Over Sixty Spring 2022 Digital

4 NEWS ISSUE 2 | 2022 | OVERSIXTY.COM.AU by people over 60 was remote access scams that started with a telephone call. These clients reported a total loss of over $1.88 mil- lion dollars. In many cases, the criminal had remote access to the device for hours, and sometimes even days, while they harvested as much information as possible. They can get into your emails and find where you sent your driver’s licence details in an attachment for a new account. They may get into your social media and lock you out if you don’t have two-factor-authentication set up on your device. They may do a lot of awful things, all while you think you are talking to someone who is protecting your account. Why are remote access scams so successful for cybercriminals? IDCARE prepared a Psychology of Scams KATHY SUNDSTROM, IDCARE NEWS Frompage 1 What is a remote access scam? A remote access scam occurs when you give a cybercriminal control of your device – phone, tablet or computer – via remote access software like TeamViewer or Any- Desk. Once the cybercriminal has access to the device, they can see everything you are doing on the device, including any login de- tails you might use while they are watching. Depending on their level of access, they can look at anything you keep on the device, such as emails, documents, contacts and photos. They can install malware, such as keyloggers, which record each key you press. Criminals target people for remote access scams in dif- ferent ways, from pop-ups on the computer, to phishing emails and texts or direct phone calls. Ultimately the success of the scam de- pends on the criminal being able to convince you to download the software that gives them remote access. While you might be thinking, ‘I would nev- er give a scammer remote access’, remember, no one chooses to be scammed. Yet every day cybercriminals manage to find a way around our best defences. Take one of our clients, let’s call her Shirley, who lives in Central NSW. Shirley is an active 63-year-old How to avoid a remote access scam report in October 2021, which analysed data from over 100,000 victims to understand how cybercriminals deceive people. The main reason for believing the scam was the criminal posing as a trusted source, such as a bank. This is even more successful if you’ve been experiencing issues with that service provider. Cybercriminals also use our emotions by offering an incentive (such as a discount or refund) or using fear (such as disconnecting a service or detecting unusual activities). They will instil a sense of urgency – act now, or you’ll miss out. Shirley was told they needed to protect her bank account as it looked as if it was being hacked. “My Achilles heel was trust,” she recalled. “When they first rang, I asked a lot of ques- tions. I was put on to a ‘supervisor’ who was more practised. He reassured me. For every academic who is extremely careful when it comes to cybersecurity. She has themost up- to-date anti-virus installed on her devices, she never clicks on links, she always chang- es her passwords and never uses the same password across multiple accounts. “I’ve always been super vigilant,” she said. But Shirley lost $33,000 in a remote access scam and had her identity compromised as a result. How did they do it? Like many ID- CARE clients, the criminal caught her in a moment she was distracted. “I was at my daughter’s and they calledme saying they were frommy bank,” Shirley said. The caller mentioned Shirley’s exact bank. This is pretty easy for cybercriminals who send out thousands of calls and texts every minute hoping that they will get someone their message will relate to. They got Shirley. “They got me in a way I hadn’t prepared myself for,” she said. “Because I bankwith the bank they mentioned, I was taken in.” The caller persuaded Shirley to allow ac- cess to her mobile phone to check for “unu- sual online activity”. Once she’d given them this access, they asked her to log in to her bank account to “assist in rectifying the se- curity breach”. The rest was easy for the crim- inal. They knew her passcodes and could transfer money out of her account. Shirley is not alone. Last year, the most common cybercrime reported to IDCARE