We're working all the time to better safeguard your financial and personal information. To help better protect you against scams, this page will provide information on some of the scams around at the moment.
The Australian Securities and Investments Commission (ASIC) is warning their customers to be vigilant of scam emails purporting to be from ASIC. The email asks recipients to view an important message from ASIC. Clicking this link may lead to malicious software being installed onto your machine, which could be used to compromise your online activities, including your banking activities.
Message: The message asks you to follow a link to a phishing website that is targeted to obtain your personal information. The message advises the recipient this is required for a scheduled security measure. Please DO NOT click any links and remember St George will never ask you to do this.
Message: The message asks you to follow a link to a phishing website that is targeted to obtain your personal information, or you will be suspended or locked out of your banking.
Please Note: St George will not send you security messages asking you to click a link.
The following are some scam email examples reported to us for the following months. To better assist you, we've highlighted some of the ways that can help you spot a scam email.
Email subject line: New Bank Account
Description: This email advises that the BSB and Account Number of an organisation has changed. It requires you to open an email attachment to retrieve the new details.
Do not reply to the email or act on these instructions without verbal confirmation from the employee by calling from a reputable source i.e. White Pages, Google search.
Email subject line: St George Bank Electronic Notifications
Description: This email hoax advises that ‘security problems’ have been identified and that you must complete verification to ensure your account security. As with all scams of this type, the link provided leads to a hoax website designed to harvest your credentials.
Do not click on any links in such emails.
Email subject line: St George Security Alert
Description: This email hoax advises that your online banking access has been locked. A link is provided so that you can remove the lock. As with all scams of this type, it leads to a hoax website designed to harvest your credentials.
Do not click on any links in such emails.
Description: This below screenshot indicates that the device you are using to access your internet banking may have been compromised. St George will never ask you for this information when accessing internet banking.
Do not complete the details, If you believe your system has been compromised, or notice a transaction you did not make, contact us on 13 33 30 immediately.
Fraudsters don't only strike online. There's been an increase in phone scams where the caller claims to be from a reputable organisation offering to assist with a computer issue. They then attempt to take control of or access your computer. Do not allow this under any circumstances, just hang up.
Also, be particularly vigilant if you’re asked to disclose any Internet Banking sign in details or Secure Code sent to your mobile. Again, just don’t do it.
Remote access phone scam example
John uses the internet for everyday purposes - emails, receiving and paying bills and keeping in touch with his grandkids via social media.
One morning John receives a phone call from a utility provider. The caller advises John that they have identified a fraudster and want his help catching them. Eager to help, John follows instructions to install a piece of software. The caller asks John to activate the software so that they can track the fraudster, and tells him that he will receive some money into his cheque account.
He signs into his online banking and confirms his account balance. The caller then tells him that they have almost caught the fraudster, and that he should now have received a deposit into his account, so John logs back in to check. John confirms the balance in his cheque account is higher, and is instructed to return the deposited funds to the utility provider, by withdrawing it as cash at his nearest branch and returning via a money transfer agent.
John is waiting for a teller at his local branch and gets a call from St George about some unusual online banking activity. John has been told not to talk to anyone about this transaction but when the banker starts to explain some of his recent transactions, he starts to feel uneasy about withdrawing the cash from his account.
Unbeknownst to John, this morning’s caller was not a utility provider, but a fraudster that had transferred funds from John’s credit card to his cheque account, claiming this transaction as their deposit. The software John had installed allows information, or control of the computer to be shared remotely to another user, this is known as remote access software. This permitted the fraudster to watch every move John made on his PC, including the time he was signed into his online banking.
John is lucky that St George called, the local tellers were able to assist in reversing the transaction back to his credit card; however he could have been out of pocket as St George Secure may not have applied.
Protect your Secure Code like you would a password or PIN
To protect the security of your accounts, never disclose your Secure Code – or any St.George Internet Banking access codes – to others.
Other recent phone scams involve hoax callers claiming to be bank employees, who then request customer account or personal details. For better protection from phone scams:
- Keep all access codes (e.g. ATM password, card PIN, Internet Banking password, Secure Code we send to your mobile) secret and secure. We’ll never ask for this information over the phone or on email.
- Never give a stranger remote access to your computer
- Do not give out your personal, account or online details unless the phone number comes from a trusted source
- Keep your computer protected by running security software purchased from trusted source
- If you're unsure, ask for a reference number and call back on a trusted number (i.e. phone book) to confirm if the call was genuine
- If you think you have provided your personal details to scammers, or given them access to your computer, contact us immediately on 13 33 30.