Skip to main content Skip to log on Skip to search Accessibility at CommBank

Watch what you share on social media

The rise of social media platforms has sent raging torrents of personal information into cyberspace, including where we are on holiday, the names of our pets, the schools our kids go to, what car we drive and our place of work. It’s a treasure trove for scammers. “Cybercriminals use social media platforms to research potential victims,” says the ACSC’s Nick Tamblyn. “Information showing your pattern of life, biographical details, relationships – those are the sorts of things they may be able to use to gain access to your information.” The website cyber.gov.au contains advice about how best to manage social media. As well as what you post, you need to consider what others are posting about you.

Be aware of phishing scams

Phishing scams are when bad actors (who are often, unfortunately, quite good actors) trick you into believing they are legitimate and make a request for urgent payment or for enough personal information that they can help themselves to your funds.

More than $2.9 million was lost in Australia to phishing scams in January alone, with more than 62 per cent delivered via text message. These phishing statistics, updated monthly, reflect data from reports to the Australian Competition and Consumer Commission (ACCC). The real numbers are likely to be a lot higher because people are often embarrassed to tell an agency when they’ve been scammed.

The ACCC’s ScamWatch is a great place to educate yourself on the many kinds of evil role-playing that sting Australians for millions each month.

“We are frequently required to hand over information digitally to service providers to confirm our identity and this process is exploited by scammers,” says CommBank’s James Roberts. “Our advice is stop, check, reject. If the text or call seems off, stop and take a breath. Real organisations won’t put you under pressure to act instantly. Check by contacting the organisation yourself or asking someone you trust to do it for you. Reject by hanging up, deleting the email and blocking the phone number.”

Download The Little Black Book of Scams, a free guide from the ACCC, to learn about how phishers try to trick you. It details the multitude of scams in operation out there. Some of these are quick muggings for money, while others are much more insidious and can result in a case of identity theft that takes years to untangle.

Know when you’ve been hacked – and act fast

If you’re active online, you’ll have received emails from companies advising of a data breach, as long as it’s an organisation operating in a jurisdiction with a notifiable data breach scheme, such as Australia. Many of us also interact with websites based offshore so we’ll never know unless we jump onto a service such as haveibeenpwned.com, where you can search using your email address and phone number to find out if they’ve been compromised. That knowledge is meaningless unless you act. “Change any compromised passwords across all accounts,” says Roberts. “If you no longer use an account where a password has been involved in a breach, you should still change the password and deactivate or delete the account.”

If you’re worried you’ve been hacked, take the two-minute Have You Been Hacked survey on the ACSC website for solid advice on next steps.

“Cybercriminals use social media platforms to research potential victims.”

Hire an identity protection service

Even if your cyber-hygiene is squeaky clean, you may be caught up in a data breach that is outside your control. “There are various services that can monitor for personal information in data breaches,” says Tamblyn. “These services can provide users with an early warning of potential identity theft. Whether such a service is value for money is up to the individual.”

If you’re the type of person who takes out insurance in the hope you’ll never need it, it’s worth researching identity protection vendors. Some can spare you the damage to your credit score that can result from identity theft, such as when additional credit cards or loans have been obtained in your name. “Services such as SavvyShield can place a temporary ban on your Credit Report to protect it from fraudulent activity and provide another level of protection,” says Roberts.

Don’t do nothing

Millions of Australians were caught up in the 2022 Optus and Medibank data breaches. If that’s you and you’re just crossing your fingers it will be OK, uncross them and get on to it.

“If I thought that my data had been compromised, I’d contact the organisation with specific questions,” says Tamblyn. “They will be working with other organisations and may be able to provide some advice tailored to my situation. I’d also improve my cyber-hygiene – utilising long passphrases, enabling multi-factor authentication – and monitoring my accounts for suspicious activity. Be alert for phishing scams because if your contact information has been part of that breach, the likelihood of being targeted may increase.”

Tamblyn recommends idcare.org, a not-for-profit set up to support Australians and New Zealanders confronting identity theft. Funded by multiple organisations, it’s free to access (if you’re asked to pay, it’s a scam). “They have a website and a 1-800 number and offer specialised help.” 

Get extra protection for your personal data

CommBank has introduced several initiatives to help protect customers from scams.

Making a payment to someone for the first time using NetBank, CommBiz or the CommBank app? NameCheck applies algorithms to check the recipient’s account name. If it doesn’t seem quite right, NameCheck prompts the customer to check it again, helping prevent scams – and our own typing accidents.

Another helpful CommBank tool is CallerCheck. This allows CommBank staff to trigger a notification to a customer’s CommBank app for extra peace of mind. “If you ever feel concerned about whether the person you’re speaking to is a real CommBank staffer, the CallerCheck feature in the CommBank app verifies your caller’s identity,” says CommBank’s James Roberts. “Regardless of whether the caller has been identified, we will never ask you to transfer funds, share your screen or reveal your passwords.”

Want more tips on how to stay safe?

Visit CommBank Safe

This article was originally published in Brighter magazine

Things you should know

This article provides general information of an educational nature only. It does not have regard to the financial situation or needs of any reader and must not be relied upon as personal financial product advice. The views expressed by contributors are their own and don’t necessarily reflect the views of CBA. As the information has been provided without considering your objectives, financial situation or needs, you should, before acting on this information, consider the relevant Product Disclosure Statement and Terms and Conditions, and whether the product is appropriate to your circumstances. You should also consider whether seeking independent professional legal, tax and financial advice is necessary. Every effort has been taken to ensure the information was correct as at the time of printing but it may be subject to change. No part of the editorial contents may be reproduced or copied in any form without the prior permission and acknowledgement of CBA.

For more information about the available products and services mentioned in this publication – including Product Disclosure Statements, Terms and Conditions, Target Market Determinations and Financial Services Guides that are currently available electronically – as well as information about interest rates and any fees and charges that may apply, go to commbank.com.au.