Latest banking security threats

Scammers are impersonating genuine institutions (such as banks) using staff names and even producing brochures and marketing materials with company logos. When offering products like term deposits or bonds, they often lead with competitive rates and include fake offer-ending dates to create a sense of urgency. The best way to confirm legitimacy is to check the organisation’s website by typing in the organisation’s website address or contacting them directly.

Things to look out for:

• Unsolicited emails that offer investment opportunities, from fake email addresses
• Links and/or pop-ups on websites personalised to you, appearing on social media
• Investment rates that seem too good to be true and have an ending date
• Attempts to gain your trust, with suggestions of what to say to your bank​
• Requests for multiple payments to be made as ‘deposits’ in order to set-up an account.

Phishing scams are more active during periods of higher consumer spending – like the lead up to the end of the year, and new year sales. In these situations, scammers rely on impulse triggered behaviours to get you to act quickly, encouraging you to provide your personal information without thinking about it. They often pretend to be from larger, well-established organisations to gain your trust and will attempt to steal your online banking logins and credit card details.

Things to look out for:

• Text messages or emails received with a sense of urgency
• Requests to hand over personal details including a one-time SMS or email code
• If a postal, delivery or courier service contacts you that you are unfamiliar with.

This phishing scam targets users of accommodation sites like Booking.com. People are receiving a message from official website email addresses like ‘noreply@booking.com’ or from the messaging function within the booking app.

The message claims a booking will be cancelled if customers don't input credit card details through a provided link. The message or email is typically received when a customer has recently booked accommodation, is due to check-in, or has already checked in.

If you've received a message or email that doesn't seem genuine or includes an urgent call to action, don’t click the link or share any personal information. Ask someone you trust or contact the organisation directly using the phone number listed on their official website.
 

This one involves either an email or a celebrity endorsed Facebook ad that encourages you to invest money or buy bitcoin. Things to look out for:

• Emails or ads that try to get you to click on a link
• Prompts to enter your bank details
• Direct messages from people on social media asking you to invest – always verify any messages you get asking to click on links, or send or receive funds
• Facebook posts tagging a lot of people that feature a photo of a celebrity.

NBN calls

An example of a cold call scam, this one involves receiving a call from scammers claiming to be fixing your NBN. They then attempt to get remote access to your computer or internet connection where they can transfer funds from your account.

ATO calls

Currently very common, this is where scammers call you claiming to be from the ATO. They may request you to provide personal details to be verified, notify you of an outstanding debt, or request bank account details for payments or refunds. They may also threaten you with prison if you don’t provide details. If you receive one of these calls, make sure you don’t provide any details. You can also report it directly through the ATO website.

If you receive calls like this, don’t follow any instructions and hang up straight away.

For this one, scammers create a pop-up on your screen that claims your computer has a fatal virus. It prompts you to call a number which gives scammers remote access to your account.

Also called a ‘flu-bot’ scam, this has been a common scam since August 2021, involving a text message from a random number notifying you of a new voicemail. The text provides a link to click in order to access the voicemail, usually with spelling errors and unusual URLs. If you get a text like this, don’t click on the link and delete the message – clicking the link could lead to malware being downloaded on your phone.

This is where scammers try to hide their identity by replacing their number with another number. This means they can call you from a number known to you to make you think you’re being contacted from a recognised caller.

We’re currently seeing instances of customers getting calls from what appears to be a Bankwest number (do not dial, for example only - 9449 2840). The callers will often say they’re from our security team, and that they’ve detected fraud on your account or need your help to catch a scammer.

Remember – we’ll never ask you for any of your banking details or login info, or to download anything. If you have any doubts, you can call us on a verified number from a genuine source – like our website.
 

We’re currently seeing many instances of scammers impersonating business and government authorities using COVID-19 messages. We’ve also seen a number of coronavirus-related online shopping scams.

A few specific examples to watch out for are:

Flight refund scam

Scammers are targeting people who are waiting for refunds from airlines that cancelled flights due to the coronavirus shutdown. They're doing this a couple of ways:

• Creating fake airline websites (such as Qantas and Virgin) where customers are prompted to call a fake number and tricked into giving card details and an SMS code so a refund can be issued
• Sending messages to customers with a fake flight refund form and telling them to fill it in with their name and credit card details.

Using these tricks, cybercriminals could collect personal and financial information and use them to carry out a broad range of malicious activities. Data gathered could also be offered for sale on the dark web.

To confirm the source of emails or messages you receive, and to verify that you're not getting contact details from fake websites, directly contact the company using a phone number from the White Pages online directory.

Texts from ‘GOV’ or ‘MyGov’

There have been multiple reports of texts that appear to come from ‘GOV’ or ‘MyGov’, with suspicious links to more information related to COVID-19.

For more information about coronavirus related scams, visit the Stay Smart Online and Scamwatch websites.