Article tags

Estimated reading time is 7 minutes.

What are scam calls?

Criminals may call you, impersonating a government agency such as the Australian Tax Office (ATO), an energy or telecommunications provider, Australia Post, a bank or the police.

These scam calls aim to pressure you into providing your personal or banking information. The caller may threaten you with expensive fines or tax bills, arrest or deportation, to take you to court or disconnect your Internet service.

They may ask you to buy gift cards, iTunes vouchers, Bitcoin or pre-paid credit cards to pay your fine or debt. In other cases, they may request remote access to your computer and bank accounts to investigate an ‘issue’ or stop a transfer.

Legitimate businesses will never threaten to arrest you or demand immediate payment of a tax debt or fine with unusual payment methods like gift cards or Bitcoin or request remote access to your computer.

How big is the problem?

The Australian Competition and Consumer Commission (ACCC) Scamwatch website received over 69,000 reports of phone scams in 2019, which cost Australians over $32 million.

This is likely only the tip of the iceberg, as many cases go unreported.

Case studies: customer scams

Arthur’s Story

Arthur*, a NAB customer, received a call from someone claiming to be from NAB.

“They told me that someone had attempted to send $800 to the USA via my Internet Banking,” recalls Arthur. “They said I could stop it by giving them my NAB ID. I explained I didn’t even have Internet Banking. They said I would receive two SMS codes which they required to stop the money from being transferred.

“It was all a bit rushed, and they were quite aggressive. They kept saying, ‘It’s urgent, read the codes out quickly, or the money will be gone!’ I was in quite a fluster, so I gave the caller all the information they’d asked for.”

Two days later, Arthur visited his local branch to withdraw some cash and discovered that $4,990 had been transferred overseas from his account. The money could not be recovered, and Arthur was out of pocket for the full amount.

How did the scam unfold?

When Arthur gave the caller his NAB ID, they used it to register Arthur for Internet Banking without his permission. This triggered the first SMS code to be sent to him, which he provided to the caller. With this code, the caller was able to log in to Arthur’s new Internet Banking account. The second SMS code Arthur received and gave to the caller authorised the transfer of $4,990.

Annie’s Story

Annie* received a call on the weekend from a person who claimed to be from NBN.

“They told me someone had hacked my computer and that it had a virus,” she says. “I had to download some software immediately that would give them access to my computer, so they’d be able to fix it. It sounded really urgent, and they walked me through every step.”

After gaining access and solving the ‘problem’, the caller told Annie she needed to pay $250 for the help she’d received to fix her computer. They asked her to log in to her Internet Banking to check everything was working. While she was doing this, Annie received an SMS authorisation code to her mobile, which the caller said she had to share with them as a confirmation code.

When she gave this to the caller, they were able to transfer $13,000 out of her account.

“I realised after the call that something didn’t feel right and checked my accounts. When I saw the money had gone, what a shock! I called the bank straight away. I was really lucky – as it was the weekend, the funds hadn’t processed yet. NAB were able to stop the payment, and I wasn’t out of pocket. They helped me change my Internet Banking password and explained what had happened. I won’t be giving anyone remote access to my computer in future.”

How did the scam unfold?

Unbeknown to Annie, the caller had used the remote access control of her computer to initiate a funds transfer on Internet Banking, which triggered NAB to send her an authorisation SMS code.

When she provided this to the caller, they were able to complete the funds transfer without her permission.

*Names have been changed for privacy reasons.

Keeping your SMS security codes safe

We’ll SMS you one-time passcodes for Internet Banking registration, transactions and password resets. In the SMS, we’ll let you know that this is a secret code which should not be shared with anyone, not even NAB. These codes provide an extra layer of security for your accounts, so it’s important to keep them and your phone secure.

Important: while NAB does everything it can to recover funds transferred as part of a scam, recovery is not guaranteed if SMS codes or banking details have been shared with an unauthorised party.

Simple tips to help prevent phone phishing

  • Treat any unsolicited phone calls with caution. If you’re unsure about the legitimacy of a call, hang up and call back on an official phone number. The general NAB number 13 22 65 – you’ll find it on the back of your card and our website.
  • Never provide personal or banking information during an unsolicited call.
  • Ensure you carefully read any SMS codes you receive. If the message says “Don’t share this code with anyone, including NAB. Your security code is XXXX for a funds transfer”, then do not share this code with anyone.
  • Never give an unsolicited caller remote access to your computer or online bank accounts.

Contact us for help

If you’re a NAB customer and believe you may have fallen victim to a scam, call 13 22 65 immediately and ask for the Digital Fraud and Scams team.

Helpful resources

How to keep your identity safe online

Your identity is your most valuable asset. Protect it. Your freedom depends on it.

How to identify spam and phishing messages

Be on the lookout for suspicious messages and avoid being a target of cyber-criminals.

How to keep your family safe online

The internet is full of information, but it can also be dangerous. Learn how to keep your family safe online.

Keep your mobile devices and apps secure

Your mobile device is the portal to almost every detail about you. So it's important to keep it secure.