Budd:e Secondary
Cybersecurity Education Modules

Text-Only Accessibility Version

Go back to media alternative

Select a learning area to read more:

Home - Posting - Malware - Ownership - Privacy - Scams
Sharing - Transacting - Truth - Glossary - Links


What's a scam online?

A scam is a dishonest trick designed to fool you into giving someone your money, passwords, personal details or other valuables. The scammers may do this with a promise or offer of something that isn't real. Scammers love the anonymous nature of the internet so if you are shopping, banking, chatting or playing games online, you really have to be on the lookout for anyone who tries to get you to part with your personal details. You also need to be wary of websites that might not be secure. Dodgy sites and dodgy dealers are not always easy to spot.

How can I avoid scams online?

There are plenty of dodgy sites on the web (and dodgy people who use the web) that will try to scam you in some way. Sometimes these sites will even look dodgy, or have bad spelling mistakes. If a site looks dodgy, it probably is. But some dodgy sites are cleverly designed to look completely 'for real' genuine and legitimate.

Always your best protection online is to think carefully BEFORE you click any link.

NEVER click links in emails (or instant messenger) or open attachments if you don't know the sender or are not expecting the message. Usually these links are just to trick you into clicking. In turn this may install infected software on your computer.

Check the digital certificate to find out the true identity of a site or to know if a site is authentic. Sites with digital certificates have a locked padlock on the top or bottom of the browser window. Click the locked padlock to look at the digital certificate and see if it's valid (up-to-date and hasn't expired). You will know a site is secured (encrypted) if the digital certificate is valid (up-to-date).

It will also help if you activate the filter on your browser. This can stop popups and illegal content. And always turn your internet connection off when you are not online.

What are online auction or shopping scams?

It is possible to buy almost anything over the internet these days. Unfortunately, scammers can use the anonymous nature of the internet to rip off unsuspecting shoppers.

Scammers can pretend to be selling a product—often very cheaply—just so they can steal your credit card or bank account details. Similarly, they may take your money but send you a faulty or worthless product instead—or even nothing at all.

Most online auction sites put a lot of effort into spotting scammers, which is why scammers will often try to get people to make a deal outside the auction site. They may claim that the winner of an auction that you were bidding in has pulled out, and then offer the item for sale to you. Once they have your money, you will never hear from them again and the auction site will not be able to help you.

Another common trick is for an online auction to be rigged by the scammers. If you are selling a product, the scammer can enter a low bid followed by a very high bid under another name. Just before the auction closes, the high bid will be withdrawn and the scammer's low bid will win. If you are buying a product, the scammer can arrange for 'dummy bidders' to boost the price up.

Other online shopping scams involve the sale of a product —such as a miracle cure or weight loss product—that does not live up to its claims. It can be very difficult to get your money back in these situations, especially if the other party is based overseas.

If you buy or sell online, you should also be aware of cheque overpayment scams.

Are there warning signs for a shopping scam?

A product is advertised at a very low price.

The seller and any initial bidders have a very poor rating on an auction site.

The other party wants to complete the sale outside of the auction site (if you do this, you lose any protections that the site operator offer to their users).

The other party insists on immediate payment, or payment by electronic funds transfer or a wire service.

The online shopping website does not provide adequate information about privacy, terms and conditions of use, dispute resolution or contact details.

What should I do if my ID is stolen?

If your ID is stolen, tell your bank ASAP, change your passwords for all your other online accounts (email, social networking sites, chat applications etc), and contact your local police.

You should also report it (and any other scam) to the ACCC, on the 'report a scam' page at SCAMwatch or by calling 1300 795 995.

ID theft or fraud is a serious crime, with serious consequences. That's why you should not share your password with anyone, even best friends.

What if someone logs in as me?

Even using a friend's password and posting in their name (say on Facebook or in Messenger) is wrong. In serious situations where it is done to cause offence or harass a person, this may be treated as a crime.

What is spam?

Spam is the electronic version of junk mail. Most spam is advertising, but some is highly dodgy — like get-rich-quick schemes and other scams. It may ask for your personal details or money either in the email or on a website which the email directs you to. Some spam even contains malware, which can then infect your computer or mobile phone. Spam can be an email, SMS or IM.

Why do I get spam?

If you get spam (junk emails) it means that your email address has been added to a mail list used by spammers.

It's pretty difficult to completely avoid getting spam. Spammers use web spiders or web crawlers - automated programs that browse the web to collect information (like email addresses), or to track the sites that people visit. A web spider or crawler will search for strings with '@' in them.

It's best to disguise your email address online, so it can still be read by people who need to know, but won't be picked up by web crawlers. Try using a form like this:
your.name [at] email [dot] com [dot] au

How does spam get spread?

Spammers send their junk emails around using botnets.

Botnet is a jargon term for a collection of zombie computers—a string of compromised computers that are all attached to the internet. Most will be the home computers of people or families who won't know their computer is being used in this way.

A botnet will be controlled remotely, so you won't necessarily know if your computer has become part of a botnet.

Botnets can also be used to launch a 'denial of service' attack, or even an attack on critical infrastructure.

How can I avoid spam?

Set your email program to filter junk mail—spam and emails from people you don't know. Spam filtering software helps block spam emails that may also have links to web sites with malware, or malware in email attachments.

Don't ever reply to spam emails, or forward them on.

Can I 'unsubscribe' from spam?

It's OK to click 'unsubscribe' if you know the email, SMS or IM comes from a legitimate business, like (for example) if it's a newsletter or promotion where you asked to be on the mailing list.

But otherwise, DON'T EVER click 'unsubscribe'. Clicking 'unsubscribe' only tells the spammer that your email address is a real one. It certainly won't stop the spam from coming.

What is 'phishing'?

A 'phishing' scam is where cyber criminals trick people into giving personal information like passwords, usernames, or credit card numbers.

A 'phishing' scam will have two main stages.

First there will be a 'phishing' or hoax email designed to look like it comes from an official, well known site, like your ISP, bank or a government department. The email will suggest or urge you to click a link in the message that looks like it's for the official site, but actually it will take you to the 'phishing' site.

Next, the 'phishing' website will look like it's the well-known, official site. Somehow the page will require you to enter some information (like your username, password or a credit card number). But if you provide the information, you will be giving it to the scammer.

Remember that your bank, ISP or a government department will NEVER email you and tell you to provide personal details or passwords in an email or online.

What if I use a wireless connection?

If you use a wireless network, make sure you turn on the security and restrict your network access to named users only. You can do this by enabling your WPA2 or WPA. Wi-fi Protected Access (WPA2) is the current standard for wireless network security.

If you don't restrict access, anyone could make use of your wi-fi network (and your download quota) for their own purposes.

Wardriving is when people drive around in a car with a portable computer or PDA, looking for unsecured wi-fi wireless networks. Some people do this to make use of unsecured networks, usually just for free internet access (by stealing your download quota), but sometimes it's to use the network for more serious crimes like trafficking prohibited content.

What does 'social engineering' mean?

Many online scams use a strategy called 'social engineering'.

This means tricking a person into revealing personal information (like their passwords or credit card details), or being tricked into giving access to a computer network. Sometimes this is called 'grooming'.

What should I do if I am scammed?

Depending on the type of scam, you will need to contact your bank as soon as possible.

You will need to change the passwords for all your online accounts (email, social networking sites, chat applications etc), and for your computer.

Also you should report it to SCAMwatch or Cybersmart.

Where can I report a scam?

Scams can be reported online at SCAMwatch

You may also report a scam by calling 1300 795 995.

You can report SMS spam to the ACMA on 0429 999 888, for cost of standard SMS.

Where else can I get help?

It's a really good idea to install the cybersafety Help Button on your computer at home or school.

The Help Button is free, and it's easy to download (just check first with your parents or teacher). The button icon will sit on your desktop or you can place it on the taskbar. Then, you can just double click it if ever you need help or advice about something that's happened online, or you want to report something you've seen that's gross.

You can use the Help Button to find out more about how to report online threats including cyberbullying, nasty or gross content or people behaving badly on social or game sites, or online scams.

Download the Cybersafety Help button

Where can I find out more about scams?

You can find out more about scams and cyber risks by clicking any of these links:




ID theft prevention products