Scam watch

In addition to our online security measures and card monitoring program where we check transactions for unusual or out of the ordinary activity , we also recommend that you read the useful information below about scams so you are better informed and able to protect yourself online.

Remember, if it looks too good to be true, it probably is.

To report a scam, you should let us know and contact the government’s specialised team at SCAMwatch

Watch out for financial scams

Scams targeting consumers are on the rise and fraudsters become increasingly smarter, promising big rewards and easy ways to make money fast. Victims are not just the naïve, but are often caught unaware, convinced by those saying they represent their banker or the government.

Remember never to be fooled into:

  • over the phone or via email
  • disclosing personal details, such as your name or date of birth;
  • disclosing your banking details such as your visa card number , CVV (number on back of card),PIN, or
  • disclosing other information such as your tax file or licence numbers
  • replying to any unsolicited emails claiming to be from the ATO or your bank
  • replying or opening any attachments from unsolicited emails.

For more information about scams, visit MoneySmart or SCAMwatch.

Common scams

Vishing

Vishing targets your member secure details by telephone. Vishing is similar to Phishing with the difference being the technology such as automated call dialling and VoIP (Voice Over Internet Protocol) used to target account holders and steal information.

Scam #1 - 'compromised credit card account'

In this email scam, the scammer asks members to call a phone number or click on a link due to a compromised credit card account. The email might claim to be from a credit union, bank or other financial institution and will read something like this:

‘Due to unusual levels of fraud we have had to suspend any future authorisations being conducted with your Visa card. If you want this restriction to be removed from your account please call us. Call (a phone number) to have this restriction removed. We apologise for any inconvenience this may cause.'

Scam #2 - 'your card must be re-activated'

This scam claims that your personal identification number (PIN) was entered incorrectly three times, therefore the card had to be deactivated. The email then asks for the completion of an authentication form or for a phone call to be made to a number provided in order to activate the card. The email reads something like this:

‘…. the personal identification number (PIN) was entered incorrectly more than three times. For your protection we have deactivated your card. To reactivate your card, please complete the authentication form or call (a phone number). XYZ Bank Customer Service'.

When you call that number, if anyone answers, unfortunately, you're actually speaking to a fraudster or the criminal on the other side, who then can get additional information and steal your identity.

Scam #3 - 'update your account information'

You get a phone call from someone asking you to 'update your account information'. To protect yourself from this type of scam, use some of the same techniques you’d use to avoid other phishing scams. Don’t give information to anybody unless you are certain you know whom you’re dealing with. If you get a phone call about one of your accounts, hang up and call the bank or credit union on the number you would usually use and call ScamWatch. Dial the number that appears on the back of your card or on your statements and then you’ll know you’re in the right place, and they can take care of any issues on your account. The bad guys use internet telephone services to disguise where their real location is, and where the call is originating from. So they can be in Russia for example, and get a local area code phone number in (say) Australia relatively quickly. Always hang up on a caller who asks for your account details.

Phishing emails

Phishing emails are fake emails usually pretending to be from banks or other financial institutions. They make up some reason for you to give your account details and then use these details to steal your money.

‘Nigerian’ scams

These are called Nigerian scams because that is where they originated, however these scams can come from any country. Someone asks you for help to transfer money out of their country by paying fees or giving them your bank account details.

Pay first scams

You are asked to send money upfront for a product or reward – and you end up with something much less than you expected, or nothing at all.

Cheque overpayments

You are sent a cheque for something you have sold, but it is for more than the agreed amount. The scammers hope you will refund the extra money before you notice that their cheque has bounced.

Charity scams

These scams are prevalent during times of recent disaster where, people take advantage of your generosity and kindness by asking for donations to a fake charity, or impersonating a real charity.

Tax refund scam

You are invited to complete an online form to claim a bogus tax refund. Scammers are using the end of the financial year as a perfect opportunity to target consumers. This scam often has ‘Tax Refund Online’ in the subject heading and the Australian Tax Office (ATO) logo

Online protection

While internet services such as online shopping and banking are convenient, there are some risks involved. The following information may help you ensure you’re protected when you’re online.

