What are scam calls?
Criminals may call you, impersonating a government agency such as the Australian Tax Office (ATO), an energy or telecommunications provider, Australia Post, a bank, an online marketplace or the police.
The call may also appear in your phone as coming from a contact number you may recognise, possibly even your bank. Scammers can use technology to change the way their number appears in your phone. This is called spoofing and can also happen via SMS. Learn more about SMS phishing.
What is ‘spoofing’?
Spoofing is a common scam impacting Australians. Understand what spoofing is and how you can protect yourself.
These scam calls aim to pressure you into providing your personal or banking information. The caller may threaten you with expensive fines or tax bills, arrest or deportation, to take you to court or disconnect your Internet service.
They may ask you to buy gift cards, iTunes vouchers, Bitcoin or pre-paid credit cards to pay your fine or debt. In other cases, they may request remote access to your computer and bank accounts to investigate an ‘issue’ or stop a transfer.
Legitimate businesses will never threaten to arrest you or demand immediate payment of a tax debt or fine with unusual payment methods like gift cards or Bitcoin or request remote access to your computer.
Bank impersonation scams
Bank impersonation scams involve criminals pretending to be a trusted bank representative to steal your money or personal information. They may create a sense of urgency by pretending to be from the ‘fraud’ team.
How to spot an impersonation scam?
- The caller may say they’re from NAB and there’s an issue with your accounts or devices.
- They may ask you to move money to another account for safe keeping.
- They may ask you to download a program to give them access to your device.
- There’s a sense of urgency and they pressure you to act quickly.
NAB may need to genuinely contact you
Our fraud team may need to get in touch with you if we’re concerned about your account, so it’s important to understand what we will and won’t ask.
We’ll never ask you to:
- provide your one-time code for authorising transactions
- transfer money to another account to keep it safe (it’s safe where it is)
- give us remote access to your devices
- provide personal information such as driver’s licence details.
We may ask you to:
- provide your full legal name
- explain or confirm the details of a payment
- provide more details about the person you’re sending funds to and how you communicate with them.
These questions are designed to help us understand the likelihood of you being involved in a scam or fraud, so that we can protect your account.
How big is the problem?
The Australian Competition and Consumer Commission (ACCC) Targeting Scams report advises there were 63,821 phone scam calls reported in 2022. Of these phone scam calls, Scamwatch reported bank impersonation scams cost Australians $20 million.
Case studies: Customer scams
Arthur*, a NAB customer, received a call from someone claiming to be from NAB.
“They told me that someone had attempted to send $800 to the USA via my Internet Banking,” recalls Arthur. “They said I could stop it by giving them my NAB ID. I explained I didn’t even have Internet Banking. They said I would receive two SMS codes which they required to stop the money from being transferred.
“It was all a bit rushed, and they were quite aggressive. They kept saying, ‘It’s urgent, read the codes out quickly, or the money will be gone!’ I was in quite a fluster, so I gave the caller all the information they’d asked for.”
Two days later, Arthur visited his local branch to withdraw some cash and discovered that $4,990 had been transferred overseas from his account. The money could not be recovered, and Arthur was out of pocket for the full amount.
How did the scam unfold?
When Arthur gave the caller his NAB ID, they used it to register Arthur for Internet Banking without his permission. This triggered the first SMS code to be sent to him, which he provided to the caller. With this code, the caller was able to log in to Arthur’s new Internet Banking account. The second SMS code Arthur received and gave to the caller authorised the transfer of $4,990.
Annie* received a call on the weekend from a person who claimed to be from NBN.
“They told me someone had hacked my computer and that it had a virus,” she says. “I had to download some software immediately that would give them access to my computer, so they’d be able to fix it. It sounded really urgent, and they walked me through every step.”
After gaining access and solving the ‘problem’, the caller told Annie she needed to pay $250 for the help she’d received to fix her computer. They asked her to log in to her Internet Banking to check everything was working. While she was doing this, Annie received an SMS authorisation code to her mobile, which the caller said she had to share with them as a confirmation code.
When she gave this to the caller, they were able to transfer $13,000 out of her account.
“I realised after the call that something didn’t feel right and checked my accounts. When I saw the money had gone, what a shock! I called the bank straight away. I was really lucky – as it was the weekend, the funds hadn’t processed yet. NAB were able to stop the payment, and I wasn’t out of pocket. They helped me change my Internet Banking password and explained what had happened. I won’t be giving anyone remote access to my computer in future.”
How did the scam unfold?
Unbeknown to Annie, the caller had used the remote access control of her computer to initiate a funds transfer on Internet Banking, which triggered NAB to send her an authorisation SMS code.
When she provided this to the caller, they were able to complete the funds transfer without her permission.
*Names have been changed for privacy reasons.
Keeping your sms security codes safe
We’ll SMS you one-time passcodes for Internet Banking registration, transactions and password resets. In the SMS, we’ll let you know that this is a secret code which should not be shared with anyone, not even NAB. These codes provide an extra layer of security for your accounts, so it’s important to keep them and your phone secure.
Important: while NAB does everything it can to recover funds transferred as part of a scam, it is not guaranteed.
Simple tips to help prevent phone phishing
- Treat any unsolicited phone calls with caution. If you’re unsure about the legitimacy of a call, hang up and call back on an official phone number. The general NAB number 13 22 65 – you’ll find it on the back of your card and our website.
- Never provide personal or banking information during an unsolicited call.
- Ensure you carefully read any SMS codes you receive. If the message says “Don’t share this code with anyone, including NAB. Your security code is XXXX for a funds transfer”, then do not share this code with anyone.
- Never give an unsolicited caller remote access to your computer or online bank accounts.
Contact us for help
If you’re a NAB customer and believe you may have fallen victim to a scam, call 13 22 65 immediately and ask for the Digital Fraud and Scams team.
Australian Government | Australian Cyber Security Centre (ACSC)
The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.
Australian Government | ReportCyber
ReportCyber is a secure reporting and referral service for cyber crime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cyber crime reporting mechanism as well as helpful information about cyber crime.
Australian Competition and Consumer Commission | Scamwatch
Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.
Australian Government | Office of the eSafety Commissioner
The Office of the eSafety Commissioner provides online safety education for Australian children and young people. It addresses illegal online content and also provides a complaints service for young Australians who experience serious cyberbullying.
Australian Government | Attorney-General’s Department
The Attorney-General’s Department website provides helpful information and resources about your rights and protections with regards to identity security, freedom of information and cyber crime. The Department has developed a range of resources to assist people in protecting their identity and recovering from the effects of identity crime.
IDCARE is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.
IDCARE can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians.
Apologies but the Important Information section you are trying to view is not displaying properly at the moment. Please refresh the page or try again later.