Important security information Phishing scams are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.
A scammer contacts you pretending to be from a legitimate bank by email, phone call, or text message.
The scammer asks you to provide or confirm your personal details. For example, the scammer may say that the bank is verifying customer records due to a technical error that wiped out customer data. Or, they may ask you to fill out a customer survey and offer a prize for participating.
Alternatively, the scammer may alert you to 'unauthorised or suspicious activity on your account'. You might be told that a large purchase has been made in a foreign country and asked if you authorised the payment. If you reply that you didn't, the scammer will ask you to confirm your credit card or bank details so the 'bank' can investigate. In some cases the scammer may already have your credit card number and ask you to confirm your identity by quoting the 3 or 4 digit security code printed on the card.
Phishing messages are designed to look genuine, and often copy the format used by the bank the scammer is pretending to represent, including their branding and logo. They will take you to a fake website that looks like the real deal, but has a slightly different address. For example, if the legitimate site is 'www.realbank.com.au', the scammer may use an address like 'www.reallbank.com'.
If you provide the scammer with your details online or over the phone, they will use them to carry out fraudulent activities, such as using your credit cards and stealing your money.
Protect yourself
Do not click on any links or open attachments from emails claiming to be from your bank or another trusted organisation and asking you to update or verify your details – just press delete.
Do an internet search using the names or exact wording of the email or message to check for any references to a scam – many scams can be identified this way.
Look for the secure symbol. Secure websites can be identified by the use of 'https:' rather than 'http:' at the start of the internet address, or a closed padlock or unbroken key icon at the bottom right corner of your browser window. Legitimate websites that ask you to enter confidential information are generally encrypted to protect your details.
Never provide your personal, credit card or online account details if you receive a call claiming to be from your bank or any other organisation. Instead, ask for their name and contact number and make an independent check with the organisation in question before calling back.
