About /
Members /

Attention: open in a new window. Print

Updated: 22 September 2021

The number and frequency of scams is increasing. The best way you can avoid being scammed is to be informed and know what to look for and how to protect yourself. To help you, we’ve provided further information on the many types of scams, how to spot them and how to avoid them at www.imb.com.au/security. There is even more helpful information on the ACCC’s Scamwatch page at https://www.scamwatch.gov.au.

This page details the latest type of scams as they arise, so you can stay up to date.
 

Missed delivery, call or voicemail (‘Flubot’) scam

The ‘Flubot’ scam is a type of ‘phishing’ scam that was first reported in early August 2021. To date, the ACCC has received over 12,000 reports of the scam from the general public and IMB wants its members to be aware of how this scam works. The scam uses text messages (SMS) to download malware onto your phone. The malware at present particularly affects Android phones, although iPhones are also being targeted.

How does the ‘Flubot’ scam work?

You receive a text message about voicemails, missed calls or, more recently, parcel deliveries from Australia Post, DHL or another reputable organisation. All messages will contain a link and instruct you to click the link or download an app to check a voicemail, track a parcel, schedule a delivery time etc.

IMPORTANT: If you click the link and download the app presented, the phone will be infected with malware.

Once installed, the application is able to read and send text messages, make calls and access contacts which are uploaded to a central server then targeted with similar Flubot scam texts.

The application page that the links send you to can look legitimate. Here is an example:

Further examples of what the SMS messages can look like and what to do if you think you have downloaded the scam are available at https://www.scamwatch.gov.au/news-alerts/missed-call-or-voicemail-flubot-scams.

How can the Flubot scam steal money?

Once the malware has been downloaded it has access to all typed passwords and data, which can ultimately lead to theft.

Plus, the scammers’ strategy and tactics are evolving quickly, so Flubot may change, and these phishing text messages may come from other reputable organisations or your bank, substituting home screens for web pages or apps with convincing fraudulent copies, as in the fake-DHL illustration above. There have been cases of this occurring overseas.

REMEMBER: Once cyber-criminals have your passwords, they can steal from your bank accounts.

CHECKLIST: Avoid the ‘Flubot’ scam

✓   Does the SMS look legitimate?

  • Voicemail scam Your voicemail is never an external link or app. Do not open the SMS or click the link. Delete it immediately.
  • Delivery or Tracking scam Do you have a parcel coming? If so, do not open the SMS and instead check via the supplier’s website where you made the order. Do not open the SMS or click the link. Delete it immediately.

✓   NEVER click on links in text messages (SMS)

  • Simply: do NOT click on links or download buttons.

✓   Remain vigilant with your interactions on your phone and computer

 

Remote Access Scams

Unlike hacking scenarios, which will usually occur without your direct involvement or prior knowledge, Remote Access Scams (also known as Technical Support Scams) involve a scammer contacting you directly to deceive you into giving them access to your device and personal data over the phone, through email or text or through pop-ups and chat functions on the internet.

The fraudster will try to convince you to give them access to your computer by downloading remote desktop software and providing them with other personal data such as passwords and authentication codes.

Scammers usually pose as someone from a well-known and reputable organisation, such as a bank, a telecommunications provider, a government agency or the police. They often play on their position of trust or may use fear and intimidation tactics to obtain your co-operation.

How to spot a Remote Access Scam?

There are many types of Remote Access Scams, but the methods are similar. Here’s how they work – stay alert to these red flags:

  • You’ll receive an unexpected call from a person of a reputable organisation saying that they need to help you fix an important computer issue. The scammer will say they’re calling from your bank, the NBN, Telstra, Amazon, eBay, Microsoft, the ATO, Centrelink and even the police. Alternatively, they might contact you through an SMS, email or pop up on a screen in your web browser while you are using the internet.
  • The scammer pretends that they want to assist you or that they need your help to catch a scammer. A scammer may say:
    • Your computer is infected or it has been hacked or compromised in some way;
    • You have been overcharged for a service or purchase, and they would like to arrange a refund to your bank account;
    • They have mistakenly credited your account with funds that must be repaid immediately.
  • Scammers will often use technical language and tactics to scare or intimidate you into following their instructions. They may act aggressively and threaten you if you do not assist them.
  • They’ll tell that you need to download remote access software such as TeamViewer, AnyDesk or Go-To-Meeting. Doing this gives the scammer access to your computer from where they are located.
  • They’ll ask you to log into emails, internet banking or other payments systems, and will be able to see you doing this, which enables them to access your banking and personal information and ultimately to make transactions from your accounts or to steal your identity.
  • They will often directly ask you to disclose your personal details and your bank or credit card details, passwords, and authentication codes.

How to avoid becoming a scam victim

  • Never give a stranger or unsolicited contact remote access to your computer. If you are asked to do this – hang up.
  • If you think the call is legitimate, confirm the identity of the caller.
    • Ask for the person’s name and contact details and advise you will call them back.
    • Once you have hung up, validate their contact details by looking up the organisation’s official website and calling the organisation’s advertised number.
    • Never call back on details provider by the caller; if they are a scammer, this number will be false.
  • Never disclose your login details, PINs, or SMS authentication codes to ANYONE. A reputable organisation or financial institution will NEVER ask you for this information.
  • Never provide information like account details and credit card numbers over the phone unless you have initiated the call and are satisfied that the phone number you are using is a trusted source.
  • Beware of pop-ups advising you that you need to fix your computer and can do so by calling a particular number.
  • Regularly update your computer and digital devices with security protections such as anti-virus, anti-spyware software and firewalls from a reputable provider.
  • Do not open suspicious or unusual texts or click on links or attachments in unsolicited emails.
     

Scam Call Checklist

Hang up!

✓   Is the caller trying to create urgency about a so-called sum of money owed, a banking issue, a technical problem or a legal problem?

✓   Is the caller trying to get you to download software, to reveal your password or answers to your secret questions?

✓   Are they trying to get you to log into your bank accounts or to move your money?

Remember!

✓   A legitimate organisation will NEVER ask you to download software through an unsolicited call, email, or text.

✓   NEVER share your login details with anyone.


 

What to do if you think you have been scammed

If you think you have been scammed:

  • Please contact us as soon as possible on 133 462 and we can help you navigate the next steps. Please tell us as much as information as possible about what happened as this will help us help you.  
  • Delete any programs you have installed, including from the device itself. You will need to get the device professionally cleaned.

We strongly encourage you to report any scam incidents to Scamwatch.


Stay Updated

Stay informed about scams and how to avoid them at:

 

Why choose us?

Established in 1880, we have been helping people achieve their financial goals for 140 years and are rated by Forbes as one of the World’s Best Banks. We offer a full range of competitive banking, including home and personal lending, savings and transaction accounts, term deposits, business banking, and can arrange financial planning, insurance and travel products.

We provide simple and secure digital banking solutions online and on mobile, and members enjoy access to free automated phone and internet banking, and a team of professionals at our locally based contact centre. With a growing branch network throughout the Illawarra, Sydney, NSW South Coast, Newcastle/Hunter, the ACT and Melbourne, we have a lending specialist in every branch and a team of mobile lending specialists who will come to you.

Find out more