Don’t Click That Link!

Don’t Click That Link! Navigating the Sneaky World of Online Scams

Why I No Longer Trust a Link — Even If It Comes From a Friend

A few years ago, I got a WhatsApp message from a mate I hadn’t spoken to in a while. It said:
“Hey, is this you in this video?” followed by a link.

I almost clicked it. Who wouldn’t? My curiosity kicked in. But something felt off — the message was a little too generic. I called my friend directly. He hadn’t sent it. His account had been compromised, and the link was a trap.

That moment stuck with me. Since then, I’ve become a lot more cautious — and I’ve seen just how clever, manipulative, and emotionally charged cyber scams have become. These aren’t random attacks; they’re psychological ambushes.

Let’s unpack how Australians are being tricked — not hacked — through links, QR codes, and social engineering.

The Rise of Social Engineering: You Are the Target, Not Your Device

Cyber criminals have realised that breaching systems is tough — but breaching people? Much easier.
This is called social engineering — the art of manipulating people into giving up confidential information, clicking on malware links, or even transferring money willingly. And it’s wildly effective because it doesn’t need fancy code or advanced tools. It just needs you to drop your guard for a moment.

How it works:

• Pretend to be someone you trust (a friend, bank, ATO, Telstra).
• Create urgency (“Your account is suspended!”).
• Exploit curiosity or fear (“You have a virus. Click here to clean your device.”).

QR Code Scams: Scan Now, Regret Later

QR codes exploded during COVID — check-ins, menus, payments. But now they’ve become a favourite tool for scammers.

Real Case in Australia:

In Sydney, fake QR code stickers were placed on parking meters. Unsuspecting users scanned them, paid their fees — and sent money straight to a scammer’s wallet.

Elsewhere, Australians have reported receiving invoices via email or post that include QR codes linking to fake payment portals. Once scanned, the code opens a fraudulent site mimicking your bank or BPAY and captures your credentials or redirects your funds.

Why it works:

• People trust QR codes in physical environments.
• QR codes hide URLs — you can’t “read” them.
• Some phones auto-open malicious apps or links without warning.

Tip: Always preview QR code URLs when possible. Use apps like Mobi Armour or Trend Micro QR Scanner to scan before you tap.

Malicious Links: The Oldest Trick in the Book — Still Working

Phishing links are the digital version of a poisoned apple. You see something tempting — a parcel update, a job offer, a funny video — and with one click, malware is installed or your login details are stolen.

Common phishing scenarios in Australia:

• Australia Post scams: “Your parcel is awaiting delivery. Pay $3.50 to release.”
• ATO impersonations: “Your tax refund is ready. Verify your ID here.”
• Telstra/Optus bills: Fake invoices sent as email attachments or clickable links.
• Crypto trading groups: Telegram links to fake investment platforms.

Once clicked, these links can:

• Install spyware or keyloggers.
• Redirect to fake login pages (stealing your credentials).
• Trigger silent downloads of malware payloads.

One personal story:

A family friend of mine clicked a link from what appeared to be her electricity provider. It led to a login page, where she entered her credentials. The next day, her email and MyGov account were compromised — the attackers had everything they needed to reset passwords and even attempt Medicare fraud.

The Phantom Hack: Scare Tactics in a Pop-Up

Ever seen a pop-up saying your computer is infected and you must call this number immediately? That’s phantom hacking — a newer form of social engineering.

Scammers impersonate Microsoft support or “cyber police,” showing fake screens that cause panic. You call, they guide you through steps to “fix” the issue — which really installs remote access software or convinces you to pay for fake antivirus tools.

Classic warning signs:

• Alarming pop-ups with countdown timers.
• Phone calls from “technical support.”
• Demands to install software like AnyDesk or TeamViewer.

Important: Microsoft or any tech company will never cold-call you.

Social Engineering in Action: How Criminals Gain Your Trust

This is where things get next-level.

Criminals often don’t ask for money upfront. Instead, they build trust over weeks or months. One such scam involves a “market prediction expert” who shows fake trades with amazing returns. Once they’ve hooked you, they ask for money to “activate” your account. This isn’t just a scam — it’s emotional manipulation.

Other trust-building scams include:

• Fake online romantic relationships.
• Investment forums on WhatsApp/Telegram.
• Remote work offers that “pay per task.”

You might even get paid small amounts at first. Then, a large payment is requested — and that’s where victims lose thousands.

What You Can Do: Defend Against the Mind Game

Cyber crime is not just about devices — it’s a battle for your attention, emotion, and decisions. Here’s how to stay ahead:

• 💡 Be skeptical by default
  Double-check any message involving urgency, money, or links.
• 📵 Pause before you scan or tap
  Avoid scanning QR codes in public unless verified. Don’t click shortened links unless you trust the sender.
• 🧾 Verify the source
  Contact companies directly via their official websites — not the contact details in suspicious messages.
• 🔒 Use tools that help
  Use link checkers like URLVoid, VirusTotal, or Mobi Armour. Always enable 2FA on key accounts.
• 🤝 Talk about scams
  Educate your family — especially kids and older relatives — about what modern scams look like.

Final Thoughts: Cyber Criminals Don’t Need to Hack You — They Just Need You to Trust Them

If I’ve learned anything from years of working in cyber security, it’s this: humans are the weakest link — and the strongest defence.

The scams we’ve discussed here prey on emotion, not technology. They work because we click first and think later. That’s why cyber safety is not just a technical skill — it’s a life skill.

In the next post, we’ll dive deeper into some of the most distressing scams — like digital arrests, fake loan apps, and extortion tactics — and how they’ve devastated people across Australia.

Until then, stay alert, stay skeptical — and don’t click that link.

📚 References

• Australian Cyber Security Centre. (2024). Think You’ve Been Hacked?. Retrieved from https://www.cyber.gov.au/acsc/report
• Scamwatch (Australian Competition and Consumer Commission). Retrieved from https://www.scamwatch.gov.au
• Trend Micro. (2024). QR Code Scams on the Rise in Australia. Retrieved from https://www.trendmicro.com
• NortonLifeLock. (2024). Cyber Safety Insights Report: Australia Edition. Retrieved from https://au.norton.com

• ← Previous Post
• Next Post →