Staying safe online
We live in an increasingly online world. It’s very convenient and quick to get information and to get things done, but it also means there is more personal information online and everyone needs to make sure that they keep it as safe as they can.
Malware, short for malicious-software, can disrupt how a computer or mobile device works, gather sensitive information without your knowledge, or gain access to private computer systems. Malware is a general term that refers to various forms of intrusive and potentially damaging software, including viruses, spyware and Trojans.
Viruses and spyware can harm your computer and other electronic devices, such as your mobile phone or tablet, and allow third parties access to your personal information and account details.
Viruses and spyware are generally downloaded via hoax emails, fake websites, or other pop-ups claiming the recipient has won a prize or urgently need to verify details. You can help protect your computer and mobile devices from becoming infected by:
- ensuring your computer and mobile devices have adequate security installed, including firewalls, antivirus and anti-spyware
- keeping your computer systems and mobile devices up to date by switching on automatic updates and installing any updates as they become available
- thinking before you click. Clicking on links or opening attachments from emails, particularly unsolicited emails, can result in malware installing itself on your computer. The malware can then capture information, such as internet banking details, and send it back to the fraudster
- never allowing anyone to access your computer remotely (that is, from another location) unless you initiated contact with them and trust them.
For more information about malware, contact your computer security provider or visit staysmartonline.gov.au.
Phishing or hoax emails and texts are fraudulent communications that appear to be sent from Bank Australia or other legitimate businesses and companies. These emails or texts try to trick you into providing personal information, such as your customer number, internet or telephone banking passwords, card details, birth date, driver's licence or passport number, and any other personal information that might be used to identify you.
Emails can also be from unknown senders and contain links or attachments that download and install malware on to your computer.
You can avoid being a victim of phishing or hoax emails and texts by:
- not responding to emails from people or places you don’t recognise
- not clicking on any links (always type a web site address rather than click a link)
- not entering personal information into web sites that you don’t know or trust
- not sending sensitive information (such as card details) via email.
If you think you’ve responded to a phishing email, or you receive an email or text claiming to be from Bank Australia but you doubt its authenticity, contact us immediately on 132 888.
If the email claims to be from us, we will ask you to send us a copy of the email.
Whenever you receive any phishing email, we recommend you run antivirus software to check your computer hasn’t been infected. When you’re sure your computer is safe, update your passwords.
Change your passwords regularly and don’t make them easy to guess (by family, friends or strangers).
Computers are part of everyday life now, and store all sorts of information. They connect to the internet, and let people all over the world connect instantly. They are also targets for fraudsters, so it’s important to keep them as secure as possible.
Some things you can do to help protect yourself are:
- Lock it! Make sure you have a password to access your computer, and that you change any default passwords as soon as you can. This includes passwords for modems and routers – if someone else can access your internet connection, they can use it to access any computers and devices that are connected to it, and also potentially run up big bills!
- Update and scan it. Ensure that you have adequate security installed, including firewalls, anti-virus and anti-spyware. Turn on automatic updates for all programs, including security programs, and make sure that you run scans regularly.
- Check your info. Always check the ‘last log in’ data on websites like internet banking, and contact us immediately on 132 888 if the last log in recorded was not done by you.
- Keep it secret. Keep you log in information and passwords secret – don’t even share them with family and friends.
- Think before you click. Be careful when clicking on links or opening attachments from emails, even if they look to be from someone you trust. Emails can be hacked or spoofed and websites can be hijacked or faked, so clicking on links and opening attachments can lead to malware. If you’re not 100% sure, don’t click.
- Know your habits. If you ever see something that you don’t recognise, like a post on social media or a transaction on your account, take immediate steps to alert the relevant parties. If it’s a transaction on your account, call us on 132 888.
- Use two-factor authentication. Where possible, use two-factor authentication to verify yourself on websites. It’s quick and easy, and helps prevent other people from using your details.
Your devices, including mobile phones and tablets, are basically mini-computers. They connect to the Internet, store personal information and photos, and are often used for banking. It’s important to protect them and keep them as secure as you can.
To ensure your devices are secure:
- Lock it! Make sure you store your devices in a secure location, and protect them by using a password, PIN or fingerprint. It only takes a swipe across the screen for someone to get information from a phone with no security features enabled.
- Keep us in the loop. If you lose your mobile device, contact us immediately to let us know. We can remotely delete a mobile app or delete a phone number from the banking system to make sure that no messages from us are sent to the phone.
