Security and fraud protection
Mobile phone security
If you bank on your phone, you should look after it like you do your wallet. Here are some mobile phone security tips:
Locking your mobile devices
Ensure your mobile phone is protected by passwords or a fingerprint if you can. Store your mobile phone in a secure location. It only takes a swipe across the screen for someone to gain information from a newer model phone that has no security features enabled.
Losing your mobile device
If you lose your mobile phone, contact your financial institution immediately and let them know. At Bank Australia we can remotely delete a mobile app or delete a phone number from the banking system to ensure SMSs are not sent to the phone.
Cleaning your mobile devices
If you are intending to sell or give away a mobile, make sure you:
- Delete all personal text messages
- Remove all personal information including photos
- Delete all banking applications
Do not disclose personal information via a text message. This includes identification information, account numbers and passwords. If the message recipient does not have up-to-date security on their phone or does not "clean" their phone before selling it on to someone else, then you may be a subject for identity theft fraud.
Only using official apps
When you download an application, make sure that you use the official stores (Google Play for Androids or the App Store for Apples). You want to be sure that you are installing a genuine app, not a fake. This is especially important for banking apps.
Using virus scanning software
Ensure your anti-virus software is the latest version and firewall software is on your tablet or smart phone.
Clearing your browsing history
Some mobile phones and tablets store a copy of the web pages that you have accessed over a period of time. Ensure you regularly clear the cache (the place where these files are stored) that your browser uses.
Being careful with free downloads
Free applications, screensavers or software can be subject to spyware and malware. Always ensure you only download genuine products.
Investment scams warning
Scammers keep finding new ways to trick people into parting with their hard-earned money. Fake investment companies and companies offering unlicensed financial services are becoming more and more convincing. They might even claim to be low risk with high return, but if the company is not legitimate, it’s extremely high risk.
You can protect yourself. Remember, if it sounds too good to be true, it probably is.
Always be wary of someone you don’t know offering you a great investment – over the phone, by email, or in person. Ensure they’re legitimate before giving them any money. Help to protect yourself by checking to see if they are licenced with ASIC to make sure that they are allowed to be doing business in Australia.
On moneysmart.gov.au you can search a list of companies that ASIC has identified as unlicenced. You can also read about different types of scams and the methods fraudsters might use to try to get you to part with your money.
Be careful when accepting upgrades
Scammers often adapt their methods to match genuine things that are happening. Currently, they are taking advantage of Microsoft Windows 10 upgrades to send emails out claiming that they can fast-track the upgrade if you follow a link and download an ‘installer program’. The link takes you to a fake website that looks like the real website, but downloading the software infects your computer with malware.
Scammers are also using phone calls advising that there was an issue with the upgrade, and that if you allow then remote access they can fix it for a fee. Don’t allow remote access to a cold caller (i.e. someone who has called you), and don’t provide payment details unless you have initiated the contact and trust the other party.
If you’re ever unsure about a call or an email, please contact us on 132 888.
Read our security guidelines.
Never click on links in hoax or phishing emails
We will NEVER ask you to update, confirm or disclose your personal banking or card details via email.
We are aware of hoax or phishing emails being sent to our customers asking them to verify details by clicking a link to a page that resembles Bank Australia’s internet banking site. If you receive an email like this, DO NOT click on the link. Report it to us immediately on 132 888 or firstname.lastname@example.org and we will investigate it.
Never complete pop-up surveys from Bank Australia
We will NEVER ask you to update, confirm or disclose your personal banking or card details via pop-up surveys.
If you or someone you know receives a pop-up survey from what appears to be Bank Australia, DO NOT complete it. Report it to us immediately on 132 888. You can also send the pop-up as a screen shot attachment to email@example.com.
Keep your security software up to date
Microsoft is no longer providing updates for Windows XP, Office 2003 and Exchange Server 2003.
Without critical security updates, PCs and tablets may be vulnerable to harmful viruses, spyware, and other malicious software (or ‘malware’) which fraudsters can use to access your computer and steal your personal information.
Anti-virus software may not be able to protect your computer if other software on your computer cannot be updated (such as Windows XP) or is not regularly updated with the latest versions.
We encourage our customers to keep program software up to date, consider upgrading to the most current version of system software, and installing appropriate anti-virus, security and protection software to protect them from identity theft and account compromise.
Staying safe online
We are committed to protecting our customers’ money. Here you can read about the different types of banking fraud and how you can avoid being a victim.
Our commitment to your safety
- regularly monitor your accounts for unusual transactions
- actively seek to confirm with you any transactions that appear to be unusual. As part of this, staff from our Banking Integrity team may call you, email you, or send you a letter or SMS requesting confirmation of a transaction
- encourage you to verify your identify by contacting us on 132 888
- take proactive measures to restrict access to the account if we detect unusual activity and we are unable to confirm the legitimacy of the transactions with you
- send you a copy of the Bank Australia Security Guidelines.
We will NEVER:
- send you unsolicited emails asking for information
- ask you to disclose your PIN or personal banking details in an unsolicited email, SMS or telephone call
- ask you to disclose your card number or any other information on your card
- ask you to click on a link in an email which then asks you to log in to your account and verify your details.
Fraudsters are always trying to find new ways to access people’s money. Here are some of their common techniques:
- malware (including viruses and spyware)
- counterfeit cards and skimming
- phishing emails
- mobile phone porting
- email hacking
- mail theft.
Most scams are offering something that sounds too good to be true.
Scams are fraudulent schemes promising large sums of money, often from foreign countries. They often ask their target for some type of service, or fee to be paid, before they grant payment. Scams can also be disguised as a ‘free trial’ offer in which they want your payment details before they give you the ‘free trial’.
Scammers may contact you via mail, email, SMS, telephone, eBay or even door-knocking.
Some of the most common scams are:
- offering exclusive entry to a lottery through payment of an upfront fee
- offering a payment to receive ‘how to make money’ information, lottery or horse betting predictions, or personalised horoscopes
- advising of goods or prizes awaiting collection once a delivery fee is paid
- offering the opportunity to take part in a competition after payment of a fee
- advertising jobs that offer you a commission for you taking payment for sale of goods into your own personal account and then transferring the funds to another account, usually via Western Union
- offering free trials where payment details are required for a postage fee, and then much larger payments are processed if the trial is not cancelled within a very short timeframe.
If you suspect someone is trying to scam you, or you find yourself the victim of a scam, contact us on 132 888 immediately so we can take precautions to protect your account. Information on scams, and methods used by scammers, can be found at scamwatch.gov.au.
Viruses, spyware and other malware
Viruses and spyware can harm your computer and other electronic devices, such as your mobile phone, and allow third parties access to your personal information and account details.
Viruses and spyware are generally downloaded via hoax emails or other pop-ups claiming the recipient has won a prize. You can help protect your computer from becoming infected by:
- ensuring your computer has adequate security installed, including firewalls, antivirus and anti-spyware
- keeping your computer systems up to date by switching on automatic updates and installing any updates as they become available
- thinking before you click. Clicking on links or opening attachments from emails, particularly unsolicited emails, can result in malware installing itself on your computer. The malware can then capture information, such as internet banking details, and send it back to the fraudster
- never allowing anyone to access your computer remotely (that is, from another location) unless you initiated contact with them and trust them.
Malware, short for malicious software, is computer software used to disrupt how a computer works, gather sensitive information or gain access to private computer systems. Malware is a general term that refers to various forms of intrusive and potentially damaging software, including viruses, spyware and Trojans.
Counterfeit cards and skimming devices
Skimming is the term used for the unauthorised copying of an electronic device—in this case, card details (including the PIN) at an ATM or EFTPOS terminal.
Once a card is skimmed, the cards details are transferred over to a counterfeit card and used to access your account without your knowledge.
Skimming devices can be fitted to ATMs or used by retail staff who hide them and use them without your knowledge.
You can avoid having your card skimmed by:
- never using an ATM you think has been tampered with
- making sure there is not a ‘card reader’ or skimming device fitted to the front of the ATM
- keeping your card in sight at all times when making EFTPOS or Visa transactions
- protecting your PIN. Always cover your hand when entering your PIN so no-one else can see it. Never tell anyone your PIN, including family, friends, police or Bank Australia staff.
If you see an ATM you think has been tampered with, or if you think your card or personal details have been compromised, contact us immediately on 132 888.
Using your card online
Online shopping is really popular, but it’s important you keep your computer secure and you only provide information to people you trust. Please read our online shopping tips.
Treat your card like it’s cash. Never leave it unattended, such as in a car or at your workplace.
When you travel, tell us your itinerary (dates and destinations) and how we can contact you while you’re away.
Keep the card hotline numbers handy when you’re in Australia and overseas.
Internet banking fraud
Internet banking fraud is when an unauthorised person accesses your internet banking to get personal details or transfer funds from your account.
Internet banking fraud can happen when you’ve been the victim of a scam or your computer has been infected with malware. It can also happen if someone other than you has access to your log in details. This includes your family and friends. Sometimes a third party can access your internet banking without your knowledge but not take any money. They do this for various reasons, including to check stolen details or to use your personal information to steal your identity.
You can avoid internet banking fraud by:
- always checking the log-in information on the welcome page of internet banking which shows you the most recent activity using your log-in details
- maintaining good computer and mobile phone security
- never using ‘auto-complete’ for internet banking
- never telling anyone else your log-in details, even if you know the person well
- never using internet banking on public computers or on an unsecured internet connection (including free Wi Fi)
- telling us immediately if you see a transfer or transaction on your account that you didn’t process practicing good password security (see our password security page for some tips)
- not becoming a phishing victim
- being familiar with the security features of internet banking.
- If you’re concerned about the security of your internet banking, please call us on 132 888.
Phishing or hoax emails and texts (SMS)
Phishing or hoax emails and texts are fraudulent communications that appear to be sent from Bank Australia or other legitimate businesses and companies. These emails or texts try to trick you into providing personal information, such as your customer number, internet or telephone banking passwords, card details, birth date, driver's licence or passport number, and any other personal information.
Emails can also be from unknown senders and contain links or attachments that download and install malicious software on to your computer.
You can avoid being a victim of phishing or hoax emails and texts by:
- not responding to emails from people or places you don’t recognise
- not clicking on any links (always type a web site address rather than click a link)
- not entering personal information into web sites that you don’t know or trust
- not sending sensitive information (such as card details) via email.
If you think a phishing email might have accessed your personal details, or you received an email or text claiming to be from Bank Australia but you doubt its authenticity, contact us immediately on 132 888.
If the email claims to be from us, we will ask you to send us a copy of the email.
Whenever you receive any phishing email, we recommend you run antivirus software to check your computer hasn’t been infected. When you’re sure your computer is safe, update your passwords.
Change your passwords regularly and don’t make them easy to guess (by family, friends or strangers).
Mobile phone porting
Mobile phone porting is when your mobile service is transferred, or ‘ported’, from one provider (Telco A) to another one (Telco B). Porting is something you might do if you change your own mobile phone company from Telco A to Telco B to get a better deal. The problem occurs when your number is ported without your knowledge or permission.
Mobile phone porting can occur when scammers, who have compromised your personal credentials including your mobile phone number, transfer your phone number to another provider so they can receive any security codes, including those from Bank Australia, you receive.
If your mobile phone has been transferred to another provider without your permission, please contact us immediately on 132 888.
If your mobile phone service is suddenly disconnected or not receiving service, then this could be a warning sign that your mobile phone has been transferred to another provider. You should telephone your mobile provider immediately to confirm why your mobile service is not working.
Email hijacking is when an unauthorised party infiltrates an email account. The most commonly affected email accounts are free, web-based email accounts, but any email account can be hijacked.
Fraudsters can hijack emails for many reasons, including to:
- update personal details
- obtain personal details
- reset passwords
- request funds transfers (including EFT, BPAY and telegraphic transfers).
When a fraudster has access to an email account, it’s possible for them to get copies of legitimate emails between you and Bank Australia. These emails can include scanned documents containing signatures and account numbers.
Depending on what emails you have saved in your email account, the fraudster may also obtain specific account information, personal history or even passwords.
Never send sensitive information, such as passwords, via email.
Fraudsters still use mail theft as a way of getting your personal information and stealing your identity. Make sure your mailbox is secure.
If you believe your mail is being stolen or redirected without your permission, contact Australia Post.
Clear out old advertising material from your letterbox because this tells a thief that you’re not home.
You can protect your mail by:
- keeping your mailbox locked
- making sure the opening to your mailbox isn’t big enough for a hand to fit through
- immediately telling your bank and other important organisations when you’re moving house, and arranging a mail hold or mail redirection to your new address
- arranging for someone you trust to clear your mailbox when you’re away from home or unable to collect your mail
- arranging for Australia Post to hold your mail if you’re going away and don’t have anyone to clear your mailbox for you
- where possible, signing up for email notifications, such as Bank Australia eStatements and BPAY view
- considering Australia Post’s ‘digital mailbox’ service.
