CHOICE membership

Unexpected Refund from NRMA Insurance - NOT a scam

I recently received an email from NRMA Insurance (out of the blue) telling me that they have reviewed my Home Insurance premiums history and discovered that they had incorrectly calculated my discounts and therefore owed me some money! - so could I contact them to advise my bank account details to accept the refund, as that is the only way they could make the payment to me.
Well of course my suspicions were immediately aroused & smelled scam. But I looked more closely… Yes I did have such a policy with them, and Yes they did quote the correct policy number. But while they did not include a link to click (which was a relief), they did quote a 1300 phone number to ring which was not the number I normally ring to contact NRMA Insurance.
So still suspicious, I rang my usual number to them and enquired about it, only to be transferred by the answering operator (after my explanation) to the “Refunds Dept” !!, where they advised me that it was in fact correct and they had reviewed my discounts back to the 2014-15 year and owed me $197.xx
Thus 99% satisfied but surprised, I provided BSB & account number details of an account that I keep for just such semi-suspicious occasions with next to no funds kept in it, and now wait for the suggested 10 or so business days to see if it comes good.
I offer up this info in case someone else receives similar uncharacteristic offer from this ‘not-insignificant’ organisation.
My cynical self however is wondering whether they do it in this way so that they can be seen to be honestly offering to correct mistakes, BUT doing it in such a way that the customer may well dismiss it as a scam, and so not take the required action to receive the refund.


I would expect that a letter would be the appropriate communications for this, unless you have advised that you want email as your preferred method, as I have done for many companies I deal with.


I also received a similar email from NRMA and, like you, was immediately suspicious. I checked the NRMA website and saw that the phone number quoted in the email was indeed the number to ring concerning refunds. I rang, and was informed that I had not one, but two refunds owing, apparently because my discounts had been incorrectly calculated. One refund was on a policy for a caravan we had sold over two years ago. I also thought that a letter would have been a more appropriate means of advising me of the refunds but, we do live in a technological age.

1 Like

It asks the question - do businesses need to support change to provide a secure email service?

The current practice of using what is effectively an open service exposes personal or confidential content with every email sent.

True, it is cheaper for the businesses than postage, convenient and above all mostly free from consequences for the business. But most often it is the consumer who is the looser when personal details are misused.

It’s good to know there is caution being displayed with the NRMA notice, although how many may simply ignore it as another doubtful scam?

Can anybody suggest how that would work and how secure it would be?

The Internet SMTP protocol has no provisions for any sort of security as far as validating headers or protecting the content. There are a number of protocols developed for secured email, but no universal standard as yet such as we have for HTTPS. Work in progress.
However, in the case of this NRMA email, it is a notification message only. No links to invite a malicious process. As long as the number given to call can be verified by referring to another source, I don’t see any sort of security problem.

1 Like