Scammers are getting more sophisticated in their attempts to steal your private information and divert National Disability Insurance Scheme (NDIS) payments into their own pockets.
This is done through a variety of tricks and techniques that are common in today’s technology-based world, where fraudulent activity is easily cloaked in a text message, email or phone call claiming to be from an NDIS participant or a legitimate company.
According to the Australian Government, the average cost incurred by a business from a single breach of cybercrime in this country is more than $276,000.
And that’s why getting scam savvy is vital for your business and your cashflow!
In this article, we outline a few of the more common tactics used by scammers today.
Phishing is a type of attack used to steal private information through fraudulent messages to conduct crime. It’s where a person receives a text message, email or phone call claiming to be from their bank or a company or individual asking them to click a link to transfer funds or provide information, like credit card numbers.
If you receive a text message, email or phone call from a person who claims to be a client, vendor or plan manager asking you to provide or confirm private information – like a client’s NDIS participant number – or make a payment, it could be a scam.
If you suspect it is, be sure to report it to the National Disability Insurance Agency (NDIA) by calling the NDIS Fraud Reporting and Scams Helpline on 1800 650 717 or by emailing [email protected].
A compromised email attack is a cybercrime that involves a scammer taking over the email account of a business and tricking a person into sending money or providing confidential information. This is a type of phishing attack that targets individuals, with the goal of stealing money or information.
For example, a vendor your company regularly works with may send you an invoice with updated bank account details – but they may have been hacked and the email may be from a scammer trying to get your payment diverted to their bank account. Or a scammer might hack your email account and email your client’s plan manager to say your banking details have changed, so any outstanding payments are diverted to them.
Note: If My Plan Manager receives an email or phone call requesting to add or change account information, including bank account details, we first send an email to the address we have on file for you, to confirm the request came from you. We don’t ask you to divulge private information in this email.
When a scammer claims they’re someone they’re not to extract private information, money or funding, this is known as an impersonation scam.
Scammers are also known to set up fake email addresses that can look legitimate but aren’t (and they can include the name of a well-known company), to convince a person to divulge information.
Email spoofing is when a scammer modifies an email template to make it appear the same as one from a legitimate sender, so they can extract private information or money.
When a criminal submits fake invoices to a client’s plan manager on their behalf, this is known as accounting fraud.
This is where a scammer contacts a person via a text message, email or phone call, claims to be from a legitimate company, and convinces them to hand over control of their computer or devices remotely by installing malicious software or enabling remote login.
Remote access scams give the scammer access to the target’s personal information, like their NDIS participant or provider number, bank account details or a credit card number.
Frequently, the scammer will use intimidation tactics and technical words to confuse their target and create urgency. Remote access scams can be initiated via a phone call, email or pop-up ads which claim the user has a virus, and they include a phone number to fix it.
If you receive a text message, email or phone call that asks you to share your information – and it’s unexpected or doesn’t look quite right – be sure to stop and think before you do anything.
The NDIA explains how to report suspicious behaviour here. Alternatively, you may wish to contact the NDIS Quality and Safeguards Commission.
You can also find further information on the websites listed below: