You may be aware that in the financial services sector there are a number of emerging scams and frauds. Working together we can better protect you from becoming a victim by doing the following:
It is important to remember that IMB will never ask you to disclose your access code or send a request to you with a link to our internet banking system, requiring you to enter your member number and access code for verification purposes.
In the event that IMB needs to contact you, we will do so by telephone, mail or secure e-mail which can only be accessed once you have signed into internet banking.
The number of scams and phishing attempts on banking customers is increasing. IMB reminds you to be on the lookout for suspicious requests via phone, email or SMS requesting you to log in or update membership or banking information.
Scam and fraud trends have dramatically evolved, involving highly sophisticated means to compromise your personal information and steal your money. It’s important that you are familiar with the current types of fraud in circulation and how they occur.
If you think you have been a victim of fraud or something does not feel right, please contact IMB immediately on 133 462.
Listed below are the more common types of scams and frauds being reported
Someone posing as a relative or friend will text you from a different phone number claiming to have lost their phone and that they need your help. They will ask for money to be deposited into their account. We’ve seen a number of scams that start with a text via WhatsApp saying, “Hi Mum.”
Scammers target people with offers of high rate investments. The approaches can be made on the phone or via email, or by luring those looking for investment opportunities with fake trading identities, websites, social media news stories, Google search ads and more.
Also known as Technical Support Scams, usually involve a scammer contacting you directly to deceive you into giving them access to your device and personal data over the phone, through email or text or through pop-ups and chat functions on the internet.
Scam text messages being received about missed calls, voicemails or deliveries which asks you to tap on a link to download an app to track the delivery or listen to the voicemail. The message is in fact fake and instead installs malicious software named Flubot when clicked on.
A seller may post fake ads on classified websites or via social media platforms for products well below market value, often containing pictures and/or information from a genuine seller’s ad. The seller may be insistent on payment prior to arranging for goods to be delivered, and that their preferred means of payment is via direct deposit or bank transfer as it’s difficult to recover.
The most common fraud targeting businesses. A business will receive an email from a criminal impersonating an established supplier regarding the latest invoice with a reasonable-sounding explanation for new payment details – i.e., a new bank account. The email address and person signing off may all sound legitimate, but the account will be fraudulent.
A more detailed explanation of the more common Fraud &and Scam scenarios you may encounter have been outlined below:
Lost phone scam Someone posing as a relative or friend will text you from a different phone number claiming to have lost their phone and that they need your help. They will ask for money to be deposited into their account. We’ve seen a number of scams that start with a text via WhatsApp saying, “Hi Mum.”
Spot the Scam! Do not transfer any money until you speak directly with your relative or friend to discuss their situation. Usually, their phone is still working.
With more people now working from home, the likelihood that you may become the victim of a Remote Access Scam (also known as Technical Support Scam) has dramatically risen.
In most scenarios, a scammer may contact you directly to deceive you into giving them access to your device and personal data over the phone, through email or text or through pop-ups and chat functions on the internet.
Scammers usually pose as someone from a well-known and reputable organisation, such as your bank, a telecommunications provider, a government agency or even the police. They often play on their position of trust or may use fear and intimidation tactics to obtain your co-operation.
Give a stranger or unsolicited contact remote access to your computer and if ever concerned about the legitimacy of the caller, validate the call by looking up the organisation’s official website and calling the organisation’s advertised number.
Someone posing as a relative or friend will text you from a different phone number claiming to have lost their phone and that they need your help. They will ask for money to be deposited into their account. We’ve seen a number of scams that start with a text via WhatsApp saying, “Hi Mum.”
The scammer will request urgent transferral of money to an account.
Transfer any money until you speak directly with your relative or friend to discuss their situation. Usually, their phone is still working.
The Flubot is so named as the scammers attempt to place virus or malware onto you mobile phone. Once installed, they can track and steal data.
You may receive a text message about voicemails, missed calls or, more recently, parcel deliveries from Australia Post, DHL or another reputable organisation. All messages will contain a link and instruct you to click the link or download an app to check a voicemail, track a parcel, schedule a delivery time etc.