- Keep it clean! Make sure that you keep your security software up to date, and if you are planning to sell or give away your device, make sure that you:
- delete all text messages
- remove all personal information including phone numbers and photos
- delete all banking applications and social media applications
- clear the cache and delete the browsing history, passwords and cookies
- factory reset your phone.
- Only use official apps. Free applications, screensavers and software may be subject to malware. Make sure that you only download apps from the official stores (Google Play for Androids, the App Store for Apples, Blackberry World for Blackberry devices, and Microsoft.com for Windows phones). Unofficial, or ‘rogue’, apps can carry malware and/or cause the device to stop working properly.
- Clear it. Regularly clear your browsing history and cache.
- Stranger danger. Be wary of any text messages (including MMS) from someone you do not know and trust. Fraudsters will send SMiShing messages (phishing via text) to try to trick you into clicking on links that may lead to malware or ask for personal details.
Fraudsters can hijack emails for many reasons, including to:
- update personal details
- obtain personal details
- reset passwords
- request a funds transfer (including EFT, BPAY and telegraphic transfers).
When a fraudster has access to an email account, it’s possible for them to get copies of legitimate emails between you and Bank Australia. These emails can include scanned documents containing signatures and account numbers.
Depending on what emails you have saved in your email account, the fraudster may also obtain specific account information, personal history or even passwords.
If you suspect that someone has access to your emails, it’s important to ensure that your virus protection is up-to-date, and to thoroughly scan your computer or mobile device. After the scan is completed and the computer is cleared of any issues, make sure that you update all of your passwords.
Never send sensitive information, such as passwords, via email.
Spoofing is when someone sends you an email that is masquerading as being from someone else. For instance, the name might look to be your friend (or co-worker), but the email address is nothing to do with the real person.
Spoofing emails are similar to phishing emails in that they try to trick you into providing information, clicking on a link, or opening an attachment. They might also look like someone else’s email has been hacked, when it’s really just someone pretending to be them.
If you’re not sure of the origin of an email, don’t open it or click on any links or attachments. You can usually find out quickly if it’s from the real person by giving them a quick call.
Internet banking fraud can happen when you’ve been the victim of a scam or your computer has been infected with malware. It can also happen if someone other than you has access to your log in details – this includes your family and friends. Sometimes a third party can access your internet banking without your knowledge but not take any money. They do this for various reasons, including to check stolen details or to use your personal information to steal your identity.
You can avoid internet banking fraud by:
- ensuring you choose strong passwords
- using a different password for your internet banking than what you use for other sites
- checking the log-in information on the welcome page of internet banking which shows you the most recent activity using your log-in details
- maintaining good computer and mobile phone security
- never using ‘auto-complete’ for internet banking
- never telling anyone else your log-in details, even if you know the person well
- never using internet banking on public computers or on an unsecured internet connection (including free WiFi)
- telling us immediately if you see a log-in record, transfer or transaction on your account that you didn’t process
- not becoming a phishing victim
- being familiar with the security features of internet banking
- use a token
If you’re concerned about the security of your internet banking, please call us on 132 888.
Mobile phone porting is when someone transfers your phone to another carrier, or obtains a second SIM, so that they can receive all of your messages and phone calls. It can occur when your personal details from been compromised, and can mean that a fraudster can transfer funds out of your account or steal your identity.
How do you know if your phone has been ported or cloned?
- You have no service somewhere you usually would have service
- Your service carrier symbol may disappear from your phone and reset to SOS mode so you can only make emergency calls
- You receive an SMS confirming a porting request, or advising you of a new SIM card
What can a fraudster do with that information?
- Transfer funds out of your account
- Change your personal information
What should you do?
- Change your password on internet banking using a different computer or device than what you usually would
- Contact us on 132 888. If you can’t talk to us, go back to step 1 and then send us an email
- Check your transactions and alert us to anything you didn’t authorise
Don't trust SMS?
- You don’t have to - get Symantec VIP security.
The Symantec VIP Access app generates one-time security codes on your phone or tablet – you can use these to identify yourself when using internet banking to pay a new payee or change your details
Using Symantec VIP is more secure than getting your codes via SMS – with Symantec VIP, you are protected from mobile porting.
How to use Symantec VIP:
- Download the Symantec VIP Access app for free from the Apple App Store or Google Play Store
- Log in to internet banking, and go to ‘Settings’ > ‘Manage Symantec VIP’
- Click on ‘Register token’ and follow the prompts