You hear a rumour about a new payment that you might be eligible for.
Perhaps you saw a friend posting about it on social media, or saw someone talking about it in the comments section.
So you do what any reasonable person would do — use an online search engine to see if there is any information about this supposed payment.
And the first result that comes up is a website that looks like a news article explaining all the details about it.
It seems legitimate, but it could be a scam.
And along with creating confusion, these dodgy “news” sites could end up with vulnerable people losing money.
How do these scams work?
To unpack this, we’re going to use a rumour about a supposed Centrelink payment of $600 due in December as an example.
It’s unclear where this rumour started, but we were able to see it coming up as a trending search term on Google.
And that’s not something we need special ABC tools to do, it’s all publicly available via something called Google Trends.
When something is “trending”, it just means a bunch of people are googling similar things at that time — a good example of this is how we sometimes see “how to call in sick” trending on a Monday morning.
We could see that “Centrelink payment dates” was trending and looked into it.
The only thing we could see coming up was that there had been a Centrelink payment paid out earlier this year — it was called the Carer Supplement and it was for $600.
We checked with Services Australia, which confirmed there were no new payments happening in December.
But when we did a Google search for “Centrelink $600 payment” last week, here’s what we saw:
The dodgy website came up as the first option on the Google search results page under the AI-generated answer. (ABC News)
Google’s new AI Overview feature had come up with a spiel about the possible payments that could match this.
And while the explanation — generated by artificial intelligence (AI) — didn’t say the Carer Supplement was being paid out in December, the first website Google presented under this explanation did.
When we clicked on the link, it took us what looked like a news article explaining everything about these supposed payments.
The website claims payments are coming for some Centrelink recipients, but this is false. (ABC News)
According to the article, the supposed payments were due to be paid out by December 20 at the latest.
But that’s false.
We when we checked it with the team at Services Australia, they told us all this information was incorrect.
“These payments don’t exist,” Services Australia general manager Hank Jongen said.
“Services Australia has made no announcements of additional payments in 2024.”
A spokesperson told us the website was very similar to scam websites they’d warned about in the past.
How is it a scam?
It’s just a fake news article, so you might be wondering how it could be a scam — or what’s in it for scammers.
Well, there are two major ways scammers can benefit from it.
The first is what’s known as a “click farm” and the second is via phishing — something we’ll get into further down.
Click farms
The idea of these scam sites is to get so many people looking at them that the creators can make money from displaying advertisements on it, University of Melbourne cyber security lecturer Shaanan Cohney says.
“They’re designed primarily to attract dollars by people who visit expecting high-quality information clicking through ads,” Dr Cohney says.
“The advertisers are none the wiser to these low-quality clicks.”
And that might sound like a victim-less enterprise but there are some real-world impacts to this.
Not only do these sites spread misinformation and create confusion, they also make vulnerable people more susceptible to scams.
“Their main purpose is likely gaining advertising revenue through website traffic, rather than phishing for personal information,” Mr Jongen says.
“However people should not give out their personal information, including myGov sign-in details.”
Data mining and social engineering
When we showed the website to University of Melbourne senior research fellow in communication and information systems Jongkil Jay Jeong, he was confident scammers were looking to get people’s information.
Dr Jongkil points to this email sign-up form as an example:
Click farm websites may try to entice users to sign up for newsletters as a way of getting their email address. (ABC News)
“That’s a method to farm personal information data for potential victims,” he says.
But let’s say a user just enters their email address or contact number: how could that end up losing them money?
It gives scammers fodder for what’s called “social engineering”.
That’s when they use information they’ve gathered about a person to make their scamming attempts more believable.
What do they do with this information?
So let’s say scammers know a victim is aware of a potential Centrelink payment and wants to know more about it.
Once they have that victim’s contact details, they can use this to their advantage — especially if a bit of time has passed and the person has forgotten they’ve given out their email or phone number.
“Five days later [a victim might] get a call from someone [claiming to be] from Centrelink saying, ‘we’d love to help you out, give me your Centrelink reference number and access to your MyGov account so I can help with you with your application’,” Dr Jongkil says.
Because a victim was already aware of the possibility of a payment, they might be less likely to question this.
