23 October 2024

Scam alert! Watch out for this rental scam targeting students

Update for 22 October 2024:

There have been recent reports of university students being taken advantage of by rental scammers.

Finding a place to rent can be stressful during the best of times and the current rental market crisis can make it even more difficult. Scammers will exploit these points of anxiety to try and push you into making decisions without full consideration.

Scammers can advertise properties on well-known property websites. When you express interest, they may say they are overseas or interstate and that you must conduct transactions online. Or they may even show you through a real property when they have no right to rent it to you.

They can provide photos, real addresses of properties, land title deeds and even scans of stolen passports to make themselves appear more genuine.

The scammers will try to steal your money by asking for a month’s bond and rent to secure the property, before disappearing leaving you with your money gone and without the place to rent.

They may also ask for personal details, such as bank and credit card numbers and driver’s licence details which they can use for credit card and identity fraud.

How to better protect yourself:

• If you can, verify the identity of the person you are dealing with. For example, if they are claiming to work for an established estate agency, independently find the details for and contact the agency and confirm they are actually their representative.
• Do an internet search with the images from the advertising, to make sure they haven’t been copied from another site. You can use image search websites such as Google image search or TinEye.
• Be wary of anything that seems off about the situation—such as them making excuses why you can’t view the property in person.
• Avoid paying through money transfer services or making direct payments into a bank account, these methods can be less secure than using BPAY.
• If you are paying a bond for a Victorian property, it’s best to pay using a money order or bank cheque made out to the Residential Tenancy Bond Authority (RTBA).
• As always, if something seems too good to be true, it probably is.

Find out more on the Consumer Affairs Victoria Rental scam webpage.

Where you can get help

• If you have provided any money or think the scammer has your bank account details, contact your bank immediately.
• If it’s an emergency or you are concerned for your safety, contact the police immediately by calling 000.
• To report a crime that is not an emergency, phone 131 444.
• If you think you’ve encountered this scam, report it immediately to Australian Cyber Security Centre (ACSC) and ScamWatch. You can also contact Deakin’s cyber security team.
• IDCARE can assist you if you experience scams and fraudulent activity. They can be contacted on 1800 595 160.
• Being scammed is a horrible experience, and it can happen to anyone. If you need someone to talk to, reach out to family and friends, or contact Lifeline (13 11 14) or Beyond Blue (1300 22 4636).
• Warn your friends, family and fellow students about these scams.

There are no consequences for reporting a potential scam – it is always better to be safe than sorry.

Some resources on scams

For more information on spotting a scam, visit the cyber security blog.

Stay up to date with the latest known online scams by bookmarking and regularly visiting Deakin’s Online safety and security webpage. You can also find more information about common scams targeting students via Study Melbourne’s website. You can also follow @scamwatch_gov on Twitter and subscribe to ScamWatch radar alerts.

The ACCC’s Little Black Book of Scams is also a handy tool for recognising scams – it is available in various languages including Simplified Chinese on the ACCC.

Update for 10 September 2024:

Your phone may be small, but it contains your whole world. Our mobile phones become an integral part of our daily lives, they also become prime targets for thieves, especially when left unlocked.

This is particularly common when traveling or in public places like cafes, libraries, and parks. Thieves often use distraction techniques, such as placing a paper or napkin over your bag and tapping the item to keep the device underneath unlocked, making it easier to steal.

If stolen, not only may you have lost your phone, but thieves could gain access to your private details, accounts and contacts.

How to Protect Yourself

To safeguard your mobile phone from theft, follow these essential tips:

• Keep your phone close: Always keep your phone within sight and reach. Avoid leaving it unattended on tables or other surfaces.
• Be mindful in public: Refrain from using your phone in public places where you might get distracted, such as busy streets or public transportation. Be cautious of these high theft areas, as thieves often target individuals who are absorbed in their devices.
• Lock your phone: Use a PIN, Face ID, or fingerprint to lock your phone. This adds an extra layer of security, making it harder for thieves to access your personal information.
• Enable stolen device protections: Make sure features like Find My iPhone (iOS) or Find My Device (Android) are turned on. These tools can help you locate your phone if it gets stolen and remotely lock or erase it to protect your data.
• Use anti-theft accessories: Consider using phone cases with built-in security features such as straps or lanyards, or carrying your phone in a secure, zippered bag to reduce the risk of it being snatched.
• Document your phone’s information: Keep a record of your phone’s make, model and IMEI number, as having this information is vital when filing a police report or insurance claim if your phone is stolen.

