Scammers are getting more sophisticated in their attempts to steal people’s private information and move their National Disability Insurance Scheme (NDIS) funding into their own pockets. This can be done using a variety of simple but increasingly common tactics, like a text message, email or phone call from a scammer masquerading as a disability provider.
You have to be careful to keep your funding secure, so we’re here to guide you on some of the most common scams reported.
Scammers use phishing to steal confidential information through fraudulent messages so they can commit a crime.
In phishing attacks, people typically receive a text message, email or phone call claiming to be from their bank, a company, or a person – and they’re usually asked to click a link to transfer funds or provide information, like a credit card number.
If you’re contacted in this way and asked to provide confidential information – like your NDIS participant number – it could be a scam. Be sure to report it to the National Disability Insurance Agency (NDIA) by calling the NDIS Fraud Reporting and Scams Helpline on 1800 650 717 or by emailing [email protected].
A compromised email attack is type of phishing attack that involves a scammer taking over the email account of a business and tricking a person into sending them money or providing confidential information. For example, a scammer may pretend to be a disability provider and send you an email to ask for your myGov password or your NDIS participant number.
When a scammer claims they’re someone they’re not to get hold of confidential information, money or funding, this is known as an impersonation scam.
Scammers are also known to set up fake email addresses that look legitimate but aren’t. Often, they include the name of a well-known company to help to convince a person to share private information.
Another type of cybercrime is email spoofing, which involves a scammer changing an email template to make it look the same as an email from a legitimate sender. They do this so they can get confidential information or money.
When a cybercriminal uses email spoofing to submit fake invoices to a plan manager, this is known as accounting fraud.
When a scammer – claiming to be from a legitimate company – contacts a person and convinces them to hand over control of their electronic devices remotely (by installing malicious software or enabling remote login), that’s known as a remote access scam.
Remote access scams can be initiated via a phone call, email, or text message, or even through pop-up ads that claim the user has a virus and include a phone number to call to fix it.
Remote access scammers gain access to personal information of the person they contact – information like their NDIS participant number, bank account details or credit card number. Often, they try to intimidate the person or use technical words to confuse them and create a sense of urgency.
For more information on scams, click the links below.
If you receive a text message, email or phone call that asks you to share your information, and it’s unexpected or doesn’t look quite right, be sure to stop and think before you do anything.
The NDIA explains how to report suspicious behaviour here. Alternatively, you may wish to contact the NDIS Quality and Safeguards Commission.