Especially if the person contacting them seems legitimate — whether that be because of the language they’re using on the phone or the letterheads they’re using in an email.
And before the target has a chance to question it, they’ve unwittingly handed over a skerrick of personal information that scammers can use to their advantage.
So maybe a scammer might not have a victim’s bank account details, they may be able to get into their myGov account.
“The scammer can try to change the person’s bank details and steal their payments, claim additional payments or obtain more of their information,” Mr Jongen says.
“Depending on the amount of information they have about someone, they can then claim government payments in their name and steal payments they’re meant to get.”
Cyber criminals can piece together seemingly unimportant bits of you information to make their scams more believable. (ABC News: Danielle Bonica)
How do these websites attract audiences?
The creators use search engine optimisation (SEO) tactics to make sure their site is among the first websites displayed when people Google something.
These are the same tactics legitimate news organisations use to help their articles appear when someone searches for information relating to that story.
So they use a lot of words in their headlines, subheads and the body of their text that match the words people will be typing into their search bars.
And when people are trying to find out about something using a search engine, they type in a few of the key words they remember about the thing they’re searching for.
In the case of a dodgy payments website, those key points may be the dollar figure they’ve heard of, the agency making the payment and something about money.
And when you look at the site, you’ll see “Centrelink”, “cash” and “$600” feature in the headings:
The website’s creators made sure their headings featured words people would use when searching for information about these non-existent payments. (ABC News)
Search engines know that dodgy sites try to game the system to make their websites rank highly, so they’re regularly updating their algorithms to try to filter them out.
We asked Google why the suspect site came up as the first option last week.
By the time the company got back to us, the website was no longer appearing on the search results page for “$600 Centrelink payment”.
What can be done about these websites?
“The best thing that Google can do is try to de-rank these websites and, in some cases, de-list them,” Dr Cohney says.
He says another option is to put up pop-up warnings for users, letting them know the site could be malicious.
Search engines such as Google are regularly making updates to make it harder for bad actors to game the system and typically are quite secretive about this.
It’s like a game of cat and mouse and AI is speeding it all up, Dr Cohney says.
“When Google makes changes to its algorithm, it’s as little as a number of days before the various clicks farms cotton on,” he says.
And it’s not just the internet giants that are grappling with this.
“Services Australia is limited in the actions we can take to remove these websites,” Mr Jongen says.
“They’re easy for scammers to create and can be written by AI.
“The best thing people can do to protect themselves from this misinformation is to ignore the clickbait headlines.”
What are the red flags to watch out for?
Unrealistic promises
Question whether what you’re reading about is likely, or even possible.
This isn’t just about government payments, but things like investing schemes or money-making shortcuts.
“If it’s too good to be true, it probably is,” Dr Jongkil says.
Generic content
Look out for “low-quality AI dribble”, Dr Cohney says.
Again, this might just be a bunch of keywords strung together to make it look like it’s useful information.
So do a sense check of what’s in the story you’re reading.
Heaps of ads
If it seems like there’s too many ads, that could be a sign the website is dodgy.
Also pay attention to the quality of the ads, Dr Cohney says.
“The dark ad networks will show ads for adult content or ads that might be blocked [on reputable news sites],” he says.
Cross-check with official sources
If a government agency is giving out payments, that’s not something they’ll be keeping a secret.
So go straight to the source to find out more information.
You can look at the Servcies Australia website or its official social media accounts, or check out my.gov.au.
And remember, if a website URL doesn’t end in .gov.au, then it isn’t an official government website.
Don’t assume the first website is best
Just because a link comes up first on a search results page, it doesn’t mean it’s the most reliable one.
“Five or 10 years ago, when we saw something ranked number one, that would instantly give you credibility,” Dr Jongkil says.
“No longer does it guarantee that.”
Scammers can use your personal information to convincingly impersonate Services Australia employees. (Giulio Saggin: ABC News)
Shifting the blame
Dr Jongkil says it’s important not to blame victims for being caught up in these scams.
“These are carefully curated to entice people who are at their most vulnerable … the onus on you,” he says.
“But who was it that digitised all our services?
“Rather than going to a Centrelink branch, we have to do everything online.
“Where’s that shift of blame?”
Loading…
If you’re unable to load the form, click here.
