Security - ubank

Stay alert to scams and fraud

The ubank defence

We’re here to help and should the worst occur, you’re still protected

The ubank defence is our promise to you that we’ll reimburse 100% of your money should it be fraudulently taken from your account, provided:

It’s clear you didn’t contribute to the loss
You promptly let us know when you become aware of any unauthorised transactions
‍

Contacting you about fraud

Our fraud team may send you an SMS from time to time to confirm any high-risk payments. This is to protect you and make sure the payments aren’t fraudulent.

For anything deemed high risk you’ll receive an SMS from the following numbers (this is our fraud team contacting you).

+61 489 954 380
+61 437 126 492

These SMSes will only ask for a Yes, No or Cancel response or instruct you to call our fraud team directly on 1300 705 750.

Fraud, phishing and scams

Types of fraud, phishing and scams to look out for

Identify theft/takeover

What is identity theft or takeover?

This is when a criminal has enough information about an individual to impersonate them for financial gain or other benefits. Criminals can gather your details by stealing from your letterbox or through phishing scams, data breaches, social engineering, malware or hacking systems.

How does it occur?

When these criminals have enough information, they can attempt to apply for finance, open bank accounts, phone accounts or set up other services in your name.

What to look for

Always look out for changes to your account that you didn’t request .

This might include:

Receiving an email or alert from a change you didn’t make
The inability to log in to your account
Getting an alert that your profile has been logged in to from an unusual location
Receiving bills, letters, invoices or receipts addressed to you that you do not recognise

‍

Phone porting

What is mobile phone porting?

This is when your mobile phone number is “ported” or transferred to a new telecommunications provider without your permission. This may enable criminals to receive SMS authentication codes sent by your bank, in order to authorise transfers without your knowledge.

How does it occur?

In some cases, all that is required to port a phone number is an account or phone number and date of birth. These details are often included on phishing sites that appear to represent legitimate companies requesting personal and financial information. Another common way of accessing this information is by stealing mail out of letter boxes or rubbish bins.

What to look for

If your mobile phone service is suddenly disconnected, it may show ‘SOS only’ where the carrier name usually appears on the screen. This could be a warning sign that your mobile phone has been transferred to another provider without your authorisation.

If your service does not return in a short period, contact your mobile provider immediately.

‍

Card fraud

What is card fraud?

Any unauthorised transactions made on your Visa Debit card. This may be due to a card or device being lost or stolen.

How does it occur?

Card fraud can occur when the your card details are used to process an unauthorised transaction. Your details may have been compromised through things such as online shopping or physically obtained (i.e. your card is used after being lost or stolen).

What to look for

Banks use historical spending patterns and trends prior and after the transaction(s) in questions to make a decision to process or stop the transaction(s).

It’s important that you also keep an eye on transactions and contact us if you see anything suspicious.

‍

Spam and phishing

What are scams and phishing?

Spam refers to unsolicited junk emails that are sent to large numbers of people at once. Spam emails are typically advertising fake products or get-rich-quick schemes.

Phishing emails are more sinister than spam. They’re designed to trick you into providing personal information like a mobile phone number, usernames and passwords, or credit card details or bank details.

How does it occur?

These fraudulent emails or text messages usually appear to be from ubank, NAB or other legitimate businesses. Ubank and NAB will never contact you asking for personal information such as account details and/or passwords; and we will never send you a link to online banking asking you to log in.

What to look for

There are a few signs the email you received may not be legitimate, including:

Sender address - This might be unusual, misspelled or slightly different from the correct address, for example uBank.com instead of ubank.com.au
Generic greetings and sign offs - Phishing emails are sent out to hundreds of people at once so use generic greetings and signoffs.
Poor grammar and spelling - This can be a tell-tale sign, but it isn’t always the case. Remember, criminals can use spell check too.
Creating a sense of urgency - Phishing emails will often encourage you to click a link or download an attachment to avoid a problem to create a sense of urgency. Always read an email carefully before taking any action.
Suspicious links and fake websites - If you receive an email with a suspicious link, hover over the link with your mouse to see the actual web address the link leads to - it could lead to a fake website.
Malicious attachment - Often an attachment will appear to be a PDF, image or Office file, but when you try to open the document, it tries to run a program or script intended to infect your computer with malicious software.
Urgency – Requests that are positioned as extremely urgent and need your immediate action outside what is expected.

Report suspicious messages to phish@ubank.com.au and then delete them, without clicking on the links or attachments.

‍

Scams

What are scams?

There are many types of scams

1. Investment scams

Australians lose millions to investment scams every year.

How does it occur?

Individuals or businesses receive a cold call and are offered attractive investment returns or professional-sounding business opportunities. Once the investment is made, the victim usually receives no returns.

What to look for

These scammers are mainly based overseas and often tell victims they only need to invest $1,000 - $2,000 to start seeing returns. Often this escalates into requests for more money.

2. Romance and friendship scams

Today, it’s easier than ever to make friends and build relationships online. The downside is criminals have become clever at taking advantage of people looking for love. Scammers may be looking for financial gain, to gather information or to use their new ‘friends’ to help them launder money.