What to Do If Your Phone is Stolen

• Change important passwords: Log in to critical accounts, such as email, social media, and banking apps, from another device and change your passwords to prevent unauthorised access.
• Report Theft to Local Authorities: File a police report with your phone’s make, model and IMEI number. This is important for recovery and insurance claims.
• Contact Your Service Provider: Immediately notify your mobile carrier to deactivate your SIM card and potentially block your phone’s IMEI to prevent its use.
• Advise Your Financial Institution: Notify the respective institution that you have been involved in an act of theft and request to lock your credit or debit cards.
• Track and Wipe Your Phone: Use tracking apps like Find My iPhone or Find My Device. If recovery is not possible, remotely wipe your phone to protect your data.
• Alert Your Contacts: Let your contacts know your phone was stolen to prevent impersonation scams.

Top tip: If you are an Apple customer, check out their Personal Safety Guide.

Support and Resources

If your identity has been compromised after your phone was stolen, these resources can help you recover and protect yourself:

• Report and Recover – Cyber.gov.au: The Australian Cyber Security Centre offers a portal for reporting cyber incidents and accessing necessary recovery resources.
• Get Help – IDCARE: IDCARE is Australia and New Zealand’s national Identity and cyber support service. The organisation assists with cyber security concerns including Identity theft. Providing practical and behavioural support to individuals.
• Share a story – ScamWatch: An organisation run by the National Anti-Scam-Centre raises awareness on trending scams. They work with government and law enforcement, to prevent frauds from occurring.
• Cyber Security incidents can be times of worry and concern. If you need someone to talk to, reach out to family and friends, or contact Lifeline (13 11 14) or Beyond Blue (1300 22 4636).

Update for 6 August 2024:

Be on the lookout! We have reports of multiple scams targeting people at the moment, trying to steal your personal details and money.

Please read through this blog and remain cautious to best protect yourself from these scams.

CrowdStrike/Microsoft outage scams

You may have heard of—or been impacted by—the recent CrowdStrike/Microsoft outage, that caused widespread problems for people and organisations. The National Anti-Scam Centre is warning people to be wary of scammers offering to fix or provide protection from the outage. Downloading unsolicited software can give scammers access to your computer or device, including your bank accounts and other financial or personal information.

You should also be alert for anyone claiming to be from a financial institute or business saying you need to update or verify your personal information as a result of the outage.

Cybercriminals will try to take advantage of these kinds of major outages or incidents to create a sense of urgency to pressure you into acting without thinking.

How to better protect yourself

• Don’t be rushed into downloading software or providing your personal or financial details to anyone.
• If you have been contacted by someone you suspect is trying to scam you, do not respond, do not click any links or download any software they send you and do not provide any personal or financial details to them. 
• Verify that anyone who has contacted you is actually who they say they are independently. Even if they claim to be from a real organisation relevant to you, contact them through their official channels to confirm the communication is actually from them and not an impersonator.

Where you can get help

• If you have provided any money or think the scammer has your bank account details, contact your bank immediately.
• If it’s an emergency or you are concerned for your safety, contact the police immediately by calling 000.
• To report a crime that is not an emergency, phone 131 444.
• If you receive a call or message of this nature, report it immediately to Australian Cyber Security Centre (ACSC) and ScamWatch. You can also contact Deakin’s cybersecurity team.
• IDCARE can assist you if you experience scams and fraudulent activity. They can be contacted on 1800 595 160.
• Warn your friends, family and fellow students about these scams.

There are no consequences for reporting a potential scam – it is always better to be safe than sorry.

Some resources on scams

Keep reporting those suspicious emails and continue to stay vigilant for scams! For more information on spotting a scam, visit the cyber security blog.

Stay up to date with the latest known online scams by bookmarking and regularly visiting Deakin’s Online safety and security webpage. You can also find more information about common scams targeting students via Study Melbourne’s website. You can also follow @scamwatch_gov on Twitter and subscribe to ScamWatch radar alerts.

