Home Breaking News Bank Scam ‘Spoof’ On Mobile Phone Text Messages Fooling Customers

Bank Scam ‘Spoof’ On Mobile Phone Text Messages Fooling Customers

SCAM ALERT: Watch out for fake text messages that look exactly like your bank | Bank Scam ‘Spoof’ On Mobile Phone Text Messages Fooling Customers

Criminal scammers are now getting inside of your phone’s text messages to impersonate official banks.

A blatant new type of form of a “spoofing” scam – where fraudsters are able to infiltrate into pre-existing genuine text message threads from banks – has hit Australian customers.

National Australia Bank has issued an alert to customers to look out for suspicious text messages and phone calls, after customers were targeted over the weekend with the phony messages.

advertisment
Save 25% OFF your daily hire rate*, plus be in to WIN a 7 day motorhome holiday.

The nation’s competition watchdog’s Scamwatch agency has warned that “just because a message shows in the same SMS thread as other legitimate messages it does not mean the new message is real”.

Cyber experts are now saying customers need to “religiously” check their bank or financial statements as scammers ramp up their phishing attacks.

Under traditional “spoofing” scams, conmen are able to “overstamp” or “spoof” their text messages to appear as though they are coming from a real bank, prompting people to call and reveal personal details.

Hackers have managed to spoof real text messages from Australian banks in real conversations with customers.
Bank Scam | Hackers have managed to spoof real text messages from Australian banks in real conversations with customers.

But in the latest version of the scam, criminals have been able to insert their messages into pre-existing official text message communications with banks, making the requests appear totally authentic.

NAB investigations and fraud executive Chris Sheehan said NAB’s systems “had not been breached in any way”.

“Criminals can send messages with the sender’s name set to ‘NAB’ or other organisations which means their messages can appear in the same thread as other official texts sent from NAB,” he said.

““When a customer receives a text message or call impersonating NAB, it means a criminal has ‘spoofed’ our number and is impersonating us.”

One customer who contacted The Daily Telegraph said he’d received a text purportedly from NAB advising “that a suspect transaction I had made was on hold subject to checks”.

The text asked him to call a number and quoted a reference number.

NAB Scam Text message

“The text appeared genuine as a NAB text because it was part of an earlier legitimate exchange of texts from the NAB, the same text thread, wherein they advised me about a cancelled card and delivery of a new card,” he said.

When he rang the number, he thought it odd it was answered quickly by someone simply saying “hello”. The scammer asked for the reference number and when challenged to prove he was from NAB, the scammer hung up. The customer rang the bank’s fraud hotline.

“They said the security team had been smashed over the weekend by a high volume of real customers calling to report attempted fraud,” he said.

NAB Bank Scam | SMS Phone Scam | Scammers are getting increasingly sophisticated.
Scammers are getting increasingly sophisticated.

The Australian Competition and Consumer Commission’s Scamwatch agency said they were aware of scammers impersonating banks using spoofed phone numbers, as well as sender IDs.

“As the sender ID is spoofed the communication looks legitimate and people think they are dealing with their bank and will call the telephone contained in the SMS,” an ACCC spokeswoman said.

“Remember, just because a message shows in the same thread as other legitimate messages it does not mean the new message is real.”

Cyber safety cop Susan McLean said spoofing had been around a while, but “we’re certainly getting more of them and they are becoming more sophisticated”.

Susan McLean, Cybersafety expert and educator says “never give out banking details, passwords to anyone online purporting to be moving your money from one account to another”.

Susan McLean, Cybersafety expert and educator says “never give out banking details, passwords to anyone online purporting to be moving your money from one account to another”.

“The criminals, the hackers are out there are on the front foot, they are ahead of everyone else,” she said.

“If someone from an organisation cold calls you, take a note of where they are from, hang up, find the phone number yourself and ring back.

“Disconnect the call and walk away if you become concerned at any point in the conversation.

“Never give out banking details, passwords to anyone online purporting to be moving your money from one account to another.”

SCAMWATCH TIPS:

Check if:

  • The message looks different to other messages in the SMS thread, such as different wording or spelling mistakes.
  • A sense of urgency or threat to the message.
  • A suspicious looking link – don’t click on any links in SMSs or emails.
  • If you receive a phone call using the sender ID or phone number of your bank, check that it is your bank. If you are in doubt at all, hang up. Call the bank back from details on their homepage.
  • Once compromised and you need to transfer money to a different account. This is not standard procedures for a bank and should be a red flag something is wrong.
  • Never provide passwords or personal information with anyone over the phone. Your bank will never ask you to provide your passwords or security codes they send you the scammer has you on the phone they will immediately tell you your bank account has been.