News Daily


Men's Weekly

Australia

  • Written by The Conversation

It starts with a call from someone claiming to be your bank. They know your name. They know your bank. They even know your credit card number. There’s been “unusual activity” on your account, they say – and they just sent you a one-time passcode to verify your identity so they can assist.

You read out the code and feel reassured. Moments later, your funds are gone and the bank refuses reimbursement, citing a breach of terms because you voluntarily shared your passcode.

This is not a niche or isolated scam. It’s part of a growing pattern we’re seeing across Australia and beyond: cyber criminals are merging digital and real-world tactics in ways that make these frauds more convincing, harder to stop, and far more damaging.

It starts with stolen data

These scams don’t begin with a phishing email or fake app. They begin with data – your data – stolen in one of countless breaches, such as the latest Qantas incident that exposed the details of up to 5.7 million customers.

Sometimes the personal data has been sold through third-party data brokers. Names, phone numbers, emails, even card details are routinely leaked and traded online.

Once they have this information, scammers get to work. The phone call mimics a real interaction with a bank, perhaps with a spoofed caller ID. Victims are pressured in urgent language to “verify” their identity, often by reading out a one-time passcode that, unbeknownst to them, is authorising a transaction using their own card details.

We refer to this as a “convergence scam” – where online data leaks, psychological manipulation and weak enforcement come together. It’s a sophisticated hybrid of digital theft and physical-world exploitation, and it’s on the rise.

Devastating and personal

These scams are deeply personal and can be financially devastating. But what makes them even more alarming is the system-wide failure surrounding them.

For starters, many credit card fraud insurance policies contain clauses that exclude coverage when the customer “voluntarily” provides account credentials – including one-time passcodes – even if they did so under duress or deception.

One victim we spoke to lost nearly A$6,000 after a scammer posing as their bank prompted them to read out a passcode over the phone. The transaction was verified using that code, and the bank later refused to reimburse the loss.

In a formal response, the bank stated that by voluntarily sharing the one-time passcode, the customer had breached the epayments code, even though they were manipulated into doing so. As a result, the customer was held liable and ineligible for a chargeback.

Law enforcement may not help

Even when the criminals leave a physical trail, follow-up is rare. Law enforcement rarely investigates. In the cases we’ve seen, reports are acknowledged but not pursued. Officers don’t explicitly say the case is too small or not worth the effort, but their inaction suggests it, especially given how resource-intensive most cyber-crime investigations tend to be.

In many instances, particularly when the total loss isn’t deemed significant, victims are simply told to follow up with their bank, based on the assumption they’ll be reimbursed.

In one case we reviewed, stolen card details were used in-store at major Australian retailers such as Woolworths and Coles – indicating that a cloned card had been physically used. These purchases could, in theory, be tracked back to in-store CCTV footage. But no investigation was launched.

This reluctance to act, even when the evidence is tangible, sends a dangerous message: that scammers can operate with near-impunity.

Meanwhile, banks and regulators are slow to update verification systems. One-time passcodes are still widely used, even though scammers now exploit them routinely. There’s little recourse for victims, and minimal accountability for data brokers whose records fuel these scams.

What can we do to protect ourselves?

For individuals, the first line of defence is simple but vital:

  • never share a one-time passcode or security code over the phone, even if the caller seems legitimate
  • if in doubt, hang up and call the bank directly using the number on your card
  • be cautious about where and how you share your personal information, especially online through websites or social media. Only disclose what personally identifiable information you have to.

The true answer is systemic change

Banks and other institutions need to put into place stronger identity verification systems that don’t rely solely on SMS codes. We need greater transparency and regulation of data brokers.

Read more: 70% of Australians don’t feel in control of their data as companies hide behind meaningless privacy terms

Crucially, we also need active enforcement of cyber-enabled fraud, especially when there’s physical evidence, such as in-store purchases and CCTV footage.

Banks should also reassess their policies and procedures on how they communicate with customers. If scam calls closely mimic real ones, it’s time to change the script. More proactive education, clearer warnings, and redesigned verification processes can all help prevent harm.

The real danger of these convergence scams isn’t just financial loss. It’s the erosion of trust: in our banks, in our security systems, and in the institutions meant to protect us.

Once that trust is gone, it’s not easily recovered.

Read more https://theconversation.com/cyber-crime-and-real-world-crime-are-converging-in-a-dangerous-new-way-heres-how-to-stay-safe-260426

When to Escalate a Debt Recovery Matter to Legal Action

Knowing when to transition from informal debt collection efforts to formal legal proceedings is a decision that many creditors find difficult to navigate. Acting too early can damage commercial relationships, while waiting too long can reduce the likelihood of recovery... Read more

Why Slurry Hose Systems Are Essential for Handling Abrasive Industrial Materials

Transporting abrasive mixtures is a common challenge in industries such as mining, dredging, and construction. These mixtures, known as slurry, consist of solid particles suspended in water or other liquids. Moving slurry through pipelines requires specialised equipment that can withstand... Read more

Why Choosing the Right Dental Clinic Matters for Long Term Oral Health

Maintaining good oral health requires regular checkups, preventive care, and professional treatment when needed. Visiting a trusted Dental Clinic plays a vital role in keeping teeth and gums healthy while preventing more serious dental problems in the future. Many people only... Read more

Is Deep Plane Facelift Safe in Thailand?

When you ask whether a deep plane facelift is safe in Thailand, you’re really asking: “Can I get high-quality surgical care with strong safety standards and reliable follow-up while I’m traveling?” That’s a smart question. But the country name alone... Read more

Why Cloud Services Are Now Essential for Business Growth and Security

In today’s fast-moving digital environment, understanding how cloud services support long-term stability has become a priority for businesses across Australia. As expectations shift and workplaces adopt more flexible models, organisations are turning to cloud services to keep systems running smoothly... Read more

Steel Cutting Services: Precision That Shapes Modern Construction

In today’s construction, manufacturing, and fabrication environments, steel cutting services play a vital role in turning raw steel into practical, usable components. From large-scale infrastructure projects to bespoke architectural features, the accuracy and quality of steel cutting directly influence the... Read more