What to look for

A combination of these red flags could indicate a friend or relative is involved in a scam:

they have never met the person face to face
they have not seen the person via webcam, video chat or Skype
if they have spoken on the phone, it’s rare and the calls are brief
they fall in love within weeks, if not days, of talking
your friend is secretive of the relationship and doesn’t want to discuss it (they may have been groomed not to share too many details)
there has been a request for money

3. Remote access scams

Some phone scammers impersonate a bank, telco or computer company and tell you there’s an issue with your computer, banking or phone.

What to look for

They’ll ask you to download a program that gives them remote access to your computer, so they can ‘fix’ the issue. If you do this, they can access all the information on your computer. You should never give an unsolicited caller access to your computer.

4. Phishing scams

Impersonating ubank, NAB or another company to gain access to your accounts.

What to look for

Usually, in a phishing phone call:

The caller says they are from a bank, a large service provider like the NBN, ATO or a phone company
They may know some of your personal details like your employee number or work address and use it to gain your confidence or offer to let you speak with their ‘manager’
They may ask for SMS codes, or get you to process a transaction or download software so that they can remotely access your computer

‍

Security alerts

Be on the look-out for suspicious messages

Scam calls

Ubank and NAB are aware of scam phone calls targeting Australians. You may receive a call where the caller pretends to be from organisations like your bank, Telstra, NBN, Microsoft, Amazon, ATO or the police, or receive a text message asking you to call your bank due to security concerns. Once on the call, the caller may request remote access to your computer and bank accounts, or ask you to provide personal or banking information.

Never give an unsolicited caller remote access to your computer or online bank accounts, or provide personal or banking information.

If you ever have concerns as to the legitimacy of a call, hang up and call the company back on a publicly available number.

If you have provided information on this type of call, please call ubank on 13 30 80.

You can learn more about scam calls here.

‍

Email and text phishing messages

Ubank and NAB are aware of various phishing emails and text messages circulating which contain malicious software or lead to phishing sites. Fraudulent emails or texts that appear to be from us or other legitimate businesses may attempt to trick you into providing personal information such as your mobile phone number, ID, banking passwords, or credit card details. Ubank or NAB will never send you an email asking for your password or send you a link to login to Internet Banking.

Don't respond to any email requests for this information and don’t click on any links within these emails.

If you have clicked on links or attachments in a suspicious email or SMS, or sent funds based on a request received from a suspicious email please call ubank on 13 30 80.

If you receive a suspicious message, do not click on any links or attachments. Please forward it to phish@ubank.com.au and then delete it.

Visit the NAB Security Hub for more tips to help you stay safe online and the NAB Latest Security Alerts page to see more fraud and scams examples.

‍

Investment scams

Ubank and NAB are aware that Australians are currently being targeted with investment scams promising lucrative returns.

The ACCC advises that these fake investment companies are proactively contacting Australians online or by phone, and claiming to be stock brokers offering investment advice, promotions, and hot tips or offering free investment seminars.

The fraudster will claim the investment is low-risk with quick and high returns, or encourage you to invest in overseas companies. The offer may sound very legitimate, with resources to back up their claims. They may say you need to act quickly and invest, or you will miss out.

Before transferring any money to an investment company, check the Australian Securities and Investments Commission’s (ASIC) list of companies that you should not deal with. You can learn more about investment scams on the ACCC’s Scamwatch website, and by reading this investment scams article.

If you believe that you have paid money to an investment scam, please contact ubank on 13 30 80.

‍

Ransomware

Ransomware is a type of malicious software (malware) that encrypts (or locks) the files on a computer, making them inaccessible. Once the malware has been downloaded onto the victim’s computer, the victim receives a message on their computer screen from the criminal (the ransom note), advising them that their files have been locked, and demanding money in return for unlocking the files.

Cybercriminals usually demand victims pay the ransom in virtual currencies, such as Bitcoin, which is difficult for law enforcement to trace. Ransomware attacks are just like any other extortion attempt and police advise that businesses should not comply with the criminals’ request for money.

Businesses are advised to ensure they have active and effective cyber security controls in place. Our recommended steps are:

Be wary of unexpected, threatening or poorly written emails
Make sure your operating system and anti-virus software are always up to date
Incident management plan
Back-up your data
The ACSC strongly recommends implementing the ‘Essential Eight’ strategies to mitigate cyber security incidents, which can help protect systems from compromise.

If you believe you may have fallen victim to ransomware, please call ubank on 13 30 80 immediately.

‍

Purchasing scams

Ubank and NAB are aware of purchasing scams targeting Australian consumers, with scammers active on both the buying and selling sides of transactions. These scams take place on the common platforms used by people to buy and sell goods and services, such as eBay, Gumtree, Facebook Marketplace and Carsales.

If you’re selling an item, a scammer may send you a fake or altered receipt claiming they have transferred funds into your account. After you send or hand over the item, they will cease communication without having paid you.

