Scam Resilience and Cyber Awareness Quiz

Great! Let's see how you go.

Not to worry! This quiz will provide advice about what to look out for.

Excellent!

Good effort.

Sometimes there can be unexpected surprises hidden in these documents. We recommend you read them, in particular to understand how data is collected and used (and for how long).

Reading Terms and Conditions and Privacy Policies is always recommended as it allows you to know exactly what you are signing up for and how your information will be used and stored. It can also confirm if these clauses and obligations are current and accurate for the company.

This is called a high cognitive load. Scammers like to create a stressful scenario that requires immediate action to overwhelm you.

When a person is already busy and stressed, this additional situation can cause them to apply less scrutiny, increasing the chances of becoming more vulnerable.

When faced with this scenario, take a breath, ask someone else for their opinion, and don't act in haste. Pausing can be extremely powerful in preventing scams. 

Any legitimate situation will allow you to walk away and think before making any decisions.

Perfect!

Good effort. If you want to know more about trending scams you can subscribe to IDCARE's newsletter (https://www.idcare.org/contact/newsletter-sign-up-form) and ScamWatch alerts (https://www.scamwatch.gov.au/about-us/news-and-alerts) 

It's good to stay informed. If you want to know more about trending scams you can subscribe to IDCARE's newsletter (https://www.idcare.org/contact/newsletter-sign-up-form) and ScamWatch alerts (https://www.scamwatch.gov.au/about-us/news-and-alerts)  

Keeping up to date with latest scams and cyber threats will help you to recognise a scam for what it is. The online world is ever changing as are the scams and threats. They are becoming more sophisticated and harder to spot.

Talking about what you know and have learnt with your friends and family increases scam awareness and helps break down the stigma around scams.

A common misconception is that if you have Apple devices you can't get infected by malware. Although Apple software may have less vulnerabilities it is not immune to being infected.

Regardless of what type of device you use, you should still implement the same protections and barriers. Ensure your anti-virus software is up to date and use a password manager to manage passwords across your devices and accounts.

Scammers will often target a person to leverage them to gain access to systems rather than trying to hack software. 

Scammers often target individuals.

When people live alone or are by themselves during a scam attempt, they may be more vulnerable because they lack an independent person to check with when something doesn't seem quite right.  

Don't be afraid to disengage or pause if something feels suspicious. Check with a friend, family member or colleague. Verify any requests for personal information or credentials by contacting the organisation you believe you are dealing with via their publicly available contact details (don't use those provided in suspicious messages).

Great job!

We highly recommend using anti-virus, keeping it up-to-date, and having security patching set to automatic.

Keeping devices up-to-date and using anti-virus software is extremely important as it helps prevent viruses and other malware from infecting your device. Most software companies will alert you of software updates, however, ensure you use the official app or website to download and update software. 

Make sure you have your device set up to apply official manufacturer security patches automatically (find out more at https://www.idcare.org/fact-sheets/understanding-patching). 

Protecting your physical devices is just as important as protecting your online identity, and they are often linked.

Make sure your devices are password, PIN, or biometric protected.

Never share your login details with another person.

If you use a shared device, set up different users/personas for each approved user.

Make sure you secure your devices in a locked space when not in your possession.

Never provide remote access to your device unless you are 100% that the person who wants access is legitimate. 

Only download software from legitimate sources and closely scrutinise reviews (are there enough of them? are they all too recent? do they appear suspicious).

Most anti-virus programs will check apps for malicious content before they can infect your device.

Anti-virus software is essential to help protect you from unwanted viruses and malware. It should be installed on all your devices. Ensure anti-virus software is downloaded from legitimate sources as many websites claiming to offer antivirus software could be scams or contain viruses.

A firewalls is a barriers between your devices and the internet. They are often built into your modem and pre-configured to protect you. You shouldn't generally need to alter or turn off the firewalls. If someone is asking you to disable your firewall this is likely a scam and you should pause and rethink engagement. 

Multifactor Authentication (MFA) helps to secure your online accounts from unauthorised access by requiring more information that just a username and password (such as a one-time passcode sent via SMS or a code from a linked app). This means that even if a scammer has gotten access to your login details, they can't get access to you account without your phone or logging into your email. 

Almost every service will offer some sort of MFA that you can enrol in. In most cases you can use the same authentication app for all of your accounts so it is easy to find when you need it. The most commonly used authentications apps are Apple MFA, Microsoft Authenticator, Google Authenticator, and Authy.

For government services accounts, like myGov and linked services, we recommend using MyID (https://www.myid.gov.au/using-myid-mygov). 

Most anti-virus software includes internet browsing protections to help warn and protect you from scams and malware.

Keeping your personal information and data secure is extremely important. Whether it be physical or digital, scammers will attempt to gain as much information about a target as they can. This could involve buying compromised inforamation about you leaked from data breaches, leveraging weak passwords for online accounts, stealing physical documents from your trash or an unlocked letterbox.

It is best practice to secure all avenues of personal information - use strong, unique passwords and MFA for online accounts, securely destroy or dispose of document, and lock away your important information. 

