In addition to our online security measures and card monitoring program where we check transactions for unusual or out of the ordinary activity , we also recommend that you read the useful information below about scams so you are better informed and able to protect yourself online.
Remember, if it looks too good to be true, it probably is.
To report a scam, you should let us know and contact the government’s specialised team at SCAMwatch
Scams targeting consumers are on the rise and fraudsters become increasingly smarter, promising big rewards and easy ways to make money fast. Victims are not just the naïve, but are often caught unaware, convinced by those saying they represent their banker or the government.
Remember never to be fooled into:
Vishing targets your member secure details by telephone. Vishing is similar to Phishing with the difference being the technology such as automated call dialling and VoIP (Voice Over Internet Protocol) used to target account holders and steal information.
Scam #1 - 'compromised credit card account'
In this email scam, the scammer asks members to call a phone number or click on a link due to a compromised credit card account. The email might claim to be from a credit union, bank or other financial institution and will read something like this:
‘Due to unusual levels of fraud we have had to suspend any future authorisations being conducted with your Visa card. If you want this restriction to be removed from your account please call us. Call (a phone number) to have this restriction removed. We apologise for any inconvenience this may cause.'
Scam #2 - 'your card must be re-activated'
This scam claims that your personal identification number (PIN) was entered incorrectly three times, therefore the card had to be deactivated. The email then asks for the completion of an authentication form or for a phone call to be made to a number provided in order to activate the card. The email reads something like this:
‘…. the personal identification number (PIN) was entered incorrectly more than three times. For your protection we have deactivated your card. To reactivate your card, please complete the authentication form or call (a phone number). XYZ Bank Customer Service'.
When you call that number, if anyone answers, unfortunately, you're actually speaking to a fraudster or the criminal on the other side, who then can get additional information and steal your identity.
Scam #3 - 'update your account information'
You get a phone call from someone asking you to 'update your account information'. To protect yourself from this type of scam, use some of the same techniques you’d use to avoid other phishing scams. Don’t give information to anybody unless you are certain you know whom you’re dealing with. If you get a phone call about one of your accounts, hang up and call the bank or credit union on the number you would usually use and call ScamWatch. Dial the number that appears on the back of your card or on your statements and then you’ll know you’re in the right place, and they can take care of any issues on your account. The bad guys use internet telephone services to disguise where their real location is, and where the call is originating from. So they can be in Russia for example, and get a local area code phone number in (say) Australia relatively quickly. Always hang up on a caller who asks for your account details.
Phishing emails are fake emails usually pretending to be from banks or other financial institutions. They make up some reason for you to give your account details and then use these details to steal your money.
These are called Nigerian scams because that is where they originated, however these scams can come from any country. Someone asks you for help to transfer money out of their country by paying fees or giving them your bank account details.
Pay first scams
You are asked to send money upfront for a product or reward – and you end up with something much less than you expected, or nothing at all.
You are sent a cheque for something you have sold, but it is for more than the agreed amount. The scammers hope you will refund the extra money before you notice that their cheque has bounced.
These scams are prevalent during times of recent disaster where, people take advantage of your generosity and kindness by asking for donations to a fake charity, or impersonating a real charity.
Tax refund scam
You are invited to complete an online form to claim a bogus tax refund. Scammers are using the end of the financial year as a perfect opportunity to target consumers. This scam often has ‘Tax Refund Online’ in the subject heading and the Australian Tax Office (ATO) logo
While internet services such as online shopping and banking are convenient, there are some risks involved. The following information may help you ensure you’re protected when you’re online.
This is a variant of the Zeus Trojan. It works by tricking the user into entering personal details or internet banking login details by injecting a false webpage purporting to be from the financial institution while the user is online.
How phishing works
This webpage appears as a pop-up box and often comes in the form of a “Personal Details Update Request” or “Security Validation Request” - something that directs the user to enter personal data. These forms are designed to capture all the information that you would typically type into a genuine banking site (for example, passwords and logins) plus other personal identification details.
The pop-up forms can be convincingly branded and feature a seemingly genuine form which may include scroll down menus, security alert information and has the look and feel of a genuine banking communication. Others times they may unbranded, generic forms to widen the range of potential target websites.
Previous phishing attacks would typically try to redirect the user’s browser to a fake financial institution website, set up by the criminals to trick victims into divulging personal details. In contrast, “in-session” phishing operates from the user’s own computer and when the user is in a session with the genuine banking website. This gives the impression that the pop-up is originating from the genuine website and must therefore be authentic.
It must be stressed that the threat is contained to the user’s computer which is compromised by the Trojan and does not mean that the online banking website or interface of the financial institution has been compromised.
As with all types of phishing attacks, “in-session” phishing relies on tricking customers or members to enter their personal or internet banking details.
It is important that members remember
“Your financial institution will never ask you for personal details by email”
Security software is usually sold in suites that offer more than one function, such as anti-virus or firewall. You should always use security software suites that offer you maximum protection – anti-virus software alone will not secure your online activities.
This stops malicious software infecting your computer. It’s fairly easy to install and maintain. Make sure you enable automatic download of updates so that your software is always current.
A desktop firewall allows you to control the access other computers have to your computer. It also controls how applications on your computer gain access to other networks. Desktop firewalls can sometimes be difficult to configure correctly, so you should ask your vendor for instructions.
Beware of malicious software like Adware and Spyware. Adware often redirects your browser to specific sites without your input, while Spyware captures and sends information stored or transmitted by your computer. Anti-adware and anti-spyware software is fairly easy to install and maintain. Make sure you enable automatic download of updates so that your software is always current.
Unsolicited emails are known as spam. You should always delete these emails as soon as you receive them. Clicking on a link will alert spam senders that they have a valid email address and some of these links may contain malicious spyware. Most anti-spam software is integrated into your email client, which means you can choose to block emails from certain senders or allow them into your inbox. Some have updates similar to anti-virus software.
There are a number of steps you can take to keep your computer secure (Source: Abacus Australian Mutuals).
ASIC is the Australian Securities and Investments Commission and their consumer website MoneySmart includes information and resources to assist you in scam awareness and action you should take. The ACCC is the Australian Competition and Consumer Commission and their role in consumer protection includes SCAMwatch a website that provides information to consumers and small businesses about how to recognise, avoid and report scams. ACMA is the Australian Communications and Media Authority and they regulate online content and provide information about safe use of the internet and mobile phones.