IMB and Your Security
At IMB the security of your personal and account information comes first.
You may be aware that in the financial services sector there are a number of emerging scams and frauds. Working together we can better protect you from becoming a victim by doing the following:
- Emerging scams & frauds
- Tips on protect yourself against fraud
- Providing a secure online environment
- How to promptly report scams and frauds
- Click here to download IMB's full Security Brochure
It is important to remember that IMB will never ask you to disclose your access code or send a request to you with a link to our internet banking system, requiring you to enter your member number and access code for verification purposes.
In the event that IMB needs to contact you, we will do so by telephone, mail or secure e-mail which can only be accessed once you have signed into internet banking.
Emerging scams & frauds
The number of scams and phishing attempts on banking customers is increasing. IMB reminds you to be on the lookout for suspicious requests via phone, email or SMS requesting you to log in or update membership or banking information.
Scam and fraud trends have dramatically evolved, involving highly sophisticated means to compromise your personal information and steal your money. It’s important that you are familiar with the current types of fraud in circulation and how they occur.
If you think you have been a victim of fraud or something does not feel right, please contact IMB immediately on 133 462.
Listed below are the more common types of scams and frauds being reported
Lost phone scam
Someone posing as a relative or friend will text you from a different phone number claiming to have lost their phone and that they need your help. They will ask for money to be deposited into their account. We’ve seen a number of scams that start with a text via WhatsApp saying, “Hi Mum.”
Investment Scam
Scammers target people with offers of high rate investments. The approaches can be made on the phone or via email, or by luring those looking for investment opportunities with fake trading identities, websites, social media news stories, Google search ads and more.
Remote Access Scam
Also known as Technical Support Scams, usually involve a scammer contacting you directly to deceive you into giving them access to your device and personal data over the phone, through email or text or through pop-ups and chat functions on the internet.
Missed delivery, call or voicemail (Flubot ) scam
Scam text messages being received about missed calls, voicemails or deliveries which asks you to tap on a link to download an app to track the delivery or listen to the voicemail. The message is in fact fake and instead installs malicious software named Flubot when clicked on.
Classified scams
A seller may post fake ads on classified websites or via social media platforms for products well below market value, often containing pictures and/or information from a genuine seller’s ad. The seller may be insistent on payment prior to arranging for goods to be delivered, and that their preferred means of payment is via direct deposit or bank transfer as it’s difficult to recover.
Payment redirection scams (businesses)
The most common fraud targeting businesses. A business will receive an email from a criminal impersonating an established supplier regarding the latest invoice with a reasonable-sounding explanation for new payment details – i.e., a new bank account. The email address and person signing off may all sound legitimate, but the account will be fraudulent.
Types of Fraud and Scams
A more detailed explanation of the more common Fraud &and Scam scenarios you may encounter have been outlined below:
Lost phone scam Someone posing as a relative or friend will text you from a different phone number claiming to have lost their phone and that they need your help. They will ask for money to be deposited into their account. We’ve seen a number of scams that start with a text via WhatsApp saying, “Hi Mum.”
Spot the Scam! Do not transfer any money until you speak directly with your relative or friend to discuss their situation. Usually, their phone is still working.
Remote Access Scams
With more people now working from home, the likelihood that you may become the victim of a Remote Access Scam (also known as Technical Support Scam) has dramatically risen.
How it works
In most scenarios, a scammer may contact you directly to deceive you into giving them access to your device and personal data over the phone, through email or text or through pop-ups and chat functions on the internet.
What to look for
Scammers usually pose as someone from a well-known and reputable organisation, such as your bank, a telecommunications provider, a government agency or even the police. They often play on their position of trust or may use fear and intimidation tactics to obtain your co-operation.
Remember: Never…
Give a stranger or unsolicited contact remote access to your computer and if ever concerned about the legitimacy of the caller, validate the call by looking up the organisation’s official website and calling the organisation’s advertised number.
Lost phone scam
Someone posing as a relative or friend will text you from a different phone number claiming to have lost their phone and that they need your help. They will ask for money to be deposited into their account. We’ve seen a number of scams that start with a text via WhatsApp saying, “Hi Mum.”
How it works
The scammer will request urgent transferral of money to an account.
Remember: Never…
Transfer any money until you speak directly with your relative or friend to discuss their situation. Usually, their phone is still working.
Missed delivery, call or voicemail (Flubot) scam
The Flubot is so named as the scammers attempt to place virus or malware onto you mobile phone. Once installed, they can track and steal data.
How it works
You may receive a text message about voicemails, missed calls or, more recently, parcel deliveries from Australia Post, DHL or another reputable organisation. All messages will contain a link and instruct you to click the link or download an app to check a voicemail, track a parcel, schedule a delivery time etc.
Remember: Never…
Click on any links or call back the person who has sent the text. Delete the message immediatelyto ensure your personal and personal information isn’t put at risk.
Classified
This type of scam is designed to trick online shoppers into believing they’re dealing with a legitimate person when purchasing via classified websites but there is actually a scammer behind the advertisement.
How it works
The advertisement could be for any type of goods or service such as cars, boats, caravans, puppies, livestock or even things like rental properties or accommodation. The advertisement may appear legitimate and can often contain pictures and/or information from a genuine seller’s own ad.
What to look for
If the advertised price sounds too good to be true, it probably is so it’s worth investing some time and effort into performing your own background checks prior to entering into any agreement for purchasing the goods or service.
If the suggested payment method requested includes things along the lines of a wire transfer, international funds transfers, pre-loaded currency cards or in cryptocurrency such as Bitcoin, it’s an indicator to avoid proceeding with the transaction as it’s almost impossible to recover funds if sent via these means.
Dating and Romance
Scammers generally pretend to be a prospective partner by preying on people looking for a romantic companion. Australians lose millions of dollars annually as the result of Dating and Romance scams and the money sent is almost impossible to ever recover.
How it works
Interactions usually occur via online dating websites and now more commonly via social media or email. The scammers would typically create a fake profile but could often contain identities of real persons such as military personnel and the like and often indicate that they are currently working abroad.
What to look for
In some scenarios the scammer will work over several months to gain your interest and trust before asking for money for things such as medical expenses or a medical emergency. In addition to being asked to send money, you may be asked to receive and onforward money on their behalf which could then involve yourself in potential money laundering implications.
Malicious software (Malware) and Spyware
Quite often, the advertisements that 'pop-up' in a different browser window while you're on the web are not what they appear to be. They could be downloading 'spyware' or 'adware', which are programs used to monitor your internet activity and gather your user information which is usually for advertising use.
It is important that you have security software installed that detects and removes spyware.
Identity Theft
Some of the more common methods for falling victim to identity theft is via mail theft, phishing emails, hacking, data breaches and even when applying for jobs online.
How it works
You may receive an unsolicited phone call or email for personal information or a request to validate personal information by clicking on a link or opening an attachment. These are some of the tools scammers use to obtain your personal information which in turn they can use to steal your money, superannuation, take out phone plans or open bank accounts, loans or lines or credit in your name.
Remember!
Once your identity is stolen it can take years to rectify all the damage incurred so it’s important to keep your personal information safe and secure.
Investment Scams
The promise of great returns in a short amount of time are some of the empty promises scammers try to lure people in when facilitating an Investment Scam. Due to the high value people are willing to invest to get that good return, this is the scam type Australians lose the most money to every year.
Investment scams can be hard to spot so it’s best to seek independent financial advice prior to investing your hard-earned money into a scheme where higher risk exists.
Online Shopping Scams
With online shopping offering so much convenience to the public, it’s also created an ideal channel for scammers to deceive and rip off online shoppers.
How it works
This type of scam involves someone pretending to be a legitimate online seller, most commonly with a fake ad on a genuine retailer’s site.
What to look for
A key indicator that may highlight if an ad or website isn’t legitimate could be the method of payment. Requests to pay via pre-loaded cards or wire transfer are an unusual request and make it almost impossible to recover funds in the case of a scam. Looking for a URL starting with `https’ and a closed padlock symbol in the browser are some security features to be aware of and payments via secure payment platforms such as PayPal are a much safer option.
Phishing
Phishing is when fraudsters trick you into providing personal information such as your passwords or account details, enabling them to gain access to your funds.
A few ways they may try are:
- Email - Fraudsters may use authentic looking emails to request your personal details. IMB will never forward an email requesting your password, account details or other personal information nor will we send a link to the login page for Internet Banking.
- Over the Phone - Fraudsters may contact you by phone under the guise that they are from IMB and that there is a problem with your account security and require your account details and passwords to fix the problem. Again IMB will not contact you to ask for your passwords, or bank account details.
- By SMS - Scammers and fraudsters are now targeting your mobile phone by forwarding SMS messages, claiming to be from IMB, asking for your account/password details. IMB will never send an SMS requesting account or password information.
If you suspect that you have received an email, phone call or SMS purporting to be from IMB that you are suspicious about, don’t click on anything or provide information and contact IMB immediately on 133 462.
Providing a Secure Online Environment
Since developing an internet banking facility, IMB has continued to install robust firewall technology to ensure all information held by it is protected from any attempted external intrusion. All IMB security systems are constantly reviewed and updated to avoid unauthorised access to IMB's internal systems and to member information.
IMB has invested a significant amount of money, time and effort to ensure that members undertaking financial transactions over the internet, do so in a secure and user friendly environment. IMB's internet banking product utilises 128-bit digital certificate encryption technology and secure e-mail to protect members' account information when members undertake online banking. IMB is committed to ensuring that our members have the ability to view their account details and undertake financial transactions in a safe and secure environment.
IMB has adopted the ePayments Code and complies with other requirements relating to the confidentiality, storage and appropriate destruction of members' details and account information.
IMB is a member of the Australian Association of National Advertisers and the Australian Direct Marketing Association, and as part of these memberships, IMB has voluntarily adopted and acts in accordance with the respective Code of Ethics and privacy guidelines relating to advertising and marketing on the internet.
If you believe any unauthorised access has occurred, then please contact IMB on 133 462, 8am to 8pm, Monday to Friday.
What can you do to protect against fraud?
- Never disclose your login details, PINs, SMS authentication codes to ANYONE. A reputable organisation or financial institution will NEVER ask you for this information.
- Never provide information like account details and credit card numbers over the phoneunless you have initiated the call and are satisfied that the phone number you are using is a trusted source.
- Regularly update your computer and digital deviceswith security protections such as anti-virus, anti-spyware software and firewalls from a reputable provider.
- Select a password that is difficultto guess and has no connection to you, is lengthy and contains a mixture of both alphabetical and numeric characters.
- Beware of pop-ups advising you that you need to fix your computerand can do so by calling a particular number.
- Never give a stranger or unsolicited contact remote access to your computer.If you are asked to do this – hang up.
-
If you think the call is legitimate, confirm the identity of the caller.
- Ask for the person’s name and contact details and advise that you will call them back.
- Once you have hung up, validate their contact details by looking up the organisation’s official website and calling the organisation’s advertised number.
- Never call back on details provider by the caller; if they are a scammer, this number will be false.
- Do not open suspicious or unusual texts, or click on links or attachments in unsolicited emails.
- Avoid using computers inpublicplaces, such as Internet Cafes or free WiFi
- Do not undertake financial transactions for peopleyou have not physically met and only have any online relationship.
Remember: IMB or any reputable organisation will never ask you to:
- Disclose your access code, passwords or secret questions
- Send a request to you with a link to our Internet Banking system, requiring you to enter your member number and access code for verification purposes.
- Call unsolicited and tell you to download software or open a link
You may be held liable for any fraud losses where you have disclosed your PIN or access codes, so NEVER disclose your pin to anyone.
What to do if you think you have been targeted by fraudulent activity
If you think you have been defrauded or scammed, please contact us as soon as possible on 133 462.
Even in the scenario where you feel suspicious about a transaction or a call you may have received from someone purporting to be IMB, please contact us immediately.
We also strongly encourage you to report any scam incidents to Scamwatch.
URL shortening
URL shortening allows long website addresses to be displayed in a shortened form, allowing for more concise and professional looking communications with members. This is particularly true when using social media or other communication methods that have a character limit.
As an example, the IMB website would appear as follows:
http://www.imb.com.au = http://bit.ly/1e0PYEz
IMB using bit.ly
To assist our members, IMB will now be using bit.ly’s url shortening service in some of our online communications.
Security
Below are the rules for when we would use URL shortening.
- IMB will never use a URL shortening service to connect you directly to IMB’s internetbanking or mobilebanking sites
- IMB will use URL shorteners to direct you to landing pages on the www.imb.com.au or mobile.imb.com.au website. If you are being directed to a form, you will first arrive on an information page and not the form directly
- IMB will not use URL shorteners on IMB’s own website (with the exception being if we choose to create an informational page on the website to describe URL shortening to members)
09 December – Scams to avoid this holiday season
As 2022 comes to an end and many of us spend time with friends and family, remember that cyber-criminals never rest from attempting to steal your money. As part of our ongoing fraud awareness program for our members, we would like to highlight the scams that are increasingly prevalent at this time of year: Online Shopping, Package Delivery and Payment Redirection scams.
Online shopping scams
As people look for bargains for Christmas and beyond, criminals will falsely advertise non-existent goods with the promise of delivery after payment. These scams happen wherever goods are sold, particularly through online platforms like Facebook Marketplace, Gumtree, eBay and so on.
How does it work?
The criminals will advertise goods at discounted prices and either deliver a fake product, or nothing at all. Popular scam items include but are in no way limited to:
- Designer clothing;
- musical instruments;
- bicycles, motorcycles, and cars;
- pets;
- farm machinery and tractors.
Spot the scam
- Where possible, inspect the item prior to buying. Is the seller hesitant for you to see the item in person? Do they continually reschedule?
- Check online seller ratings before purchase. Similarly, check their other items. Often, they will simply copy and paste items from other listings.
- Has the seller asked to be paid via Osko® real-time payments, rather than cash or standard bank transfer?
- Has the seller asked for shipping to be paid into a separate account? This is a technique to ensure that some money will be stolen if the main purchase is stopped for any reason.
Take care when buying online, especially via online classifieds sites.
Package Delivery Scams
After the Black Friday and Cyber Monday sales, and indeed in the lead-up to Christmas and beyond, criminals will ramp up the “Your delivery is arriving” scams as shoppers buy online items.
How does it work?
These scams usually start with a text message or an email that includes a “tracking link” or a direction that you need to complete certain information to ensure your parcel is delivered. You may also get a voice message with a call back number. The link can lead people to fill in personal details or install malware on your phone or computer. Calling back numbers can charge you premium fees for the call.
Spot the scam
No legitimate courier company would approach you in this manner. If you are expecting parcels, contact your supplier directly to track your delivery.
Payment Redirection Scams
Also known as “Business Email Scams” or “False Billing”, the Payment Redirect scam is the most common fraud targeting businesses. It has taken advantage of the most seasoned businesspeople and accounts payable teams. According to the ACCC, Australian businesses lost $227 million to payment redirection scams in 2021, a 77 per cent increase compared to 2020.
Historically, false billing increases in frequency around Christmas, as regular staff go on leave and there are more distractions over the holiday period.
How does it work?
A business will receive an email from a criminal impersonating an established supplier regarding the latest invoice with a reasonable-sounding explanation for new payment details – i.e., a new bank account. The email address and person signing off may all sound legitimate, but the account will be fraudulent.
Spot the scam
In any event that a request for payment to a new account is received or there is any change in details, call the supplier on the number you have for them, and speak with them to confirm their bank details directly before relinquishing funds.
What to do if you think you have been scammed
If you think you have been scammed, please contact us as soon as possible on 133 462 or visit your local branch. The earlier that you inform us of any concerns, the greater chance we have to try and help you avoid scam losses.
Stay up to date
To learn more about the growing number and types of fraud, how to spot them and how to avoid them visit www.imb.com.au/security. Even more helpful information is available on the ACCC’s Scam watch page at www.scamwatch.gov.auand ASIC’s www.moneysmart.gov.au/investment-warnings/investment-scams.
07 November 2022 - Scams Awareness Week
This week is Scams Awareness Week. Through the week IMB will be sharing tips and reminders on our social media pages to help our members understand what types of scams are currently being used by criminals to access your money, how they work and what to do if you think you have been scammed. The theme this year is “How to spot a scam.”
The number and frequency of banking scams continues to increase across industry. In 2021 Australians made more than 286,600 reports to Scamwatch and reported losses of around $324 million. By the end of August this year, Australians had lost even more with reported losses of over $381 million.
At IMB, we continue to update our website with information on scams as they evolve, and we also periodically update members via email and mail as a reminder to stay vigilant. Below is a range of scams that are currently prevalent. Remember: scammers continue to adapt and develop new approaches and technologies to commit fraud. When banking online, dealing with unsolicited calls or making investment decisions, ask yourself: “COULD THIS BE A SCAM?”
Some current scams
-
Lost phone scam Someone posing as a relative or friend will text you from a different phone number claiming to have lost their phone and that they need your help. They will ask for money to be deposited into their account. We’ve seen a number of scams that start with a text via WhatsApp saying, “Hi Mum.”
Spot the Scam! Do not transfer any money until you speak directly with your relative or friend to discuss their situation. Usually, their phone is still working.
-
Remote access scams involve a scammer claiming to be from a trusted organisation – the police, the ATO, your bank, a telco or internet service provider – communicating with you directly to gain access to your computer or mobile device and personal data via the phone, email, or text or through pop-ups and chat functions on the internet.
Spot the Scam! Never download any software at the direction of a third party or click any link provided in email or SMS. Hang up the phone immediately and call the agency via their documented phone number to verify the claims, even if the phone number looks legitimate (scammers can “spoof” numbers). Contact Scamwatch.
-
Investment scams typically originate through unexpected contact – this could be via phone, email or social media – and will use fake trading identities, fake comparison websites, and paid ads on Google searches (which can catch people looking for investment opportunities). A scammer may pretend to be a stockbroker, investment adviser or claim to work on behalf of a reputable financial institution, often using the name of a legitimate employee. Contact is usually frequent and persistent to create a sense of urgency about the opportunity and to demonstrate a high level of customer service.
Spot the Scam! If it seems too good to be true, it usually is. Be extra-vigilant with verifying all websites – especially those on Google Ads – and cross-reference all contacts and personnel. Be suspicious of anyone offering high interest rates, asking for payment in crypto-currency, or who pressures you to commit. Speak with someone you trust or consult an advisor before making a significant financial decision.
-
Attempts to gain personal information Sometimes this occurs via hacking or the installation of malware – either because your personal technology or a major corporation that holds your information (as recently seen with Optus and Medibank) is breached. Other times, criminals will attempt “phishing” via email or text, remote access scams, or setting up fraudulent social media accounts and attempting to “friend” you. Identities can also be stolen through unlocked physical mailboxes or discarded bills. Once scammers have enough personal information, they may attempt to apply for credit cards, loans and more. We’ve seen a number of scams that start with a text message claiming to be from Linkt about an overdue road toll.
Spot the Scam! Do not click on unsolicited links, or download software at the direction of a third party. Dispose of personal information securely.
-
Romance scams Sadly, this is an old-fashioned scam which is now targeting people through online contact. Scammers will pretend to be someone who cares for you, then over time ask for money, personal information and more, often without ever meeting you.
Spot the scam! Be suspicious of anyone who refuses to meet you and asks for money.
What to do if you think you have been scammed
If you think you have been scammed, please contact us as soon as possible on 133 462 or visit your local branch. The earlier that you inform us of any concerns, the greater chance we have to try and help you avoid scam losses.
To learn more about scams, how to spot them and how to avoid them visit www.imb.com.au/yoursecurity and scroll through the Overview and Updates tabs. More helpful information is available on the ACCC’s Scam watch page at www.scamwatch.gov.au and ASIC’s www.moneysmart.gov.au/investment-warnings/investment-scams.
28 October 2022- Medibank Data Breach
Earlier this week, Medibank provided an update to its customers regarding a cybercrime event it has experienced and announced a comprehensive customer support package for Medibank, ahm and international student customers affected by this cybercrime.
Please be assured IMB’s member data and systems have not been breached. We have and continue to invest in our fraud monitoring, scam prevention systems and safeguards to verify and protect our members' data.
The incident and its impact are still under investigation, however it is suspected that the compromised data includes personal information and health claims data. Medibank has urged its customers to remain alert to suspicious communications received via email, text or phone call.
For any IMB Bank member who is affected by the Medibank data breach, we recommend you take the following steps:
- BE VIGILANT to potential scams, as scammers may have more convincing personal information because of the breach
- NEVER share your information or passwords with an unsolicited caller, texter, emailer, or messenger on social media. Find out more about types of scams here
- Monitor your devices and online accounts for unusual activity
- Check your accounts and transaction history for unusual activity such as items you haven’t purchased
- Consider setting up email or SMS activity alerts, so that you receive notice of transactions or activity on your accounts – visit us, call us, or arrange through Internet Banking. Fees may apply. Click here for more details
- Consider whether you need to put a hold on your cards or change your daily transaction limits – call us or arrange this through Internet Banking
- Consider using PayID for Osko® transfers. It is a quick and secure way to pay. Once registered, you can receive payments without needing to share personal information such as your BSB or account details
- More information about how to protect yourself is available on the OAIC website, www.scamwatch.gov.au and ID Care
If you need assistance with any of these steps, call us on 133 462 or visit an IMB branch.
Further Support
Medibank has announced a support package for its affected customers, the details of which can be found here Medibank Customer Support Package
® Osko and logo is a registered trademark of BPAY Pty Ltd ABN 69 079 137 518.
28 September 2022
Optus customer data breach update
What has happened?
We understand that the cybertheft of Optus customer data contains personal information for current and former Optus customers.
Please be assured IMB’s member data and systems have not been breached. We have and continue to invest in our fraud monitoring, scam prevention systems and safeguards to verify and protect our members' data.
For the full details of what information was compromised and FAQs about how Optus are assisting their customers on the issue, go to www.optus.com.au.
How IMB is helping impacted Optus customers
Optus has advised that no payment or password information has been included in the data breach. However, due to the nature of the data stolen, we will remain vigilant against attempts to set up fraudulent accounts. IMB has strict processes in place regarding identity verification and is continuously monitoring for fraudulent and unusual activity. If you are concerned, our team can work with you on how to best secure your accounts.
What you can do?
If you are an Optus customer and have been impacted, there are several steps you can take to help to keep your accounts secure.
- Monitor your devices and online accounts for unusual activity
- Consider whether you need to change your online account passwords – you can reset your IMB password via internet banking
- Check your accounts and transaction history for unusual activity such as items you haven’t purchased
- Consider setting up email or SMS activity alerts, so that you receive notice of transactions or activity on your accounts – visit us, call us, or arrange through Internet Banking. Fees may apply. Click here for more details
- Consider whether you need to put a hold on your cards or change your daily transaction limits – call us or arrange this through Internet Banking
- Consider using PayID for Osko® transfers. It is a quick and secure way to pay. Once registered, you can receive payments without needing to share personal information such as your BSB or account details
- BE VIGILANT to potential scams, as scammers may have more convincing personal information because of the breach
- NEVER share your information or passwords with an unsolicited caller, texter, emailer, or messenger on social media. Find out more about types of scams here
- More information about how to protect yourself is available on the OAIC website and www.scamwatch.gov.au.
If you need assistance with any of these steps, call us on 133 462 or visit an IMB branch.
If you are concerned that your identity has been compromised or you have been a victim of a scam, contact IMB immediately.
Further Support
IDCARE is Australia’s national identity and cyber support service and offer specific expert advice to Optus customers impacted by this breach. Please see the IDCARE website for more details - https://www.idcare.org/optus-db-response.
Optus is also working with Equifax to offer their most affected current and former customers a free 12-month subscription to a credit monitoring and identity protection service that can help reduce the risk of identity theft. Head to the www.optus.com.au for more details.
® Osko and logo is a registered trademark of BPAY Pty Ltd ABN 69 079 137 518.
23 September 2022
Members urged to be alert to scams following Optus data breach
IMB urges members that are Optus customers to be on the look-out for scams and take steps to secure their personal information following a recent cyber-attack experienced by the telco.
IMB is not currently aware of any members having suffered harm from Optus’ cyber security breach and we have not been contacted directly by Optus in relation to this incident. However we encourage any Optus customers to act with heightened awareness and to take the following steps:
-
Monitor your devices and online accounts for unusual activity
Change your online account passwords – you can re-set your IMB password via internet banking. If you need assistance with this, call us on 133 462 or visit an IMB branch
Check your accounts for unusual activity such as items you haven’t purchased
Report any suspected fraudulent activity immediately to IMB.
Look out for contact from scammers who may have your personal information. This may include suspicious emails, texts, phone calls or messages on social media.
NEVER click on any links that look suspicious and never provide your passwords, or any personal or financial information.
NEVER provide personal or financial information to someone who contacts you out of the blue.
More information about how to protect yourself is available on the OAIC website and www.scamwatch.gov.au
If you are concerned that your identity has been compromised or you have been a victim of a scam contact IMB immediately and call IDCARE on 1800 595 160. IDCARE is Australia’s national identity and cyber support service, to get expert advice from a specialist identity and cyber security service.
1 July 2022
Phone Spoofing Scams
Members are alerted about a type of scam currently occurring where scammers are impersonating IMB including by “spoofing” IMB’s trusted phone numbers. This means that you may receive a call that appears to be from IMB which is actually someone entirely different.
Caller ID spoofing occurs where the scammer displays a different phone number than the one they are really contacting you from to mislead you about who they are and where they are calling from. We have received recent reports of scams using the number Ph: 4227 9111 and displaying a contact name such as ‘Local Shire Banking’.
These scams sometimes start with an SMS using a sender name or number that appears to be IMB advising you to expect a call. When a call is received, the number on screen may display like one of IMB’s public phone numbers. Scams can follow similar procedures like asking you to confirm your details and information related to your accounts. The scammer may also ask you to input passwords and PINs into the key pad directly.
Some recent examples include:
- The caller claims to be from IMB and is calling regarding fraudulent activity on the account
- The caller asks the member to confirm full card details and then advises that the card is being cancelled by IMB
- The caller requests the member to reset internet banking details and provide them with the security codes they receive to their phone from IMB (and once they have been given the security code, the scammer is able to update internet banking credentials and complete transactions).
In a legitimate call from IMB, we will NEVER ask you to make a payment, to share PINs or authentication or security codes or request remote access to your computer or device (using software like TeamViewer or AnyDesk).
How you can protect yourself
Beware of suspicious calls and never give out your personal details. If you are unsure hang up and call us on 133 462 to confirm whether the call is legitimate.
IMB will never:
- call you from an international number
- ask for your Internet Banking login details, PINs, authentication codes or card details via phone or email
- ask you to communicate your passwords to us where we have initiated the contact.
Be aware of scams and keep updated with the latest information from Scamwatch.
If you believe you have been targeted by a scam please contact us immediately on 133 462.
09 June 2022
Recent Investment Scams and Remote Access Scams
We are continuing to receive reports of both Investment Scams and Remote Access Scams.
Investment Scams
Scammers are offering fake government bonds purporting to be issued by reputable financial services entities in Australia. Scammers often make contact in connection with a customer’s online search activity including online inquiry forms, pops-ups, and webchat. This might occur where customers are searching for higher interest savings or term investment products online.
Scammers will provide documentation that purports to be on the financial services entity’s letterhead which is sometimes accompanied with the logos of government agencies.
IMB urges members to ask themselves to ‘Could this be a scam?’ when considering any investment opportunity, especially those that originate through unsolicited contact or online search activity.
Be rigorous in your independent research into any company or individual who claims to offer investment opportunities to determine whether they are legitimate. Ask questions about who owns the entity, obtain their financial services licence number and their address. Check the validity of any paperwork or documentation they issue and where it is sent from (e.g., their email address). If they can’t or won’t give you the answers, stop dealing with them.
Consult Someone You Trust - before you make an investment decision, or arrange a significant financial transaction, we strongly recommend that you talk to someone you trust or consult a financial advisor or accountant.
Remote Access Scams
Be wary of scammers who call pretending to be from a well-known company, directing you that they need access to your computer. We are aware of several recent cases where members received an unsolicited phone call or online contact from scammers purporting to be from reputable Australian telephone and internet service providers. Scams have also involved fake cryptocurrency traders and messages received in social media platforms.
In each case, members were deceived into downloading remote access software such as TeamViewer, AnyDesk or QuickSupport so that the scammer could ‘help fix a problem’ or to avoid having services restricted or incurring fines.
Once downloaded, remote access software allows the scammers to gain access to your computer or mobile device so that they can view your personal information including online banking login information, so that they can steal funds. They may ask you to reveal your online banking passwords and authentication codes.
If you think you may have been scammed call IMB immediately on 133 462. Find out how to avoid these scams at https://www.imb.com.au/about-members-your-security-beware-of-scams.html or go to https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/remote-access-scams
02 February 2021
We are aware of an increasing number of investment scams across industry. If it seems too good to be true – it probably is.
Be suspicious of anyone:
- offering you high interest rates that you cannot access yourself through reputable entities
- asking for payment using crypto-currency
- that constantly contacts you and pressures you to make a quick decision
- using the name of a reputable organisation to gain credibility (e.g. NASDAQ, Bloomberg, or says they act as a broker for an investment bank or foreign bank)
- asking you to make payment to an account with a name that has no apparent connection to the entity you believe you are dealing with
- that provides you with documentation you cannot verify through independent sources
- that contacts you from an email address that has no apparent connection to the entity that you believe you are dealing with.
Do your own independent research on anyone you are dealing with to determine whether they are legitimate. Ask questions about who owns the entity, their financial services licence number and their address. Check the validity of any paperwork or documentation they issue and where it is sent from (e.g. their email address). If they can’t or won’t give you the answers, stop dealing with them.
Scammers offering fraudulent investments will often create false entities which appear in Google searches and appear legitimate, so closely examine and cross-reference all correspondence before arranging a financial transaction.
Before you make an investment decision, or arrange a significant financial transaction, we strongly recommend that you talk to someone you trust, or consult a financial advisor or accountant. Don’t be pressured to make a quick decision you could regret later.
If you think you may have been scammed call IMB immediately on 133 462.
Find out how to avoid these scams at: https://moneysmart.gov.au/investment-warnings/investment-scams
8 November – 12 November 2021
It's Scams Awareness Week
Scams Awareness Week is a national campaign by the Scams Awareness Network, a group of Australian and New Zealand government agencies with responsibility for consumer protection and policing in scams, cyber safety and fraud. The network aims to reduce the impact of scams by raising awareness and encouraging the public to talk about scams and report them.
This year, the theme of the ACCC’s Scams Awareness Week is ‘Let’s talk scams’. During Scams Awareness Week, IMB Bank encourages our members to talk to their family and friends about scams, and of course – to talk to us!
Many people who experience a scam never report it to anyone. There can be a few reasons for this, but one is that people can feel shame around talking about scams. We want to help reduce stigma around the topic, prevent scams from happening in the first place, and support members to get out of a scam sooner.
Talk - Talk to your friends, family, neighbours, and colleagues about a scam you have come
across or ask if they have come across any scams and want to share information.
Ask - Asking a simple question like “Have you ever been scammed?” or “How many scams a day do you get?” can get a conversation started. We encourage our members to ask or seek trusted advice about whether something could be a scam. If you receive something (like a text, email, friend request) out of the blue and are unsure about it, before doing anything (sending money or giving personal details), speak to IMB, or ask or talk to someone (friend/family member) about whether it’s a good idea.
Sometimes just asking for that second opinion can help to avoid a scam – we are here to help you.
Listen - Hearing about scam stories/experiences is helpful. You might share your own
scam stories or what you know about scams with others to prompt them to do the same. For those that may have friends or family or someone close that has fallen victim to a scam, by simply showing someone you care can improve their state of mind and comfort to open up. We are always here to listen to any concerns you have about scam activity.
Keep talking - The more we talk about scams, the less likely we will get involved in one and the less stigma talking about scams will carry. Awareness is really our best defence against scams – so take the time to TALK with those around you about scams.
Scamwatch tools
The Scamwatch and ACCC websites contain a range of tools to assist consumers. Links to key information are included below:\
- The Little Black Book of Scams can assist in identifying a scam (also available in a range of languages).
- Consumers can report scams on the Scamwatch Report Form
- Advice for helping a friend or family member who is a victim to a scam
- The Be Safe, Be Alert Online publication provides information on a number of organisations who might be able to help when someone has been scammed.
2021 Key trends
- As at 31 August 2021, Scamwatch has received over 190,000 reports with over $192 million losses in 2021 so far, a 95.4% increase in losses since this time last year.
- Investment scams and romance scams continue to cause the most financial loss reported to Scamwatch, with over $96 million in losses to investment scams and $32 million to dating and romance scams this year so far.
- People have also reported losing over $12 million to false billing scams and over $10 million to remote access scams.
- Scamwatch has received record levels of phishing scams with 45,000 reports in 2021.
- Of the 178,826 scam reports received this year so far, 4.9% have come from people with a disability, 4.9% have come from those with English as a second language and 1.7% of reports have come from Indigenous Australians.
To find out more about scams and fraud risks, and how to protect yourself here.
23 September 2021
The number and frequency of scams is increasing. Here we detail the latest type of scams as they arise, so you can stay up to date.
Missed delivery, call or voicemail (‘Flubot’) scam
The ‘Flubot’ scam is a type of ‘phishing’ scam that was first reported in early August 2021. To date, the ACCC has received over 12,000 reports of the scam from the general public and IMB wants its members to be aware of how this scam works. The scam uses text messages (SMS) to download malware onto your phone, and in particular affects Android phones, although iPhones are also targeted.
You receive a text message about voicemails, missed calls or, more recently, parcel deliveries from Australia Post, DHL or another reputable organisation. All messages will contain a link and instruct you to click the link or download an app to check a voicemail, track a parcel, schedule a delivery time etc.
If you click the link and download the app presented, the phone will be infected with malware.
Once installed, the application is able to read and send text messages, make calls, access contacts and read passwords and sign-in details which may ultimately lead to cyber-criminals stealing from your bank accounts.
What are Remote Access Scams?
Unlike hacking scenarios, which will usually occur without your direct involvement or prior knowledge, Remote Access Scams (also known as Technical Support Scams) involve a scammer contacting you directly to deceive you into giving them access to your device and personal data over the phone, through email or text or through pop-ups and chat functions on the internet.
The fraudster will try to convince you to give them to access your computer by downloading remote desktop software and providing them with other personal data such as passwords and authentication codes.
Scammers usually pose as someone from a well-known and reputable organisation, such as a bank, a telecommunications provider, a government agency or even the police. They often play on their position of trust or may use fear and intimidation tactics to obtain your co-operation.
From time to time, IMB may communicate to you via email. It’s important to remember that:
- IMB will not issue emails which provide links to take a member directly to IMB’s internet banking system or directly to a web form for completion
- Unless specifically stated in the email and identified as approved IMB-sponsored community event information, IMB will always direct a member to IMB’s Home Page or a page where the final location is a landing page within the imb.com.au domain. This may include links commencing with www.click.coms.imb.com.au
- IMB will never request, nor will it provide, Account or Member numbers in unsecure emails.
- IMB will not publish private information in unsecure emails.
- IMB will never request passwords, PINs or answers to security questions from members in an email or a return email. All secured communications with members will be completed inside internet banking using the Secure Email facility.
If at any time, you are unsure of an email you receive from IMB, please call us on 133 462.
You may also be interested in...
Why choose us?
Established in 1880, IMB Bank is one of the most enduring financial institutions in the country, helping people achieve their financial goals for over 140 years. Our members can access a fully featured range of services: home and personal lending, savings and transaction accounts, term deposits, business banking, and more.
Our renowned personal service is backed by innovation, providing convenient, secure digital banking options where and when you want it. IMB also has a growing retail branch network throughout NSW and Victoria, for when you need to speak to someone in person, and a team of professionals at our locally based contact centre. We have a lending specialist in every branch and a team of mobile lending specialists who will come to you.
Find out moreWhenever, Wherever Banking
Availability of Payments ServicesLearn more about availability of payments services to individuals and businesses provided by IMB Bank. |