Click on any links or call back the person who has sent the text. Delete the message immediatelyto ensure your personal and personal information isn’t put at risk.
This type of scam is designed to trick online shoppers into believing they’re dealing with a legitimate person when purchasing via classified websites but there is actually a scammer behind the advertisement.
The advertisement could be for any type of goods or service such as cars, boats, caravans, puppies, livestock or even things like rental properties or accommodation. The advertisement may appear legitimate and can often contain pictures and/or information from a genuine seller’s own ad.
If the advertised price sounds too good to be true, it probably is so it’s worth investing some time and effort into performing your own background checks prior to entering into any agreement for purchasing the goods or service.
If the suggested payment method requested includes things along the lines of a wire transfer, international funds transfers, pre-loaded currency cards or in cryptocurrency such as Bitcoin, it’s an indicator to avoid proceeding with the transaction as it’s almost impossible to recover funds if sent via these means.
Scammers generally pretend to be a prospective partner by preying on people looking for a romantic companion. Australians lose millions of dollars annually as the result of Dating and Romance scams and the money sent is almost impossible to ever recover.
Interactions usually occur via online dating websites and now more commonly via social media or email. The scammers would typically create a fake profile but could often contain identities of real persons such as military personnel and the like and often indicate that they are currently working abroad.
In some scenarios the scammer will work over several months to gain your interest and trust before asking for money for things such as medical expenses or a medical emergency. In addition to being asked to send money, you may be asked to receive and onforward money on their behalf which could then involve yourself in potential money laundering implications.
Quite often, the advertisements that 'pop-up' in a different browser window while you're on the web are not what they appear to be. They could be downloading 'spyware' or 'adware', which are programs used to monitor your internet activity and gather your user information which is usually for advertising use.
It is important that you have security software installed that detects and removes spyware.
Some of the more common methods for falling victim to identity theft is via mail theft, phishing emails, hacking, data breaches and even when applying for jobs online.
You may receive an unsolicited phone call or email for personal information or a request to validate personal information by clicking on a link or opening an attachment. These are some of the tools scammers use to obtain your personal information which in turn they can use to steal your money, superannuation, take out phone plans or open bank accounts, loans or lines or credit in your name.
Once your identity is stolen it can take years to rectify all the damage incurred so it’s important to keep your personal information safe and secure.
The promise of great returns in a short amount of time are some of the empty promises scammers try to lure people in when facilitating an Investment Scam. Due to the high value people are willing to invest to get that good return, this is the scam type Australians lose the most money to every year.
Investment scams can be hard to spot so it’s best to seek independent financial advice prior to investing your hard-earned money into a scheme where higher risk exists.
With online shopping offering so much convenience to the public, it’s also created an ideal channel for scammers to deceive and rip off online shoppers.
This type of scam involves someone pretending to be a legitimate online seller, most commonly with a fake ad on a genuine retailer’s site.
A key indicator that may highlight if an ad or website isn’t legitimate could be the method of payment. Requests to pay via pre-loaded cards or wire transfer are an unusual request and make it almost impossible to recover funds in the case of a scam. Looking for a URL starting with `https’ and a closed padlock symbol in the browser are some security features to be aware of and payments via secure payment platforms such as PayPal are a much safer option.
Phishing is when fraudsters trick you into providing personal information such as your passwords or account details, enabling them to gain access to your funds.
A few ways they may try are:
If you suspect that you have received an email, phone call or SMS purporting to be from IMB that you are suspicious about, don’t click on anything or provide information and contact IMB immediately on 133 462.
Since developing an internet banking facility, IMB has continued to install robust firewall technology to ensure all information held by it is protected from any attempted external intrusion. All IMB security systems are constantly reviewed and updated to avoid unauthorised access to IMB's internal systems and to member information.
IMB has invested a significant amount of money, time and effort to ensure that members undertaking financial transactions over the internet, do so in a secure and user friendly environment. IMB's internet banking product utilises 128-bit digital certificate encryption technology and secure e-mail to protect members' account information when members undertake online banking. IMB is committed to ensuring that our members have the ability to view their account details and undertake financial transactions in a safe and secure environment.
IMB has adopted the ePayments Code and complies with other requirements relating to the confidentiality, storage and appropriate destruction of members' details and account information.
IMB is a member of the Australian Association of National Advertisers and the Australian Direct Marketing Association, and as part of these memberships, IMB has voluntarily adopted and acts in accordance with the respective Code of Ethics and privacy guidelines relating to advertising and marketing on the internet.
If you believe any unauthorised access has occurred, then please contact IMB on 133 462, 8am to 8pm, Monday to Friday.
Remember: IMB or any reputable organisation will never ask you to:
You may be held liable for any fraud losses where you have disclosed your PIN or access codes, so NEVER disclose your pin to anyone.
If you think you have been defrauded or scammed, please contact us as soon as possible on 133 462.
Even in the scenario where you feel suspicious about a transaction or a call you may have received from someone purporting to be IMB, please contact us immediately.
We also strongly encourage you to report any scam incidents to Scamwatch.
URL shortening allows long website addresses to be displayed in a shortened form, allowing for more concise and professional looking communications with members. This is particularly true when using social media or other communication methods that have a character limit.
As an example, the IMB website would appear as follows:
http://www.imb.com.au = http://bit.ly/1e0PYEz
IMB using bit.ly
To assist our members, IMB will now be using bit.ly’s url shortening service in some of our online communications.
Security
Below are the rules for when we would use URL shortening.
As 2022 comes to an end and many of us spend time with friends and family, remember that cyber-criminals never rest from attempting to steal your money. As part of our ongoing fraud awareness program for our members, we would like to highlight the scams that are increasingly prevalent at this time of year: Online Shopping, Package Delivery and Payment Redirection scams.
As people look for bargains for Christmas and beyond, criminals will falsely advertise non-existent goods with the promise of delivery after payment. These scams happen wherever goods are sold, particularly through online platforms like Facebook Marketplace, Gumtree, eBay and so on.
The criminals will advertise goods at discounted prices and either deliver a fake product, or nothing at all. Popular scam items include but are in no way limited to:
Take care when buying online, especially via online classifieds sites.
After the Black Friday and Cyber Monday sales, and indeed in the lead-up to Christmas and beyond, criminals will ramp up the “Your delivery is arriving” scams as shoppers buy online items.
These scams usually start with a text message or an email that includes a “tracking link” or a direction that you need to complete certain information to ensure your parcel is delivered. You may also get a voice message with a call back number. The link can lead people to fill in personal details or install malware on your phone or computer. Calling back numbers can charge you premium fees for the call.
No legitimate courier company would approach you in this manner. If you are expecting parcels, contact your supplier directly to track your delivery.
Also known as “Business Email Scams” or “False Billing”, the Payment Redirect scam is the most common fraud targeting businesses. It has taken advantage of the most seasoned businesspeople and accounts payable teams. According to the ACCC, Australian businesses lost $227 million to payment redirection scams in 2021, a 77 per cent increase compared to 2020.
Historically, false billing increases in frequency around Christmas, as regular staff go on leave and there are more distractions over the holiday period.
A business will receive an email from a criminal impersonating an established supplier regarding the latest invoice with a reasonable-sounding explanation for new payment details – i.e., a new bank account. The email address and person signing off may all sound legitimate, but the account will be fraudulent.
In any event that a request for payment to a new account is received or there is any change in details, call the supplier on the number you have for them, and speak with them to confirm their bank details directly before relinquishing funds.
If you think you have been scammed, please contact us as soon as possible on 133 462 or visit your local branch. The earlier that you inform us of any concerns, the greater chance we have to try and help you avoid scam losses.
To learn more about the growing number and types of fraud, how to spot them and how to avoid them visit www.imb.com.au/security. Even more helpful information is available on the ACCC’s Scam watch page at www.scamwatch.gov.auand ASIC’s www.moneysmart.gov.au/investment-warnings/investment-scams.
This week is Scams Awareness Week. Through the week IMB will be sharing tips and reminders on our social media pages to help our members understand what types of scams are currently being used by criminals to access your money, how they work and what to do if you think you have been scammed. The theme this year is “How to spot a scam.”
The number and frequency of banking scams continues to increase across industry. In 2021 Australians made more than 286,600 reports to Scamwatch and reported losses of around $324 million. By the end of August this year, Australians had lost even more with reported losses of over $381 million.
At IMB, we continue to update our website with information on scams as they evolve, and we also periodically update members via email and mail as a reminder to stay vigilant. Below is a range of scams that are currently prevalent. Remember: scammers continue to adapt and develop new approaches and technologies to commit fraud. When banking online, dealing with unsolicited calls or making investment decisions, ask yourself: “COULD THIS BE A SCAM?”
If you think you have been scammed, please contact us as soon as possible on 133 462 or visit your local branch. The earlier that you inform us of any concerns, the greater chance we have to try and help you avoid scam losses.
To learn more about scams, how to spot them and how to avoid them visit www.imb.com.au/yoursecurity and scroll through the Overview and Updates tabs. More helpful information is available on the ACCC’s Scam watch page at www.scamwatch.gov.au and ASIC’s www.moneysmart.gov.au/investment-warnings/investment-scams.
Earlier this week, Medibank provided an update to its customers regarding a cybercrime event it has experienced and announced a comprehensive customer support package for Medibank, ahm and international student customers affected by this cybercrime.
Please be assured IMB’s member data and systems have not been breached. We have and continue to invest in our fraud monitoring, scam prevention systems and safeguards to verify and protect our members' data.
The incident and its impact are still under investigation, however it is suspected that the compromised data includes personal information and health claims data. Medibank has urged its customers to remain alert to suspicious communications received via email, text or phone call.
For any IMB Bank member who is affected by the Medibank data breach, we recommend you take the following steps:
If you need assistance with any of these steps, call us on 133 462 or visit an IMB branch.
Further Support
Medibank has announced a support package for its affected customers, the details of which can be found here Medibank Customer Support Package
® Osko and logo is a registered trademark of BPAY Pty Ltd ABN 69 079 137 518.
Optus customer data breach update
What has happened?
We understand that the cybertheft of Optus customer data contains personal information for current and former Optus customers.
Please be assured IMB’s member data and systems have not been breached. We have and continue to invest in our fraud monitoring, scam prevention systems and safeguards to verify and protect our members' data.
For the full details of what information was compromised and FAQs about how Optus are assisting their customers on the issue, go to www.optus.com.au.
How IMB is helping impacted Optus customers
Optus has advised that no payment or password information has been included in the data breach. However, due to the nature of the data stolen, we will remain vigilant against attempts to set up fraudulent accounts. IMB has strict processes in place regarding identity verification and is continuously monitoring for fraudulent and unusual activity. If you are concerned, our team can work with you on how to best secure your accounts.
What you can do?
If you are an Optus customer and have been impacted, there are several steps you can take to help to keep your accounts secure.
If you need assistance with any of these steps, call us on 133 462 or visit an IMB branch.
If you are concerned that your identity has been compromised or you have been a victim of a scam, contact IMB immediately.
Further Support
IDCARE is Australia’s national identity and cyber support service and offer specific expert advice to Optus customers impacted by this breach. Please see the IDCARE website for more details - https://www.idcare.org/optus-db-response.
Optus is also working with Equifax to offer their most affected current and former customers a free 12-month subscription to a credit monitoring and identity protection service that can help reduce the risk of identity theft. Head to the www.optus.com.au for more details.
® Osko and logo is a registered trademark of BPAY Pty Ltd ABN 69 079 137 518.
Members urged to be alert to scams following Optus data breach
IMB urges members that are Optus customers to be on the look-out for scams and take steps to secure their personal information following a recent cyber-attack experienced by the telco.
IMB is not currently aware of any members having suffered harm from Optus’ cyber security breach and we have not been contacted directly by Optus in relation to this incident. However we encourage any Optus customers to act with heightened awareness and to take the following steps:
More information about how to protect yourself is available on the OAIC website and www.scamwatch.gov.au
If you are concerned that your identity has been compromised or you have been a victim of a scam contact IMB immediately and call IDCARE on 1800 595 160. IDCARE is Australia’s national identity and cyber support service, to get expert advice from a specialist identity and cyber security service.
Phone Spoofing Scams
Members are alerted about a type of scam currently occurring where scammers are impersonating IMB including by “spoofing” IMB’s trusted phone numbers. This means that you may receive a call that appears to be from IMB which is actually someone entirely different.
Caller ID spoofing occurs where the scammer displays a different phone number than the one they are really contacting you from to mislead you about who they are and where they are calling from. We have received recent reports of scams using the number Ph: 4227 9111 and displaying a contact name such as ‘Local Shire Banking’.
These scams sometimes start with an SMS using a sender name or number that appears to be IMB advising you to expect a call. When a call is received, the number on screen may display like one of IMB’s public phone numbers. Scams can follow similar procedures like asking you to confirm your details and information related to your accounts. The scammer may also ask you to input passwords and PINs into the key pad directly.
Some recent examples include:
In a legitimate call from IMB, we will NEVER ask you to make a payment, to share PINs or authentication or security codes or request remote access to your computer or device (using software like TeamViewer or AnyDesk).
Beware of suspicious calls and never give out your personal details. If you are unsure hang up and call us on 133 462 to confirm whether the call is legitimate.
IMB will never:
Be aware of scams and keep updated with the latest information from Scamwatch.
If you believe you have been targeted by a scam please contact us immediately on 133 462.
Recent Investment Scams and Remote Access Scams
We are continuing to receive reports of both Investment Scams and Remote Access Scams.
Scammers are offering fake government bonds purporting to be issued by reputable financial services entities in Australia. Scammers often make contact in connection with a customer’s online search activity including online inquiry forms, pops-ups, and webchat. This might occur where customers are searching for higher interest savings or term investment products online.
Scammers will provide documentation that purports to be on the financial services entity’s letterhead which is sometimes accompanied with the logos of government agencies.
IMB urges members to ask themselves to ‘Could this be a scam?’ when considering any investment opportunity, especially those that originate through unsolicited contact or online search activity.
Be rigorous in your independent research into any company or individual who claims to offer investment opportunities to determine whether they are legitimate. Ask questions about who owns the entity, obtain their financial services licence number and their address. Check the validity of any paperwork or documentation they issue and where it is sent from (e.g., their email address). If they can’t or won’t give you the answers, stop dealing with them.
Consult Someone You Trust - before you make an investment decision, or arrange a significant financial transaction, we strongly recommend that you talk to someone you trust or consult a financial advisor or accountant.
Be wary of scammers who call pretending to be from a well-known company, directing you that they need access to your computer. We are aware of several recent cases where members received an unsolicited phone call or online contact from scammers purporting to be from reputable Australian telephone and internet service providers. Scams have also involved fake cryptocurrency traders and messages received in social media platforms.
In each case, members were deceived into downloading remote access software such as TeamViewer, AnyDesk or QuickSupport so that the scammer could ‘help fix a problem’ or to avoid having services restricted or incurring fines.
Once downloaded, remote access software allows the scammers to gain access to your computer or mobile device so that they can view your personal information including online banking login information, so that they can steal funds. They may ask you to reveal your online banking passwords and authentication codes.
If you think you may have been scammed call IMB immediately on 133 462. Find out how to avoid these scams at https://www.imb.com.au/about-members-your-security-beware-of-scams.html or go to https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/remote-access-scams
We are aware of an increasing number of investment scams across industry. If it seems too good to be true – it probably is.
Be suspicious of anyone:
Do your own independent research on anyone you are dealing with to determine whether they are legitimate. Ask questions about who owns the entity, their financial services licence number and their address. Check the validity of any paperwork or documentation they issue and where it is sent from (e.g. their email address). If they can’t or won’t give you the answers, stop dealing with them.
