Recent online banking scams
In February 2016, ANZ and several other trusted Australian organisations were the victim of online phishing scams.
Customers of ANZ received an SMS claiming customers needed to log on to their online banking to do something, but the link led to a fake website that captured their log-in details. The scam website looked identical to the real thing, says the Australian Communications and Media Authority (ACMA).
Thankfully, ANZ will guarantee your money in the case of money lost to fraud. Like other big banks, ANZ is regularly the target of phishing attacks – so they and their Falcon are pretty well-skilled at stopping these attacks in their tracks. Customers who are the victim of a phishing scam should see ANZ’s anti-phishing warning appear, and ANZ provides customers with information about how to recognise a phishing email or communication.
It isn’t even just banks who are under pressure, with a flood of this type of scam arriving in Australia in February 2016. The Australia Post experienced a similar email scam that said that a parcel could not be delivered because no one was home, and containing a hyperlink to a fake website. Even the ATO has had to clamp down on Geelong residents who were clicking on fake hyperlinks that promised them a delayed “tax return”.
Scams like this rely on user error – our inability to recognise that a message or hyperlink might be suspicious – rather than needing complicated hacking software or virus malware. This means it is more important than ever to understand how you can stay safe online.
The ACMA has published a list of fake URLs of scams posing as various major banking institutions in Australia, and you can check the list if you’re not sure whether a link is legitimate or not. Anyone who thinks they have been sent a scam SMS message can notify the ACMA spam hotline by texting 0429 999 888 and report it online to the federal government’s Australian Cybercrime Online Reporting Network.
The ACMA and CANSTAR recommend that you protect yourself by following these tips:
- Don’t open texts or emails from a source you don’t recognise, and be suspicious of any communication from your banking institution that does not look like the real thing.
- Never click on a hyperlink contained in a suspicious text message or email.
- Carefully check the full URL of a website that asks for your log-in details (“user credentials”).
- Don’t reuse the same log-in credentials for more than one website.
- Use two-factor authentication on your accounts when it is available.
- Always go to your online banking platform through the normal page. Familiarise yourself with what the URL on your online banking log-in page normally looks like so that you can recognise a scam if you do see one.
Proofpoint‘s 2016 Human Factor Report on cyber-security threats and counter-measures says you can even watch out for messages that arrive at the same time of day as other spam. For example, first thing Tuesday mornings are apparently a most common time of day for email inboxes to take a hit.
When in doubt, you should always check the list of Scam Warnings on your banking institution’s website and if it is not listed, phone your institution and ask them about it.