If you’re purchasing an item, a scammer posing as a legitimate seller may post an item for sale which appears to be a good deal. They may put up an advertisement that is fake, or sell items that aren’t rightfully theirs. When you start communicating with them, they may send you pictures of the item which appear to be legitimate. However, these images are often stolen from the Internet or from other legitimate advertisements. Once you pay them, the seller will stop communicating and you won’t receive the item.

Tips to avoid a purchasing scam:

Be cautious of buyers and sellers asking for identification documents such as your driver’s license, passport and Medicare card number. Never provide these to someone you don’t know, as it may be used to commit identity fraud.
If you’re purchasing an item, try to meet the buyer in person where possible. If this is not possible, ask them to video call you so you can inspect the item more closely. Conduct a ‘reverse image search’ for the photos of the item you’re buying- you may find the picture of the item already exists on a legitimate ad, or other fake ones.
If you’re selling an item, wait for the funds to arrive in your bank account before you hand over the goods, or accept cash at handover. Don’t rely on receipts provided as they may have been altered.

If you believe you may have fallen victim to a scam, please contact ubank on 13 30 80 immediately. You can learn more about purchasing scams here.

‍

Invoice scams

Ubank and NAB are aware of invoice scam attempts targeting Australian businesses. An invoice scam is when a business receives an emailed invoice from a supplier whose email account has been compromised by a criminal. The criminal will alter the payment details on the invoice to a fraudulent or mule account. As the invoice looks legitimate, the business doesn’t question the payment details, and sends the payment to the fraudulent account.

Another variation of an invoice scam is when a business receives a request advising a supplier’s or employee’s payment details have changed, and to make payments to a new account.

Before processing invoices, check the payment details against the last invoice. If they have changed, or you receive a request to update payment details:

Do not proceed with the transaction(s), and
Call the supplier/sender to confirm the legitimacy of the request, using a known contact or publicly listed number. Do not call the number on the new invoice/email.

If you have received an email of this type and actioned the request, please contact ubank on 13 30 80. Watch this video to learn more about invoice scams.

‍

Tips to stay protected online

Be on the lookout

Be on the lookout for suspicious emails, text messages and calls requesting personal and banking information.
Set up passkeys on your personal devices to log in to your ubank app.
Only enable passkeys from your personal device and only use your own biometric info (e.g., facial recognition or fingerprint).
Never share your passwords, PIN’s, passcodes or Pattern Lock codes with anyone including ubank staff, and don’t write them down.
We’ll SMS you one-time passcodes for online banking transactions and password resets, so it’s important to keep your phone secure.
If you call ubank, we may send you an identification verification SMS; the message will state that this is the only code we will ask you to provide to us.
Ensure to read the whole message to ensure the action being requested matches what you were trying to do.

Passkeys

Passkeys are a simple and secure way to log into the ubank app that provides an additional layer of protection against phishing and scams. With a passkey, you can log into the ubank app by the same way you log into your personal device.

To be able to set up a passkey you must:

Have a device that supports and is upgraded to iOS 16 or later / Android 9 or later
Update to the latest version of the ubank app
Make sure your device has a screen lock, either pin or FaceID
for iOS, turn on ‘AutoFill Passwords and Passkey’ in your device settings and make sure to have one AutoFill method turned on
for Android, have autofill service enabled in the passwords & accounts settings

How to set up passkeys FAQs

Passwords for Online Banking

Use a unique password for each of your online accounts and make your passwords hard to guess. Your password should:

be at least 8 characters long
Include at least 1 lower case letter
Include at least 1 upper case letter
Include at least 1 number
Include at least 1 special character
Not include your first name, last name, birth date or email address

Online browsing behaviour

Turn on automatic software updates to ensure your devices always have the latest operating system installed.
Switch on app auto updates on your device, so you’re always on the latest version of the ubank app.
Remember to log off when you’ve finished using Online banking.
Avoid using computers in public places such as internet cafes, hotels and airport lounges to conduct online banking.
Always access ubank’s website by typing ubank.com.au into your Internet Browser. Make sure the website address starts with “https” and a padlock is displayed.
When downloading Apps, ensure they are from official App stores (Apple App store or Google Play store).
Only perform banking on trusted devices and on trusted Wi-Fi/networks. Never accept a request to download a program or certificate to your device in order to use a public Wi-Fi network.
If you discover a transaction you don’t recognise, please contact us immediately on 13 30 80.

If you have a ubank debit card

Sign the back of a new card when you receive it.
Don’t let anyone else use your card – including family members or friends.
Regularly check that the card is still in your possession.
Destroy your card when it expires by cutting it diagonally in half (including any embedded microchip on the card; magnetic strip and security code).
Protect your PIN when entering it on ATMs and EFTPOS terminals.
Try to memorise your PIN so you don’t have to write it down.
Don’t choose a PIN that is easily identified with you for example your birth date, car registration, telephone number or your name in part or full. (If the guidelines for choosing a PIN are not followed, you may be liable for any unauthorised transactions.)
Ensure you have a locked padlock on your letterbox and shred any documents such as bank statements before disposing of them.

How we protect you

Security measures to keep your money safe

Security measure

What it means

SMS security

We’ll send you one-time passwords via SMS when you add a new payee via the app or Online banking, as an extra security measure

Transaction monitoring