Scammers offering fraudulent investments will often create false entities which appear in Google searches and appear legitimate, so closely examine and cross-reference all correspondence before arranging a financial transaction.
Before you make an investment decision, or arrange a significant financial transaction, we strongly recommend that you talk to someone you trust, or consult a financial advisor or accountant. Don’t be pressured to make a quick decision you could regret later.
If you think you may have been scammed call IMB immediately on 133 462.
Find out how to avoid these scams at: https://moneysmart.gov.au/investment-warnings/investment-scams
It's Scams Awareness Week
Scams Awareness Week is a national campaign by the Scams Awareness Network, a group of Australian and New Zealand government agencies with responsibility for consumer protection and policing in scams, cyber safety and fraud. The network aims to reduce the impact of scams by raising awareness and encouraging the public to talk about scams and report them.
This year, the theme of the ACCC’s Scams Awareness Week is ‘Let’s talk scams’. During Scams Awareness Week, IMB Bank encourages our members to talk to their family and friends about scams, and of course – to talk to us!
Many people who experience a scam never report it to anyone. There can be a few reasons for this, but one is that people can feel shame around talking about scams. We want to help reduce stigma around the topic, prevent scams from happening in the first place, and support members to get out of a scam sooner.
Talk - Talk to your friends, family, neighbours, and colleagues about a scam you have come
across or ask if they have come across any scams and want to share information.
Ask - Asking a simple question like “Have you ever been scammed?” or “How many scams a day do you get?” can get a conversation started. We encourage our members to ask or seek trusted advice about whether something could be a scam. If you receive something (like a text, email, friend request) out of the blue and are unsure about it, before doing anything (sending money or giving personal details), speak to IMB, or ask or talk to someone (friend/family member) about whether it’s a good idea.
Sometimes just asking for that second opinion can help to avoid a scam – we are here to help you.
Listen - Hearing about scam stories/experiences is helpful. You might share your own
scam stories or what you know about scams with others to prompt them to do the same. For those that may have friends or family or someone close that has fallen victim to a scam, by simply showing someone you care can improve their state of mind and comfort to open up. We are always here to listen to any concerns you have about scam activity.
Keep talking - The more we talk about scams, the less likely we will get involved in one and the less stigma talking about scams will carry. Awareness is really our best defence against scams – so take the time to TALK with those around you about scams.
The Scamwatch and ACCC websites contain a range of tools to assist consumers. Links to key information are included below:\
To find out more about scams and fraud risks, and how to protect yourself here.
The number and frequency of scams is increasing. Here we detail the latest type of scams as they arise, so you can stay up to date.
The ‘Flubot’ scam is a type of ‘phishing’ scam that was first reported in early August 2021. To date, the ACCC has received over 12,000 reports of the scam from the general public and IMB wants its members to be aware of how this scam works. The scam uses text messages (SMS) to download malware onto your phone, and in particular affects Android phones, although iPhones are also targeted.
You receive a text message about voicemails, missed calls or, more recently, parcel deliveries from Australia Post, DHL or another reputable organisation. All messages will contain a link and instruct you to click the link or download an app to check a voicemail, track a parcel, schedule a delivery time etc.
If you click the link and download the app presented, the phone will be infected with malware.
Once installed, the application is able to read and send text messages, make calls, access contacts and read passwords and sign-in details which may ultimately lead to cyber-criminals stealing from your bank accounts.
Unlike hacking scenarios, which will usually occur without your direct involvement or prior knowledge, Remote Access Scams (also known as Technical Support Scams) involve a scammer contacting you directly to deceive you into giving them access to your device and personal data over the phone, through email or text or through pop-ups and chat functions on the internet.
The fraudster will try to convince you to give them to access your computer by downloading remote desktop software and providing them with other personal data such as passwords and authentication codes.
Scammers usually pose as someone from a well-known and reputable organisation, such as a bank, a telecommunications provider, a government agency or even the police. They often play on their position of trust or may use fear and intimidation tactics to obtain your co-operation.
From time to time, IMB may communicate to you via email. It’s important to remember that:
If at any time, you are unsure of an email you receive from IMB, please call us on 133 462.