The ACCC’s Little Black Book of Scams is also a handy tool for recognising scams – it is available in various languages including Simplified Chinese on the ACCC.

Update for 21 June 2024:

PTV myki scam

Have you registered your myki card? If not and a scammer realises that a card is unregistered, they can register the number printed on your card to themselves and falsely claim a refund on any money you’ve loaded onto it.

Registering your myki cards to yourself, as soon as you can and whenever you get a new one, appears to prevent this loophole from being exploited.

If you suspect your myki has been compromised, contact Public Transport Victoria by calling 1800 800 007.

ATO impersonation scam

The ATO are warning there have been many reports of scammers impersonating government agencies.

Scammers have sent out ATO branded emails containing links to fake myGov websites which will steal your sign in credentials. Once they have access, they’ll then change your account bank details to their own and make fraudulent lodgements so that any payments will go to them.

Always be wary of emails, phone calls, text messages, or interactions on social media claiming to be from the Australian Taxation Office (ATO).

If you are suspicious, do not engage with them and instead

• Contact the ATO directly
• Visit the ATO verify or report a scam webpage

You can see a list of current scams on the ATO scam alerts page and subscribe to their general email updates.

Microsoft sign-on page impersonation phishing

Please also stay alert for phishing emails which then link to fake Microsoft sign-on pages.

Scammers have hosted pages that show a fake Microsoft OneDrive document preview and link to a phishing URL that will steal your credentials.

These credentials can then be used to read your stored emails and documents for information and details that can be further exploited.

Tips to stay safe

• Verify emails – Always double-check the sender’s email address, especially if the message seems unexpected or requests sensitive information. Often, cybercriminals will create ‘spoof’ links (or ‘domains’) by changing up the address slightly – for example, Deakin email addresses end in @deakin.edu.au, a sender address that’s not legitimate when you hover over it might read @deakin.org.au.
• Inspect links and attachments – Be cautious of links in emails or messages that take you to login pages. Before clicking on any links or downloading attachments, hover over them to preview the URL. If in doubt, verify with the supposed sender through a trusted means.
• Use the Phish Alert button in Outlook. Report any suspicious emails to Digital Services so that they assess the material and take the necessary steps to protect you and Deakin.

For further information and guidance, please refer to Microsoft’s official blog post on this scam: Detecting and mitigating a multi-stage AiTM phishing and BEC campaign | Microsoft Security Blog

Other current scams to watch out for 

Please also keep an eye out for these common scams going around at the moment.

Authority and virtual kidnapping scams targeting Chinese international students

The Victoria Police Financial Crimes Squad has put out a warning that international students, especially those from China, have been the target of scammers impersonating Chinese officials, police officers or courier services.

The scammers claim that your phone or identity have been used in a crime and will threaten legal consequences unless you make a payment to them.

They can use elaborate methods including calls from multiple people, video calls and appearing to be calling from an official phone number to seem more convincing.

Fee payment scam

We have received reports that Deakin University students are being targeted by a fee payment scam. These scams are designed to take your money in a dishonest way, leaving your university fees unpaid.

The scammers will call, email, message or otherwise contact you, claiming to be associated with a financial institution. They will offer to give you a discount if you pay your student tuition fees through them, rather than paying the university directly.

The scammer may even appear to pay an amount towards your tuition to make the offer appear more genuine, but if you give them your money, they will reverse this initial payment, taking your money and leaving your university fees unpaid.

You should never pay your fees to a third party or agent. Only ever pay your fees through the valid payment options listen on your invoice.

Remember, if something sounds too good to be true, it’s probably a scam.

Fake social media groups

We’ve been alerted that there are a number of social media groups and pages that may be falsely presenting themselves as though they were officially supported by Deakin. Some of these groups may be trying to promote non-Deakin events or even contract cheating, so remain vigilant.

You can find the official social media channels of Deakin listed on our Stay Connected webpage. If you are invited to or come across a page or group not included here, then be wary.

Contract cheating scams

You may come across or be contacted by services offering to complete your assessments for you in exchange for money or for uploading your previous assessments.

Not only is taking up their offer of these services a breach of academic integrity and can put your studies at risk, but you may open yourself up to the threat of blackmail.