For more information about mail theft and Australia Post services, visit auspost.com.au.
If you suspect someone has stolen your identity, report it immediately to your local police.
Cheque fraud is still popular with some fraudsters and cheques offer many ways for fraudsters to steal money. Cheque fraud can involve personal cheques and those issued by businesses, banks and government departments.
‘Washing’ cheques involves removing genuine information (often by using chemicals) and replacing details, such as the payee name or the amount.
Fraudsters can hide cheque theft by removing one or more cheques from the middle of the cheque book and the cheque stub.
You can protect your cheques by:
- treating your cheque book like cash and keeping it in safe location
- checking that all the cheques you’re writing are in sequential order (the numbers follow each other logically)
- telling us immediately if your cheque book is lost or stolen or if individual cheques are missing
- regularly reconciling your cheque book. If there are amounts that do not match, contact us on 132 888.
Identity theft and fraud
Identity theft is when fraudsters steal your personal information, such as your name, date of birth, address and other details, and use it to impersonate you or to fabricate a new identity in order to steal money or gain other benefits. Fraudsters can use stolen personal information to apply for credit in your name.
Identity takeover is when someone accesses another person’s personal information and assumes that person’s identity.
Identify fraud can also involve altering a genuine identity in order to avoid a bad reputation or credit history.
Fraudsters can use seemingly harmless things, such as utility bills or shopping club memberships, to steal your identity. Regard all documents containing personal information (including name and address) as sensitive, and store or dispose of them securely.
Identity fraud can be stressful to the victim and their family and time consuming and costly to fix.
If you have concerns about identity fraud or believe someone has applied for credit in your name, contact us immediately on 132 888 or refer to reputable web sites, such as scamwatch.gov.au or veda.com.au.
Fraudsters can use your details for many things, including:
- accessing existing bank accounts and services in your name
- opening bank accounts
- opening businesses
- applying for credit and identification documents (such as driver’s licences and passports)
- applying for government benefits
- money laundering.
You can reduce the risk of having your personal information stolen or misused by:
- securely locking your mailbox and clearing it regularly. Where possible, switch to electronic notifications for financial information, such as eStatements
- securely destroying personal and financial papers (for example, shredding them before disposing of them) or keeping them in a secure place (such as a safe) protecting your PIN and passwords from being seen when you’re entering them
- maintaining good computer and mobile device security, and not using public computers or unsecured wireless hotspots for any sensitive information or activity, such as online banking
- not sharing personal information on social networking sites
- not sending personal information, including copies of documents, via email
- taking care when someone asks you for personal or financial information. Ask yourself whether there is a legitimate reason for them to request this information and don’t provide information to someone you do not know or trust
- regularly reviewing your bank statements and questioning anything you do not recognise
- checking your credit report and promptly report any unusual activity.
Bank Australia has zero tolerance for corrupt behaviour, including fraud. Our policies, procedures and controls are designed to protect you. If you have concerns about possible fraudulent activity, contact us on immediately on 132 888.
Lending fraud is where a person illegally obtains funds, including mortgages, credit cards and overdrafts. It can happen after an identity is stolen. Lending fraud can include:
- outright theft where the borrower has no intention of repaying the money
- non-disclosure of debts where the borrower deliberately does not advise of existing credit facilities they have when they apply for a new facility, or supplies false employment information
- supplying false identification information, including fabricated identities
- applying for credit using invalid or altered personal details, or using someone else’s information.
- You can protect yourself against lending fraud by:
- checking your credit report at least once a year to make sure there are no listings on it that don’t belong to you
- considering signing up for a credit alert service. These alert you when someone has performed a credit check on you
- protecting your personal information from theft, including any information you have stored on a computer or mobile device
- securing your letterbox and making sure its opening can’t fit a hand making sure any credit application you complete is accurate. For instance, a $500 credit limit that has no money owing on it is still considered an existing credit facility and must be disclosed
- reporting a stolen identity to the police and your financial institutions
- contacting the main credit reporting agencies, such as Veda, and asking for a ban on your credit file.
Lending and identity fraud is illegal and Bank Australia does not tolerate it. If you have information or concerns about lending or identity fraud, contact us on 132 888 or visit veda.com.au.
These web sites have useful information about fraud protection and staying smart online: