BCU Bank Logo

Search www.bcu.com.au

Staying safe from scams

What are banking scams?

If an offer or communication seems too good to be true or seems fishy, it probably is.

Scammers are getting more creative with the way they’re attempting to scam people, and they’re making attempts more frequently. In Australia, there’s been an increase in scams targeting banking customers in particular. To help you understand what banking scams are and be prepared to better protect yourself, we've put together some useful information and things to look out for.

Scam methods are changing all of the time, but most have a few things in common:

  • The goal is always the same – they want your money, your personal information, or both.
  • The scammer will be very persuasive to gain your trust. It’s their job, and they’re very good at it.
  • The scammer may try to isolate you, tell you to keep what you’re doing secret, or even ask you to be untruthful to your bank, friends, and family.

Common types of scams

There are many ways scammers can attempt to obtain personal information from you, but there’s no reason to be afraid, just be aware and alert. Some of the common types of scams are: remote access scams, phishing scams, investment scams and telephone scams.

Remote access scams

Remote access scams occur when the scammer contacts you via phone, email, or text, claiming to work for a well-known company, or you may even be presented with a pop-up on your computer prompting you to call a number on the screen. Banks, telco providers, and government agencies are often impersonated for this type of scam.

Scammers might tell you a fake but credible story, such as claiming your security has been compromised, to convince you to give them remote access to your device or computer. Remote access applications can be used by a scammer to gain access to your device, which may give them direct access to your internet banking, passwords, bank card details, or other personal information.

It’s highly unlikely that the real company would make an unsolicited call or ask you for remote access to your devices. Treat any unsolicited calls with caution, and if you’re unsure about the legitimacy of a call, hang up and call back on the company’s official contact number.

Police, tax, and government scams

These scams occur when someone contacts you claiming to be from a government organisation, like the police force or the Australian Tax Office. They might claim that the reason they’re contacting you is because you’re overdue in paying for a fine or a tax bill and request that urgent payment is made by purchasing gift cards or providing your bank details, for example.

Another approach they might take is telling you that you have a tax refund which they can give you on the spot, to trick you into sharing personal information or giving them access to download malware. Government agencies do not operate in this way, so be alert if this situation arises and seek confirmation directly.

Alternatively, a scammer might say that they need your help (and your bank account details) to catch a fraudster, or if you have been a victim before, to help you get your money back. The police agencies to not act in this way, so be alert and seek confirmation directly if concerned.

If you receive one of these calls, you should hang up, confirm the number from a legitimate source, and call the organisation back. They’ll be able to confirm if the call was genuine and if any further action is required.

Another common scam is an email that looks like it comes from the Australian Government via myGov. It has the subject line ‘Important information regarding your account’, includes the myGov logo, and claims to be from the myGov team. Instead, the email is a phishing scam designed to steal your personal and financial information.

To ensure you stay safe, never give your account or card details to anyone without checking if the request is legitimate. It also helps if you know the status of any tax debt you owe, refunds due, and lodgements outstanding. This knowledge will help you be more aware and less likely to fall victim to a scam. You can find out more on the Australian Cyber Security Centre website.

Phishing scams

Phishing scams are intended to mimic or look like legitimate communications from well-known companies. They can be received via email, text message, or even social media posts and direct messages. They may look like they come from your bank, your telco provider, or one of your friends on social media, but they’re cleverly designed to trick you into taking an action or providing your personal details.

Phishing scams can claim that there is a problem with your account or similar, and request you click a link to verify your details. Sometimes they can be as simple as a short message saying you have a parcel on the way, but if you click the link, malware may be installed on your device. Or, you may receive a message on social media from one of your friends out of nowehere asking you to click on a suspicious link.

Most organisations will have their own email domain and company accounts. For example, legitimate emails from bcu will read ‘@bcu.com.au’. Sometimes we use reputable partners to securely send emails or contracts on our behalf. If the domain name (the part that comes after the @ symbol) matches the sender of the email, the message is most likely legitimate, but it’s important to confirm if you’re unsure. By contrast, if the email comes from an address that isn’t affiliated with the apparent sender, it’s almost certainly a scam. The most obvious way to spot a phishing email is if the sender uses a public email domain, such as ‘@gmail.com’, or tries to mimic a company name but spells it slightly differently or adds in unusual characters. If you are ever in doubt make sure you contact us.

If you receive one of these communications or any communication you’re uncertain about, you should avoid clicking any links or filling in any forms and delete it immediately. Be aware of messages that include a sense of urgency or are asking for your personal information, and always keep an eye out for senders that don’t look legitimate.

bcu will never ask you to supply your personal information or login details via an email attachment, and we will never send a link via text directing you to log in to bcu iBank.

Investment scams

An investment scam is when someone gets in touch with you out of nowhere and offers promises of big payouts or profits, quick money, or guaranteed returns.

You may receive a call or email from someone claiming to be a portfolio manager or stockbroker offering investments with high returns, or you may be contacted by someone on social media offering you an easy opportunity to make money. The scammer will seem knowledgeable and may provide you with information and figures to convince you of their legitimacy, but it pays to do your research before investing.

You should always perform sufficient checks before providing your details to anyone that’s contacted you out of the blue. Information on registered financial advisors can be found on the ASIC website, and ASIC also has a list of companies you should not deal with. If the company that’s contacted you is on this list – do not invest with them. Independent information about investment choices can be found on ASIC’s Moneysmart website.

Telephone scams

Telephone scams are another one to be aware of. A common telephone scam is where a scammer calls and claims to be from your bank, the ATO, a telco provider, or another organisation. They may ask for personal or banking details or ask you to make a transfer or immediate payment for some reason.

Please be aware that bcu will never request for you to transfer money to correct an error.

If you receive a call from someone claiming to be a bcu employee and you’re unsure about the legitimacy or have any concerns, please don't provide any banking or personal information and instead ask for their name and take note of the number they’ve called from, hang up, and call our Contact Centre on 1300 228 228.

Relationship scams

Relationship scams may start as a friend request on social media or on a website – for example, a match on a dating site. They can take the form of platonic friendships or potential romances. In these instances, the scammer uses a fake identity to get your attention and interest and build an emotional connection with you, to get something from you (e.g. money or your personal details).

To help protect yourself from relationship scams, be wary of any requests for money or other information. Never send money to someone you haven’t met in person or are unsure of, and always consider the possibility that their motive is ingenuine. Common reasons scammers can claim to need money may be for medical costs, unexpected bills, flights and accommodation, family issues, or because they’ll be in danger without it.

Sometimes the scammer will even ask you to accept money into your bank account, obtain your confirmation, and then transfer it to someone or somewhere else. These scenarios are very likely to be forms of money laundering which is a criminal offence. It’s important to be aware of these scams and never agree to transfer money for someone else.

Find out more about relationship scams on the Scamwatch website.

Elder financial abuse

Elder financial abuse can occur when strangers, carers, or even trusted family members or friends, try to take advantage or cheat an elderly person out of their assets. This can include, but is not limited to, things such as their home, belongings, or savings, and is often done by forgery, lies, misrepresentation or manipulation.

We encourage our members to read Safe & Savvy: A guide to help older people avoid abuse, scams and fraud by the Australian Banking Association to learn more.

SIM card swap fraud

This type of fraud focuses on moving control of your telephone account from your SIM card to one controlled by a criminal. Depending on your telco provider, this can often be done with as little information as your name, mobile number and date of birth – details which can sometimes be found on social media or obtained via a phishing scam.

If a fraudster has the information required and convinces your telco to request a SIM swap and a change of personal settings, the fraudster can then take over your mobile phone number. With access and control of your mobile phone number, this can provide scammers with access to your two-factor authentication for secure portals such as online banking.

To protect yourself against SIM swap fraud, keep an eye out for any unexpected messages from your telephone provider saying that you have requested for your mobile number to be transferred.

If you suspect you may have fallen victim to one of these scams, contact your telco provider immediately, and contact your bank and any other important providers to ensure nothing suspicious has occurred.

What to do if you have been scammed

If you think you may have been scammed and have provided the scammer with your banking details, please contact us immediately.

Depending on the type of scam, we recommend you change your login password via bcu iBank and also run an anti-virus/malware check across all of your devices.

If the scammers are successful in stealing your money or identity, you should report the matter to the Australian Cybercrime Online Reporting Network (ACORN) and your local police.

Would you like more information?

The Australian Government's Cyber Security Centre website has tips and information to help you stay safe online and the Australian government’s Scamwatch website also has a range of information and support.