03:If you just did those three, that'd be amazing. Yeah, yeah.
SPEAKER_00:Yeah, no, well, that's some great advice and good to um point out all those potential scams that could be coming our way and just what to look out for and that sort of thing, so that everyone can hopefully have a safe and stress free Christmas.
SPEAKER_03:That would be awesome.
SPEAKER_00:That would be awesome. Thanks for joining us. Thank you. We'll see you again soon.
SPEAKER_03:Well do.
.png)