Why Australians are the wealthiest people on Earth

The following is a link to Troy Gunasekera's weekly blog, highlighting property as the chief reason why Australians are the richest in the World according to Credit Suisse.  

For many people, the idea of investing for their future seems to be foreign as they struggle week to week to pay their bills and put food on the table.  For many of these people, a simple talk with The Property Club could help them see that investing is not just for high net worth individuals and family trusts, but can be done by average people as well. 

The idea of compound interest is appealing, when we first hear about it at school, but it seems that the average person does not equate this with building a property portfolio that can help with their retirement.  Given the way current governments are attacking pensions and retirement benefits, it is important that we look to other ways of building our assets to help us when we retire.  At least with a property portfolio, it gives you options when you retire, either sell it all and live off a managed fund, or hang onto some of them as an appreciating asset.  The thing to remember with property is that it is not a get rich quick scheme

I Received This Email and Was Instantly Suspicious.

I recently received the above email and was instantly suspicious. Why , you ask? 

Because I am based in Australia and have never flown with United nor am I likely to in the near future. 

The above is an example of a phishing scam that is mis-targetted.  Unfortunately there are many people who are sucked in by these seemingly authentic emails and end up losing lots of money.  The danger comes when we become complacent about our communications and assume that all of them are authentic.  Anyone who has had the “pleasure” of being on an unfiltered mailbox will quickly recognise the danger in this (how many times do you need to receive an invitation to view the photos of someone you don’t know or to purchase Viagra®)

What is phishing?

Phishing is a form of social engineering (manipulation of people using psychology and deception), by using emails and websites that look exactly like the real thing (eg banks, airlines, Apple, Microsoft, charities, etc) to get you to open a file or website.  Many have links that look like they should be correct, but have underlying links to malware or sites that attempt to get your bank details. 

Malware can range from the inconvenience of a virus to keyloggers and remote control applications (often used to turn your machine into a “zombie” as part of a large botnet).  The nasty viruses that are coming out now are the cryptoviruses that encrypt your files and demand a payment before you are given the key.  Many times the only solution is to rebuild your computer and lose any work saved locally, because even if you pay them, there is no guarantee that the villains can or will send you the decryption key.  These are the best encouragement for offline backup that I have seen.

A couple of recent phishing scams that I have seen are of the form “you have made a purchase, please confirm your credit card details”.  One was from Apple and had all the correct logos and the link in the email appeared to be correct.  However it did not open the iTunes website but a very clever copy, asking for the credit card details to be entered. 

Another was the above email from an airline saying that I had made a booking and my credit card had been debited a sum of money.  A link was provided to cancel the booking, which no doubt would have requested credit card information to “confirm” the refund.

How will this affect me?

If you fall for these scams you can expect that your credit card account will be run up to the maximum limit (or beyond, many times the charges are not rejected because they are done through foreign banks).  This can be extremely inconvenient if the bank takes a hard line on credit card misuse.  It can also affect your credit rating making it difficult to obtain loans or finance.  You can also lose control of your login for a site (eg banking or other sites) resulting in identity theft. All of these are extremely inconvenient and, in the case of business accounts, devastating.

What do I need to do?

Be wary of any email or communication (Facebook and social messaging sites are also being used as vectors now) that is unexpected.  Banks will not send you an email saying that you have to click a link to reset your password or confirm your credit card details (they may send you an email to let you know that they have reset your password containing the new password).  If the email address is from a domain other than that belonging to the company, this is an instant “red Flag” ie professional companies do not send emails from gmail, hotmail, yahoo etc.

Generally if you have any suspicions about an email, investigate the links to make sure they are not redirecting you.  This can be done in Outlook by right clicking in the text field and selecting the option to “view Source”.  This will bring up the source code in notepad.

As you can see below, the actual link (Href highlighted in yellow) to which you are being sent is different to the link being displayed (outlined in red) which is a sure sign that the email is bogus. The href link below is a compromised server that the scammers are using to host a replica of the United site so that it appears to be legitimate.

If you attempt to open the above links in Chrome, you will be prevented by the built in phishing filter.   Most other browsers may also have these filters, but relying on any of these alone to keep you safe at all times is like assuming that all cars can be stopped by a red light. Better to recognise what could be a phishing scam email or message and investigating until you are sure.

Also if you receive unexpected emails with .zip attachments then it is likely that these are malware (Eg the “Emily” emails we were bombarded with). Simplest option in these cases is to delete the email.

If you think you may have clicked on one of these links or opened a malware then you need to run an antivirus scan and an anti-malware scan.  Make sure you have the latest signatures for your antivirus software. The anti-malware scan can be done after installing malwarebytes  http://www.malwarebytes.org/ which has a free version available. 

Keep an eye on your credit card statements for bogus entries (most online sites will let you know who the billing will appear from on your statement).  Many smaller companies bill through a larger entity so may not appear on your statement under their own name. However they will usually let you know if this is the case at the checkout, so that you do not cancel the transaction later on.

Many times if you have inadvertently given your credit card details out, it is better to call the bank and inform them as soon as possible. For most banks, from that point on, any losses are the responsibility of the bank (check with your bank on this as different banks have different rules and regulations regarding credit card liability). 

If you accidentally enter your username and password into a bogus website, go to the legitimate site (enter the website address manually in your browser address bar) and change your login details as soon as possible.

Unfortunately in this world, there is always someone trying to scam other people and the Internet just makes it easier for the crooks to scam more people.  By exercising a bit of care when dealing with unexpected communications, you can save yourself a lot of grief.

Cheers for now

Hazmoid