I recently received an email from NRMA Insurance (out of the blue) telling me that they have reviewed my Home Insurance premiums history and discovered that they had incorrectly calculated my discounts and therefore owed me some money! - so could I contact them to advise my bank account details to accept the refund, as that is the only way they could make the payment to me.
Well of course my suspicions were immediately aroused & smelled scam. But I looked more closely… Yes I did have such a policy with them, and Yes they did quote the correct policy number. But while they did not include a link to click (which was a relief), they did quote a 1300 phone number to ring which was not the number I normally ring to contact NRMA Insurance.
So still suspicious, I rang my usual number to them and enquired about it, only to be transferred by the answering operator (after my explanation) to the “Refunds Dept” !!, where they advised me that it was in fact correct and they had reviewed my discounts back to the 2014-15 year and owed me $197.xx
Thus 99% satisfied but surprised, I provided BSB & account number details of an account that I keep for just such semi-suspicious occasions with next to no funds kept in it, and now wait for the suggested 10 or so business days to see if it comes good.
I offer up this info in case someone else receives similar uncharacteristic offer from this ‘not-insignificant’ organisation.
My cynical self however is wondering whether they do it in this way so that they can be seen to be honestly offering to correct mistakes, BUT doing it in such a way that the customer may well dismiss it as a scam, and so not take the required action to receive the refund.
I would expect that a letter would be the appropriate communications for this, unless you have advised that you want email as your preferred method, as I have done for many companies I deal with.
I also received a similar email from NRMA and, like you, was immediately suspicious. I checked the NRMA website and saw that the phone number quoted in the email was indeed the number to ring concerning refunds. I rang, and was informed that I had not one, but two refunds owing, apparently because my discounts had been incorrectly calculated. One refund was on a policy for a caravan we had sold over two years ago. I also thought that a letter would have been a more appropriate means of advising me of the refunds but, we do live in a technological age.
It asks the question - do businesses need to support change to provide a secure email service?
The current practice of using what is effectively an open service exposes personal or confidential content with every email sent.
True, it is cheaper for the businesses than postage, convenient and above all mostly free from consequences for the business. But most often it is the consumer who is the looser when personal details are misused.
It’s good to know there is caution being displayed with the NRMA notice, although how many may simply ignore it as another doubtful scam?
Can anybody suggest how that would work and how secure it would be?
The Internet SMTP protocol has no provisions for any sort of security as far as validating headers or protecting the content. There are a number of protocols developed for secured email, but no universal standard as yet such as we have for HTTPS. Work in progress.
However, in the case of this NRMA email, it is a notification message only. No links to invite a malicious process. As long as the number given to call can be verified by referring to another source, I don’t see any sort of security problem.
I found a copy of the same letter in the documents section of the instance policy once I logged in to my NRMA account so it was legit. Still don’t understand how a company as large as the NRMA in 2021 can’t do it in a ‘less suspicious’ way.
Hi teebee - welcome to the Choice Community and thank you for sharing your views!
Please feel free to comment and add any ideas or questions you need solving, they are always welcome here.
Hopefully, we can help you out or add some insight into any issues.
Welcome to the community @teebee
We also received an email stating:
During a review of the way we calculate your premium we identified that you did not receive the No Claim Bonus you were entitled to for part of your previous NRMA Insurance policy listed below. We apologise for this error.
and it stated:
You can choose to contact us online by visiting the NRMA website and searching for ‘refunds’ to provide your bank details on our dedicated refunds page. Alternatively, you can talk to our team online via web chat or Facebook Messenger, or you can call us on 1300 064 698 Monday to Friday between 8.30am and 8.00pm AEST.
There were no links in the email to the NRMA website which meant that one had to use their usual methods to go there and search for ‘refunds’ to find the appropriate page to start the refund process.
Such approach is less suspicious and makes the consumer find the information…rather than a potentially suspicious phishing type link.
If one searches the phone number, it comes up as a recognised number for the NRMA refund hotline.
I am not sure what else they can do to protect their customers.
Strictly speaking, it’s not email as we usually think of it. Banks tend to offer it, as does the federal government. You are sent a regular email or SMS to advise you that you have a new secure email. To read that email, you need to log on to the eg bank’s website, and navigate to the secure email page.
Ah, thank you.
I received a letter inform a refund was owing, but my preferred communication mode is letter. I phoned NRMA to check that the letter was bonafide. Well done NRMA.
I received an email informing me a refund is due - about $7 and it will be sent by cheque to the address noted.
huh? I didn’t pay by cheque so why is the refund not being made by the method I paid?
and what on earth will I do with a cheque? and why email since letter is coming too? Although I’m glad I got the email because the address is incorrect.
So many questions… I
They can be deposited into your account at a bank. Check if your bank has arrangements with the post office, as they might be able to be deposited there too.
AS these are historical overcharging, it is possible the payment method used may no longer be available to them… Such as credit card no longer exists.
Like home addresses, payment details can change over time.
