Australians are losing millions to bank impersonation scams – and the government and telcos could do more to stop the thefts, a cyber security expert says.
Scammers are tricking victims into handing over their hard-earned dollars by making calls appear like they come from a bank’s legitimate phone number, or by sending a text that appears in the same conversation thread as genuine bank messages, Scamwatch found.
The calls or messages impersonate the big four banks, as well as other financial institutions.
Scamwatch received 14,603 reports of bank impersonation scams in 2022, resulting in more than $20 million in losses. Total losses to all reported phone and text scams last year were estimated at more than $169 million.
Avast cyber security expert Stephen Kho told The New Daily the scams, particularly the messages appearing in the same SMS chain as legitimate bank texts, are largely the result of a lack of protective mechanisms from telcos and the government.
He pointed to Singapore as a possible example for Australia to follow – since January, all organisations that use SMS sender IDs are required to register them with an official registry.
This measure came after scammers hid behind the alphanumeric names that legitimate organisations use to identify themselves in text messages to impersonate banks and scam victims last year, much like what has been happening in Australia.
Tweet from @_marty_k
“[The Australian government] should legislate these safety protection mechanisms … and then it’s up to the telecommunications providers to implement that,” Mr Kho said.
A spokesperson for the Australian Competition and Consumer Commission (ACCC) said the organisation is advocating for Australia to adopt best practice scam protections for consumers like those in other jurisdictions, including the SMS SenderID registry in Singapore.
“The ACCC has met with key stakeholders in Singapore to discuss this concept and will continue to work with [the Australian Communications and Media Authority] on potential solutions,” they said.
But even if more authentication processes were put in place, people should still be “paranoid” in order to avoid being sucked in to scams, Mr Kho said.
ACCC chair Catriona Lowe said these bank impersonation scams are “emptying every last cent out” of victims’ savings accounts.
The average loss is $22,000, and there have been more than 90 reports of losses between $40,000 and $800,000.
“We know of a man who lost over $500,000 after receiving a call from someone claiming to be from a major bank’s security department, wanting to know if a payment had been authorised,” Ms Lowe said.
“In another case, a man lost $38,000 after receiving a scam text message about a suspicious transaction.
“The scam text appeared in the same conversation thread as legitimate messages from his bank. He called the number in the text and was put through to a member of the banks’ fraud team. Unfortunately, it was an elaborate scam and he lost everything.”
From playing on our emotions to refining their techniques, scammers use a vast array of tools to get their hands on your money.
Read on to find top tips on how to avoid falling victim to bank impersonation scams: