Australians are losing millions to bank impersonation scams – and the government and telcos could do more to stop the thefts, a cyber security expert says.
Scammers are tricking victims into handing over their hard-earned dollars by making calls appear like they come from a bank’s legitimate phone number, or by sending a text that appears in the same conversation thread as genuine bank messages, Scamwatch found.
The calls or messages impersonate the big four banks, as well as other financial institutions.
Scamwatch received 14,603 reports of bank impersonation scams in 2022, resulting in more than $20 million in losses. Total losses to all reported phone and text scams last year were estimated at more than $169 million.
Avast cyber security expert Stephen Kho told The New Daily the scams, particularly the messages appearing in the same SMS chain as legitimate bank texts, are largely the result of a lack of protective mechanisms from telcos and the government.
He pointed to Singapore as a possible example for Australia to follow – since January, all organisations that use SMS sender IDs are required to register them with an official registry.
This measure came after scammers hid behind the alphanumeric names that legitimate organisations use to identify themselves in text messages to impersonate banks and scam victims last year, much like what has been happening in Australia.
Tweet from @_marty_k
“[The Australian government] should legislate these safety protection mechanisms … and then it’s up to the telecommunications providers to implement that,” Mr Kho said.
A spokesperson for the Australian Competition and Consumer Commission (ACCC) said the organisation is advocating for Australia to adopt best practice scam protections for consumers like those in other jurisdictions, including the SMS SenderID registry in Singapore.
“The ACCC has met with key stakeholders in Singapore to discuss this concept and will continue to work with [the Australian Communications and Media Authority] on potential solutions,” they said.
But even if more authentication processes were put in place, people should still be “paranoid” in order to avoid being sucked in to scams, Mr Kho said.
Life savings stolen
ACCC chair Catriona Lowe said these bank impersonation scams are “emptying every last cent out” of victims’ savings accounts.
The average loss is $22,000, and there have been more than 90 reports of losses between $40,000 and $800,000.
“We know of a man who lost over $500,000 after receiving a call from someone claiming to be from a major bank’s security department, wanting to know if a payment had been authorised,” Ms Lowe said.
“In another case, a man lost $38,000 after receiving a scam text message about a suspicious transaction.
“The scam text appeared in the same conversation thread as legitimate messages from his bank. He called the number in the text and was put through to a member of the banks’ fraud team. Unfortunately, it was an elaborate scam and he lost everything.”
How to avoid getting scammed
From playing on our emotions to refining their techniques, scammers use a vast array of tools to get their hands on your money.
Read on to find top tips on how to avoid falling victim to bank impersonation scams:
- Think with your head: Scam calls and message often carry a sense of urgency or threat that legitimate communications from a bank. Instead, legitimate messages will often encourage you to log in to the organisation’s official website to sort out any issues. “If there’s a sense of urgency, then your Spidey-senses should be tingling,” Mr Kho said.
- Double-check: If you think it’s possible an issue might be real, never click on any links sent to you or give out your personal information on an unexpected call from you bank. Instead, look up relevant information on the bank’s website, or hang up and call the bank through the official number you’ll find on its website.
- Avoid direct transfers: If you’ve been asked to transfer money to a different account to ‘keep it safe’ or for ‘further investigation’ – don’t. The ACCC says this is not standard procedure for a bank, it is a scam.
- Spread the word: If you’re on the receiving end of a scam text or call, tell your friends and family about it. This will help them keep on the lookout for scams, and potentially lessen any embarrassment if they fall victim themselves.
- Report to authorities: If you think you’ve been contacted by a scammer, or have been a victim of a scam, contact your bank and report the incident to Scamwatch.