“In-session” phishing

This is a variant of the Zeus Trojan. It works by tricking the user into entering personal details or internet banking login details by injecting a false webpage purporting to be from the financial institution while the user is online.

How phishing works

This webpage appears as a pop-up box and often comes in the form of a “Personal Details Update Request” or “Security Validation Request” - something that directs the user to enter personal data. These forms are designed to capture all the information that you would typically type into a genuine banking site (for example, passwords and logins) plus other personal identification details.

The pop-up forms can be convincingly branded and feature a seemingly genuine form which may include scroll down menus, security alert information and has the look and feel of a genuine banking communication. Others times they may unbranded, generic forms to widen the range of potential target websites.

Previous phishing attacks would typically try to redirect the user’s browser to a fake financial institution website, set up by the criminals to trick victims into divulging personal details. In contrast, “in-session” phishing operates from the user’s own computer and when the user is in a session with the genuine banking website. This gives the impression that the pop-up is originating from the genuine website and must therefore be authentic.

It must be stressed that the threat is contained to the user’s computer which is compromised by the Trojan and does not mean that the online banking website or interface of the financial institution has been compromised.

As with all types of phishing attacks, “in-session” phishing relies on tricking customers or members to enter their personal or internet banking details.

It is important that members remember
“Your financial institution will never ask you for personal details by email”

Security software

Security software is usually sold in suites that offer more than one function, such as anti-virus or firewall. You should always use security software suites that offer you maximum protection – anti-virus software alone will not secure your online activities.

Anti-virus software

This stops malicious software infecting your computer. It’s fairly easy to install and maintain. Make sure you enable automatic download of updates so that your software is always current.

Desktop firewall

A desktop firewall allows you to control the access other computers have to your computer. It also controls how applications on your computer gain access to other networks. Desktop firewalls can sometimes be difficult to configure correctly, so you should ask your vendor for instructions.

Anti-adware/Anti-spyware

Beware of malicious software like Adware and Spyware. Adware often redirects your browser to specific sites without your input, while Spyware captures and sends information stored or transmitted by your computer. Anti-adware and anti-spyware software is fairly easy to install and maintain. Make sure you enable automatic download of updates so that your software is always current.

Anti-spam

Unsolicited emails are known as spam. You should always delete these emails as soon as you receive them. Clicking on a link will alert spam senders that they have a valid email address and some of these links may contain malicious spyware. Most anti-spam software is integrated into your email client, which means you can choose to block emails from certain senders or allow them into your inbox. Some have updates similar to anti-virus software.

What you can do

There are a number of steps you can take to keep your computer secure (Source: Abacus Australian Mutuals).

  • Make sure your computer has up-to-date internet security software installed and that is working correctly.
  • Preferably type your financial institution’s website address into your browser. Never use a link to your financial institution that has been sent to you in an unsolicited email or that is on a website – these may lead to fraudulent websites.
  • Always ensure the link to your financial institution is secure by looking for the https:// at the top of the screen in the address bar and check for the locked padlock symbol in the browser window. Click on the padlock to make sure it’s current.
  • Always log out from your internet banking session when you have finished.
  • Change your internet password on a regular basis.
  • Always close your internet browser after logging out at the end of each internet banking session.
  • Ensure that you’re aware of the security advice provided by your financial institution.
  • If any windows ‘pop up’ during an internet banking session, be suspicious, especially if it directs you to another website which then requests you to enter personal details or login details.
  • Don’t send your financial information via email to anyone.

Reporting e-crime

Type of scam
Agency to contact
Scams from interstate or overseasContact ACCC on 1300 302 502
Financial and investment scams
Contact ASIC or moneysmart on 1300 300 630
Banking and credit card fraud
Contact us and let SCAMwatch know
Spam emails
Contact ACMA on 03 9963 6800
BSB: 704 230

Tools & Resources