Latest scams

Fraudsters are getting smarter by the minute so it is important to know what tricks they might use so you don’t become a victim of financial crime. Read up on the latest scams around at the moment.

For more information, check the ScamWatch and Stay Smart Online websites for new scams and the latest steps to secure yourself online.


2017 email scam - fake Bankwest eStatement notifications

 

We have recently been made aware of a new phishing email which is circulating to both Bankwest and non-Bankwest customers advising them that a new e-Statement is available for viewing.

The email which was sent on Monday, 11 September includes links to click on to “view” the statement. When clicked, these links would then auto-download viruses to the customers computer.

What to look out for

  • A generic greeting such as Dear CUSTOMER rather than using your surname
  • The words viewing and download are in orange and linked. There are no links in our legitimate eStatement alerts
BPay scam email
 

 If you receive a suspicious email forward it to abuse@security.bankwest.com.au

Important: If you have clicked on the links, please call us on 13 17 19 so we can take care of your accounts for you.



We’ve collected common scams from past years, so you can stay informed



2017 malicious virus alert - Android banking malware

 

There is a new sophisticated banking malware called 'Marcher' that steals users’ financial information, such as online banking credentials and credit card details.

In its latest guise, the malware has been disguised as Adobe Flash player. The user will be prompted by reporting that their device’s Flash Player is out of date message, as a result of a fake online ad or deceptive SMS message link. The malware “Adobe_Flash_2016.apk” will be dropped on the user’s device. The malware will also guide the user to disable security and allow third-party apps to install.

Once a device is infected, Marcher watches for certain apps to start. When they do, it injects its own login window in an attempt to trick users into handing over their account numbers, usernames, passwords, and PINs.

How to protect yourself

  • Install an antivirus App on your android device
  • Never install an application that is not from the Google PlayStore
  • By unchecking the "Unknown Sources" option under the "Security" settings of your device, you can prevent inadvertent downloads from questionable sources.

Top



2017 email scam - fake BPay refund emails

 

There are fraudulent phishing emails circulating purporting to be from BPay. These emails communicate a that a payment has been made to you through BPay.

The scammers will prompt you to download and open the attached word document to view details of this payment.

The attached document is not a document but a Trojan virus file that contains malicious software which downloads and installs on your system. Commonly, this infection will install a backdoor which allows remote access to your system. This backdoor may then be used by remote attackers to upload and install further malicious or potentially unwanted software.

What to look out for

If you receive an email alerting you to a payment from BPay, please confirm this independently with Bankwest. Avoid clicking on any link within an email and do not download any attachments.

If you receive a suspicious email forward it to abuse@security.bankwest.com.au

BPay scam email
 

Top

2017 email scam - fake Australian Tax Office emails

 

There are fraudulent phishing emails circulating purporting to be from the Australian Tax Office These emails communicate that your next activity statement is available or that there are inconsistencies in your income declaration.

Some emails may contain a virus disguised as a legitimate file attachment to download. Other emails contain links that when clicked download malicious software to your computer called ransomware, blocking you from accessing your files until you pay a ransom.

 

What to look out for

If you receive an email purporting to be from the Australian Tax Office, please confirm independently with the ATO. Avoid clicking on any link within an email and do not download any attachments.

If you receive a suspicious email forward it to abuse@security.bankwest.com.au.

Fig. 1 - ATO phishing email scam  


Fig. 2 - ATO phishing email scam

Top



2016 email scam - fake Telstra refund emails

 

There are fraudulent phishing emails circulating purporting to be from Telstra. These emails communicate a refund due to you.

The scammers will prompt you to log into your Telstra account via a fake website (fig. 1) to collect your personal details such as name, address, date of birth, as well as full credit card information (fig. 2).

A 'Thank You' confirmation is also displayed at the end showing a receipt number giving the appearance of a legitimate transaction.

What to look out for

If you receive an email alerting you to a refund by Telstra, please confirm independently with Telstra. Avoid clicking on any link within an email to log directly into your account. Always use the login link on the official website.

Telstra phishing scam - fake refund email
  • View all Telstra scam images


    Fig. 1

    Fig. 1 - Telstra phishing email scam - fake login screen


    Fig. 2

    Fig. 2 - Telstra phishing email scam - fake form

Top


2016 invoice email scam - targeting Australian businesses

 

Beware of an invoice email scam asking you to change existing payment arrangements. The scam emails come from individuals acting as suppliers or colleagues, advising you to make a payment or change to the recipients in your online banking.

How to protect yourself

  • Make sure you have a clear process in place for verifying and paying accounts and invoices.
  • Double check email addresses to ensure they’re legitimate. Scammers often set up accounts that appear real at first glance, but feature inconsistencies or errors when you look closely.
  • Contact the business directly to verify the email’s authenticity. But don’t contact them via email reply or by calling the numbers listed in the email! Always use contact details that you already have on file, or that you have sourced yourself via a directory.

Top

2016 malicious virus alert - unusual content during Online Banking logon

 

We have detected computer viruses displaying unexpected messages and attempting to capture customer details.

What to look out for

  • New pages warning of delays to logging on and asking you to re-enter your security token code.
  • New pages advising of technical issues such as the example below.
  • Pages requesting your email address.

Example
Online Banking malicious virus alert - Logon Screen

Top

2015 email scam - account reactivation

 

Watch out for emails in your inbox pretending to be from Bankwest, advising you that you need to activate your banking access.

What to look out for

  • A generic introduction instead of your actual name. e.g Dear Sir or Hello customer.
  • A source email address that looks unfamiliar, suspicious or unprofessional.
  • A request for sensitive or personal information like your home address, contact number, banking details or password.
  • Scare tactics to pressure you into making a quick and potentially risky decision.

Example
Hoax email scam advising you that you need to activate your banking access.

Top

2015 malicious virus alert - unusual OBB content

 

We have detected computer viruses displaying unexpected messages and attempting to capture customer details.

What to look out for

  • New pages warning of delays to logging on and asking you to re-enter your security token code.
  • New pages advising of technical issues such as the example below.
  • Pages requesting your credit card expiry and CCV number (3 digit card code).
  • Pages requesting your mobile phone number and other personal information.

Fraudulent loading page Online business banking. Please wait while your security details are being validated  

Fraudulent customer data gathering page Form requesting customer to complete personal details
 

2014 malicious virus alert - unusual BOB content

 

We have detected computer viruses designed to trick customers into revealing personal banking information including SMS authorisation code.

What to look out for

  • New page heading.
  • Page heading not in left hand menu.
  • Different colours used (i.e. yellow buttons).
  • Request for your mobile phone number or credit card number for 'security reasons'.
  • Text messages that ask you to upload security updates to your Android phone. (Updates should only be performed from official app stores such as Apple’s App Store or Google Play (for Android devices).

Example
Fraudulent Content

Apple and App Store are trademarks of Apple Inc. registered in U.S and other countries.© 2015 Google Inc. All rights reserved. Android and Google Play are trademarks of Google Inc.

How can we help?

If you have any questions or concerns regarding Bankwest security or privacy please contact us immediately.

Reporting Scams
  • Personal customers call 1300 368 748
  • Business customers call 13 7000

McAfee® Internet Security

McAfee internet security

Bankwest customers get free McAfee® Internet Security for 6 months.

© 2017 Copyright Bankwest, a division of Commonwealth Bank of Australia (Bankwest) ABN 48 123 123 124 AFSL / Australian credit licence 234945. All rights reserved. To use this Website, you are required to read the Financial Services Guide (which you agree to be provided by accessing the link). Bankwest is a division of Commonwealth Bank of Australia, which is the product issuer unless otherwise stated. Rates stated are subject to change without notice. Any advice given does not take into account your objectives, financial situation or needs so please consider whether it is appropriate for you. For deposit and payment products, please ensure you read and consider the Product Disclosure Statement (which you agree to be provided through this link) before making any decision about the product(s). For lending products, lending criteria and fees and charges apply. Terms and conditions apply and are available on request.