Hi everyone - have you recently found yourself on the receiving end of a bank impersonation scam?
The ACCC is sounding the alarm on this type of fraud, where scammers are able to make their phone calls seem like they’re coming from your bank or their text messages appear underneath and in the same thread as legitimate ones you’ve previously received from your financial institution.
If you’ve come close to falling for one of these scams or have been directly affected by one, I would be keen to hear your story for an article I’m working on. Leave a comment or get in touch with me at lkennedy@choice.com.au Thanks!
I get them regularly. Usually saying X amount is being charged to your account please contact to us on a phone number to confirm.
I did get one, about a year ago, that nearly fooled me. Can’t remember the wording, but I rang the number. They told me there was suspicious activity on my account and they were going to freeze any overseas activity on the account, which seemed plausible. Guy passed me on to his supervisor and we talked a bit. He didn’t ask for any bank details, but I decided to end the call anyway. I then contacted the bank via a number listed on their website. Naturally, there was no issue with my account and it was all a scam.
It is worth remembering that SMS sender numbers (which don’t even have to be a number!) are trivial to spoof, just like the sender address in an email.
Basically you cannot trust these media even if the message appears to come from somebody you know.
I recently received an SMS from a legitimate organisation which spoofed a non-numeric sender number, with a message at the bottom to reply “Stop” to cancel. Needless to say, the reply does not go through as the phone cannot tell where to send it.
Here’s one. A friend received a phone call from a man saying he was calling from her bank. He said they had a staff member they suspected of stealing and they had set up a trap to catch this person. He went on to say they needed her help with the task of revealing who the thief was.
All she had to do was to go to the branch, withdraw $20,000 and hand it over to the bank’s representative (who would call at her house to collect it) and would put the money straight back into her account.
She went to her local branch where the teller first tried to dissuade her from making the withdrawal. My friend had been warned not to disclose this to anyone (and certainly not anyone in the bank because that would alert the thief). The teller would not allow her to withdraw the full amount in cash but they did let her take $9,000. Later the scammer arrived at her house and she gave him the money. This was not enough for the scammer so they kept calling and harassing her for more money. She then went to a different bank branch and withdrew the rest of the money which she also handed over to the man who came to the house.
As you can imagine the funds were not deposited back into her account and the money is gone. She is 89 years old, receives the age pension and lives alone. She is now terrified that the scammer will return and kidnap her beloved dog or do other damage.
Police were notified but there is very little that can be done. She was scared to tell her family because she knew they would yell at her. I urged her to tell her son which she agreed to “think about”. She eventually told him about a month after the event. I believe he has met with the bank but I don’t know the outcome. I’m pretty cross that they would hand over such large sums of money to a person of that age who has to use a walking frame when she goes out.
That is a sad story but not unique. Many people, especially older ones fall victim to scams every day and it is obvious changes need to be made, but since it is her money on what grounds could a bank reasonably refuse to allow a customer to withdraw funds in person?
There are daily limits for EFT, debit, and ATM transactions but an in-person visit fronting a teller allows the Q&A, as was obviously done. Do you have a suggestion on how a bank can protect a senior who appears to be getting scammed as compared to say a senior buying a vehicle for cash (as still can be done, at least for a while)?
As an aside, walking frames (or crutches or other physical impairments) do not go hand in hand with mental competency.
“… on what grounds could a bank reasonably refuse to allow a customer to withdraw funds in person?”
I understand that they can’t refuse to let you have your own money. Perhaps all users of cash could be asked to give 24 hours notice for amounts over say, $2,000. It would at least give the customer time to think about what they are doing.
Some banks educate their front line staff about scams, which gives the tellers the opportunity to ask the customer specific questions and (possibly) alert the customer that they could have fallen for a scam.
I am well aware that the use of a walking frame does not indicate mental capacity - I was thinking more that she would have been extremely vulnerable going back to her car with that amount of cash because she has difficulty walking.
My heart breaks that such an elderly, trusting person would be taken advantage of so callously.
Rather than ‘yell at her’ her family should be taking better care of her as it seems that her advanced age and trusting nature is putting her at risk.
Frankly, I don’t see it as a bank problem. Making it harder to get our own money out of bank deposits would not have solved your friend’s problem, in fact she even went to another branch to withdraw the rest of the money.
Having said this, I still think it’s very sad that she had to go through this and also the fear that she’s experiencing now.
I hope that she has reported it to the police. I suspect that it is possible that it is someone who knows her and may be exploiting her vulnerabilities.
The police may be interest in pursuing, especially if the criminals are still in contact with her. It may be the best way to get the money back as it is unlikely there will be any success with the bank.
The fact the scammer knew which bank branch she was attending, and the type of account of the funds (easy to access transaction account) and asked for an exact sum which her funds would cover, would suggest a certain knowledge of the victim.
Surprising also that they went into her house, face to face, and can be described to the police. But most probably they had already absconded as apparently no one was told until much later.
Maybe there could be more information especially to the elderly to make them more aware of scammers?
I do hope the solution is not going to be a repeat of the shop-lifting security kind which is increasingly making life hard for everyone because of problems with some.
I am calling from the Visa and Mastercard fraud department
(so only sort of bank impersonation)
More recently they seem to have dropped the “Mastercard”, perhaps because it’s not very credible that Visa and Mastercard would be allowed to operate a joint fraud department.
I just received an email attempting to harvest CBA log-in & password. Subject: It looks like you’ve entered your access code incorrectly for the NetBank app.
Fortunately obvious to the wary eye - Hi! (no name), from a non-bank email, non-bank link, CBA name incorrect, mix of other banks eg BOQ. It was laughable that the Important Information below said the bank would not include an embedded link in emails etc - just as they had done above. Unfortunately, it would probably fool the time-poor or less wary. It had all the right colours and symbols.
The scams are getting more sophisticated on Android banking apps - see how many you spot - I got 4 out of 6 and hang my head in shame!
I started doing it on my mobile but it was far too small on the screen - which I guess illustrates some of the point!! When I moved onto a full sized computer screen, I managed 5 out of 6.
One of the more difficult things for scammers to fix is where the links go. They can fix all the dodgy spelling, they can make the fonts, colours and logos perfect, and professional scammers can fix the “no name” (using data from data breaches). So checking links is a priority for me - and not clicking on links regardless. The other priority is checking certificates.
I consider the genuine bank apps to be the most secure - certainly more secure than using a web browser. This thread seems to be about fake bank apps. This may be partly due to the vetting system of Google Play. Hopefully the Apple App Store is more reliable.
The other issue is the internet connection. Using a web browser to do banking on an unknown wifi is risky. Using your mobile phone for data in these circumstances is likely to be more secure.
Not really. Whatever risks exist for a web browser in that situation also exist for an app. The point is: any communication that you do over an unknown WiFi must use end-to-end encryption - and once you do use end-to-end encryption you are not subject to most of the effective attacks that an untrusted WiFi network could launch against you.
Of all the zillions of scams that are successful against Australians each year, my money would be on that only a tiny fraction of them rely on an untrusted WiFi as the method of attack.
