Security threats and how to protect yourself
Threats to clients and customers continue to evolve and impact users of financial services through various methods, and in different ways. Being aware of the different threats that exist, and what you can do to prevent them, is the best way of avoiding them.
Online threats can refer to any type of fraud or scam generated through the internet or via email. Most online threats are designed to steal personal information such as credit card numbers, user names and passwords. These are typically executed through social engineering scams. The main intent is to gain a financial benefit via fraud.
How you can protect yourself
Here are four simple precautions you can take to help to protect yourself online:
Use strong passwords and keep them secret
A good password should be at least eight characters and contain a mix of letters, numbers and symbols in upper and lower case. Avoid using your name, username or something easily identifiable. Remember to use different passwords for logging into different sites and change your passwords regularly. Never use your internet banking password to access other websites. Protect your online password in the same way you would protect your ATM PIN. Never disclose your passwords and don't write them down or carry them together with your cards or in your wallet or bag. If you believe your password may have been compromised contact us and change it as soon as possible.
Be aware of email/phishing scams
We will never ask you to verify or confirm any personal information or passwords via an email. If you receive any request purporting to be from us please send to firstname.lastname@example.org
Check you are on a secure website
When performing online transactions always ensure the website is secure. This can be done by checking the browser bar starts with' https://' or you will see a padlock either on the browser bar or in the bottom right corner of the web page.
Limit the information you make public on social networking sites
Restrict personal information such as date or birth, phone number and address as this may lead to identity theft.
How we protect you
We are committed to providing a secure banking environment for all our clients and customers. We use the latest technology to ensure a safe and secure environment to protect your personal information and privacy.
We protect your accounts with us against loss as a result of fraud. When conducting your online banking with us, we provide you with peace of mind knowing that we will protect you against losses for unauthorised fraudulent transactions where you have not contributed to the loss. We work closely with law enforcement agencies to ensure fraud matters are handled with proper care and due diligence.
If you have experienced an online threat or have fallen victim to phishing or any other type of online fraud, please contact 1800 803 310 (or +61 8232 3333 from overseas).
You can also notify us by email at email@example.com. If possible please send your contact phone number and the suspicious email as an attachment, rather than forwarding the email. This helps to identify the author and source and will be used to help reduce online fraud.
For more information pertaining to online threats and how to protect yourself you can visit:
- ASIC’s MoneySmart, the consumer section of the Australian Securities and Investments Commission (ASIC)
- Scam Watch, a website operated by the Australian Competition and consumer Commission (ACCC)
- Stay Smart Online. The Australian Government's cyber security website
Common types of fraud
It is important to secure your computer properly to prevent putting yourself and possibly your family and friends at risk. There are simple measures you can take to protect your computer and your personal information.
Protect your computer
Operating system (eg Windows) – Regularly check your operating system is up-to-date. (You can do this by ensuring "auto updates" are enabled.) This will help protect you against online security threats such as malware
Anti-virus software – Up-to-date anti-virus software is key in helping prevent online threats and protecting your details while performing online banking
Web browser – An up-to-date web browser will help protect you against security threats such as malware. The latest browser version can be downloaded from your browser providers' website. (eg Microsoft if you are an Internet Explorer user or Mozilla if you are a Firefox user)
Anti-spyware – Spyware is a form of online snooping. You can help prevent spyware by using up-to-date anti-spyware software
Wireless connection – If you are using a home wireless network, make sure this has been set up securely. If you are using a third party network, ensure you only use a trusted and secure wireless network connection.
Phishing is a technique used by fraudsters to obtain sensitive information such as passwords, internet banking logons and credit card details by sending an email or message pretending to be from a trustworthy source. This contact may also take place in the form of a phone call ('Vishing') or a text message ('SMSishing'). Communications claiming to be from banks, popular social websites and auction sites are commonly used to trick the unsuspecting web user.
Fraudsters send out millions of these fraudulent emails to random e-mail addresses in the hope of luring unsuspecting innocent persons into providing their personal banking details. More commonly now, fraudsters are narrowing their attacks (spear phishing) in an attempt to target specific groups and/or individuals.
We do NOT send such emails to their clients to confirm or verify any personal information.
If you receive an email, text message or phone call and you are unsure whether it is legitimate, you should never respond or provide your personal details. Instead, contact us directly using a number or method you know is genuine.
Emails and text messages
You may receive emails or text messages, directing you to websites that ask you to enter your personal information. The aim of many of these email scams is to take you to websites that may look like the genuine site but are in fact a clone website. When you click on a link or enter your personal details, the information may be sent to someone other than your bank or other service providers. This means that someone else may be able to access your accounts.
You should be cautious when receiving unsolicited phone calls from people claiming to represent your bank or another business, especially when you are asked to provide information about your login credentials or card details. 'Vishing' is the term used for this process, where the caller's objective for contacting you is attempting to obtain these details for their financial gain.
Protect yourself against phishing scams
- Never access this website from links in an email.
- Always log into to internet banking by typing in the full web address into your browser bar.
- When you are on a banking website, look for the padlock icon and "https://" to make sure you are on a secure site
- Report any phishing attempts to us at firstname.lastname@example.org.
Viruses and trojans
Viruses and trojans are collectively known as malicious software or 'malware' which is designed to destroy data, or steal information. Some malware is designed to activate when you log on to your internet banking. Malware can record your username, password and other personal information which can then be used to gain access to your account.
Protect yourself against malware and viruses
- Do not open any emails from someone you do not know and trust
- Do not open attachments unless they are expected and the contents are known
- Install, activate and maintain a firewall on your computer
- Install and maintain reputable anti-virus and anti-spyware software
- Keep your operating system (eg Windows) up-to-date.
Spam or electronic 'junk mail' is unsolicited commercial messages sent to a person's email account or mobile phone. Spam messages may contain offensive material, promotions for fraudulent services, solicitations of personal information and bank details. They may also contain malware or link to a website which contains malware which may make you vulnerable to attack or compromise.
Your internet service provider can often provide spam-filtering software. This flags emails as spam, so that you do not receive as many in the future. You can end up on a spammer's mailing list by:
- signing up to a newsletter from an unscrupulous website, which then on-sells the email addresses of its subscribers
- providing your email address on a newsgroup, message board or your personal web page as well as social networking sites such as Facebook
- choosing an email address which is then guessed (automatically generated) by software used by the spammers.
Protect yourself against spam
- If you are unsure about whether an email is genuine, assume it isn't and delete it
- If you receive an attachment you weren't expecting, or from someone you don't know, don't attempt to open it
- Never respond to a spam message as this will confirm your email address as genuine to the spam sender.
If the email looks like it's from us requesting personal information or account details, report it to us on email@example.com
A large part of online crime is now centred on identity theft. This specifically refers to the theft and use of personal identifying information of an actual person, as opposed to the use of a fictitious identity. This practise can include the theft and use of personal information of persons either living or deceased.
Trust your instincts when people contact you online or over the phone. Make sure you verify who it is you are speaking to and don't be afraid to say 'no' or to simply hang up and end the conversation without giving a reason.
Protect yourself against identity theft
- Secure your home letterbox
- Don't share personal information in an email, online communication or over the phone with people you do not know nor trust
- Use strong passwords, with a combination of letters, numbers and symbols, and keep them secret. The password should contain a minimum of eight characters
- Don't provide your internet banking logon or password to anyone
- Never use you internet banking password to access other websites
- Delete spam and scam emails. If the offer sounds too good to be true – it probably is
- Keep your anti-virus and firewall software up-to-date
- Always logon to internet banking by typing in your bank's full web address.
- Don't use public computers for internet banking e.g. internet cafes, libraries or hotels
- Do not install software or run programs of unknown origin
- Guard your date of birth, current address, driver's licence number and passport details carefully and only provide them to trusted people and entities.
The ABA, ASIC and the AFP have worked together to produce a website called www.protectfinancialid.org.au which also provides tips on how you can avoid becoming a victim.
Scams have existed for centuries, however the internet allows scammers to reach a much larger audience.
A scam might come in the form of an email, contact from an unknown person through websites such as dating sites, online forums or social networking sites. Scams are usually designed to either steal your money or trick you into revealing personal information. They use techniques to manipulate you and appeal to your good nature, and are constantly evolving.
'Cold calling' scams are an unexpected or unsolicited telephone call offering investments or financial advice. The investments they offer usually guarantee high returns or encourage you to invest in overseas companies.
The scams sound professional and may have other resources to support their claims. Cold callers often claim to be stock brokers or portfolio managers.
Generally speaking, it is illegal for anyone to offer you financial advice or a financial product, such as shares, without an Australian Financial Services licence (AFSL) issued by the Australian Securities and Investments Commission (ASIC).
Protect yourself against scams
Do not transfer money for or provide credit card/bank account details to anyone you do not know and trust
Verify or research any offer, company or charity before agreeing to proceed
If it sounds too good to be true, it probably is If you receive a phone call out of the blue, always ask for the name of the person you are speaking to and who they represent
If someone offers you an investment or other financial service, ask for their Australian Financial Services Licence number: check this with ASIC.
Do not let anyone pressure you into making decisions about money or investments: always get independent financial advice
Be wary of investments promising a high return with little or no risk.
For more information on suspected scams go to www.scamwatch.gov.au.
You may also report any scam to this site as well to your local police.
Report any scam attempts to us at firstname.lastname@example.org