You can also check if your email address has been included in any known data breaches by searching it at https://haveibeenpwned.com/. This is a free service unaffiliated with IDCARE.  

Fantastic!

Good effort. We recommend setting up MFA for all your accounts.

We strongly recommend setting up MFA.

Scammers value social media accounts. If they gain access to your account they can take it over, steal any information about you held in the account, and impersonate you to scam your family or friends. They can also use it to blackmail you or seek a ransom to return control of the account. 

Use MFA to put added protection on your account. Make sure you have a recovery account set up linked to a secure email address (not the one associated with your social media account) and use unique passwords for each.

Be very wary of unexpected account code or money requests from people you know. Always call them directly before actioning any such requests.

 

Scammers operate on legitimate platforms and many are hard to tell apart from genuine sellers. They will often try to get you to communicate on another platform (i.e. email, WhatsApp, etc) so they can be anonymous while trying to scam you. Be wary of requests to move communications away from sales platforms. This is a tell-tale sign they are likely a scammer. 

NEVER share images of your drivers licence, passport, or other identity documents to any personal account selling or buying goods. You should never need to pay for additional shipping or taxes after a purchase. This is likely an add-on to the scam to try get as much money out of you as they can.

Strong awareness!

You may want to reconsider. Neither of these messages is legitimate but both are sophisticatedly designed to trick you. 

Always verify messages by logging onto the secure app or website to access your online account.

Always apply scrutiny and be careful if you recieve a message asking for money. Even though it may apear to come from your friend, origin names can easily be spoofed. Make sure you contact the person through known means to confirm the request is legitimate. Also look out for the terminolgy, spelling, and sentence structure that doesn't read correctly.

Scammers will impersonate official sources such as banks to try get you to click on their links.
Banks will never get you to verify identity or restore your account through text message links. 

Great actions!

Be very wary...

Stop and think twice when receiving strange or out of the ordinary messages, even if they appear to be from friends or family.

Scammers can spoof the sender's details to appear to come from your contact or someone you may know or impersonate someone you may trust. 

Contacting the relevant person via a separate known means will confirm if message is legitimate or not.

Blindly replying, even if you know they are a scammer, will confirm you are a real person and that your number is active which could promote further scamming attempts. Best practice is to ignore and delete.

The correct responses are None.

lt is extremely rare that you would ever receive a call from these organisations at all let alone where they state you owe money, have an arrest warrant outstanding, or have a computer virus. Scammers try to trick you by pretending to be from legitimate organisations and in a position of authority to elicit compliance and gain access to your personal information, accounts or computer.

Don't be afraid to hang up and do your own research through official channels.

Chances of them being an expert hacker is extremely low.

Almost always it will be a scammer that acquired your password through a data breach or previous scamming attempts.

You should logon to your relevant accounts through the official channels to change your passwords.

This method of earning the trust of a victim is a common technique used by romance scammers and those engaged in sextortion schemes.

They pretend to be genuine and often give excuses why they are unable to meet in person.

Once they have enough trust they make their move and ask for money, or intimate material that they could use to extort for money.

It is strongly recommended not to send any money or intimate material to someone you have never met in person, even if you have communicated with them via video chat and believe the person is real.

It may often feel difficult to break contact with someone you've been connecting with, however, it almost certainly is all an act to steal your money rather than any genuine connection.

Great decisions!

Look a little closer.

Scam updates and virus alerts are becoming more sophisticated and can look very much like an authentic notification.

Being aware of the subtle differences and when the notification was triggered helps to highlight whether it could be legitimate or not (i.e., within an internet browser, or after clicking a link).

Do not ever click on the links or ring any tech support numbers from the alert windows - even where they include an 1800 number.

Do your own virus scan using your own virus protection software and if needed call the numbers given on the official application or website.

Holding Alt + F4 (for Windows) or Command Q (for Mac) or restarting the computer may assist if the pop up will not close easily.

Spot on!

Be vary careful.

Phishing emails and fake job opportunities are very prevalant. Spam filters unfortunately don't catch them all. If you think something seems out of place it often is.

Never click on the links in unexpected emails. Always go through the official applications or websites for access and to change passwords.

Always call the official business number for employment opportunities and confirm emails before sending any personal identification documents.

If you believe you have been scammed - please lodge a get help form here: Lodge Get Help Form.

Completion of this survey WILL NOT result in a case being lodged with IDCARE.

Great decision!

Be very cautious.

Scammers and fraudsters will often use celebrities to trick you into believing a story and to click on a link. The promise to make 'big bucks' is almost certain to be a scam. Many links will direct you to platforms that look legitimate but are almost always scams ready to take your money.

Scam websites may also display ASIC records, Australian Financial Services Licences (AFSL) and ABNs, but these can easily be scraped from other websites, and do not necessarily mean the service is legitimate.

Always do your own research and use the 'scam' key word. Only use official platforms if you do invest.

IDCARE is unaware of any 'real' recovery agency that can assist victims of fraud in recovering stolen cryptocurrency.