Security Centre

As cyber-crimes and scam activity increase across the world, and particularly here at home with the most notable of events with Optus and Medibank being the latest victims, it is important we do all we can to support you.

That is why we use the latest technology to proactively keep your accounts and cards secure.

It’s important that you work with us and take precautions to help reduce the likelihood of fraud on your account. In the same way you would lock your doors and secure your home, there are many basic precautions you can take to protect your money, identity, and online banking.

We’re encouraging everyone to chat about scams with friends, family and colleagues to raise awareness and help reduce the risks. Our team is always ready to offer you the support and guidance you need to avoid being a victim.

Concerned about the safety of your accounts? Call 1300 360 744 immediately.

Here are some of the steps you can take to identify and prevent fraudulent activity:

  • Prevent Scams

    Always Verify call – verify the callers number by calling the entity back on a known official number – i.e. your banks direct line (found on website, Mobile App or NetBanking)

    Do NOT respond to – Unsolicited requests for banking details or fund transfers, and unexpected investment offers via phone, email, or social media. This is in relation to Bond Deposit scams that are currently circulating.

    Do NOT reply to SMS – We  do not send SMS with a link on it and will never ask customers to reply any SMS, even if with a simple ‘Y’ or ‘N’.

    Seek advice first – Get advice on best steps to take by contacting your bank direct

    Check the email address – If receiving a suspicious email from an organisation or employer, check the email address details to make sure it is genuine. Our email domain is @sccu.com.au

    Do NOT click the link – Think twice before clicking on links received by email, SMS or direct message on social media unless you are 100% sure they are genuine.

    Do NOT open the attachment – Don’t open attachments or click on links in emails, text messages or social media messages you’ve received from strangers. Just press delete.

    Do NOT provide your personal or banking details – Never provide any of your personal, banking details, and passcodes (including authentication codes received via phone or email) to someone you don’t know and trust. Our team will always ask for more than your main details and One Time Password when verifying your identity.

    Ask to call back – If receiving an unsolicited call where you are asked to share your details, ask to call back using details you find in an independent search. Do not provide any passwords, including one-time passwords, to anyone calling you claiming to be from your financial institution, without first ensuring the call is legitimate.

    Check your account often – It is important to check your bank account on a regular basis and be wary of unusual payment requests. If you have SCCU mobile app, we suggest you make it a daily task.

    Double-check the website link – When engaging on any financial services, make sure the link of the website is genuine. Our website link, for example, is https://sccu.com.au/  As an alternative, download and use the App banking channel on a smart device.

    Call before you pay – When having a family member or friend asking for a financial help, call the person via video chat, arrange to see them in person or call another relative or friend who can see them in person before you complete the transaction to authenticate is real request. Some scammers can use voice A.I. to impersonate your loved ones.

    Update your contact details – Keep your contact details up to date. This way we can easily reach you if we need to discuss any urgent matter.

    Frequently update your password – We recommend changing your NetBanking password regularly and use different passwords for different platforms. A strong password usually has more than 10 characters including lower- and upper-case letters, numbers, and symbols. It should also exclude personal information such as family names and special dates, and common words.

    Strengthen your password – The Australian Cyber Security Centre (ACSC) is encouraging the use of passphrases to increase your data protection against identity compromise and data breachers as it is usually longer and less predictable than a password. A strong passphrase is long, unpredictable, and unique. We know that managing long passwords can be overwhelming, so using a password manager application may make it easier to manage all the passwords to all of your accounts.

    Protect your gadgets – Regularly install operating system updates and use anti-virus software.

    Be wary of unusual payment requests – Scammers will often ask you to use an unusual payment method, including preloaded debit cards, gift cards, iTunes cards or virtual currency such as Bitcoin.

    Unsolicited messages – Never respond to unsolicited messages that ask for your password, personal or financial details. Just press delete.

    Online shopping – Be careful of fake online shopping sites requesting unusual payment methods such as upfront payment via money order, wire transfer, international funds transfer, preloaded card or electronic currency, like Bitcoin. Information is available at: Online shopping scams.

    Receive Alerts – Register for Australian Government’s Scamwatch email alerts to get updates on the latest types of scams targeting Australian consumers and small business.

    Check Investor Alert List – ASIC has created a new ‘Investor Alert List’ as one of the methods for alerting the community to scams: https://moneysmart.gov.au/check-and-report-scams/investor-alert-list

     

  • Stay Up To Date and Seek Extra Support

    To stay up to date with the latest scams and learn additional steps you can take to limit the risk of fraud, we suggest you visit the websites below:

    • For crisis support contact Lifeline on 13 11 14.
    • For emotional support contact Beyond Blue on 1300 22 46 36.
  • Watch Out For The Latest Scams

    Here are a few, to help increase your awareness;

    Investor Identity Theft – Fraudsters are impersonating individuals, transferring or selling their shares without their knowledge. Many people don’t find out until they receive a confirmation letter from a share registry or the Clearing House Electronic Subregister System (CHESS). If anyone has been affected by previous data breaches, it’s especially important to stay vigilant. Personal information leaked online can make us targets for identity theft. We encourage customers to keep a close eye on any unexpected notifications regarding their investments. If something doesn’t feel right, take the time to verify and check it out. Staying proactive is the best way to stay protected.

    Phone and Courier Bank Scam – Scammers posing as bank representatives are calling customers, claiming that a bank staff member is fraudulently stealing money from their account. The scammer instructs the customer to withdraw a large sum of cash from an ATM, assuring them that a courier will pick up the money to “trace the serial numbers” and catch the fraudulent employee. Remember, a legitimate bank will never ask you to withdraw cash for such purposes. Always verify suspicious calls by contacting your bank directly.

    Deposit Bonds and Term Deposit Scams – Scammers use real business details and online channels to appear legitimate, collecting personal information through fake advertisements. Key tactics include issuing fake bonds or term deposits in the name of reputable companies, using fake online reviews and government logos, and providing false AFSL details. To protect yourself, stay informed about investment scams, independently verify investment offers, and report any suspicious activities to us and the Australian Financial Complaints Authority (AFCA).

    In Person Bank Impersonation Scams – These scams involve a customer’s data being compromised in some way, followed by contact from scammers pretending to be members of their financial institution or their fraud department.

    Variations of the scams have included:

    • The scammer impersonating a Branch Manager and informing them that their card has been compromised. They have then visited the customer and asked them to provide the supposed compromised cards and the relevant PIN.
    • The scammer telling the customer that their accounts are compromised and convincing the customer to withdraw funds and physically provide those funds to the scammer.
    • It should be noted that both cases that we have seen have targeted customers who are over 65 years of age.

    SMS Scams – SMS scams continue to be  on the rise. Scam messages usually require quick action, and they are often either linked to a scam website or followed by a spoofing call – when scammers impersonate organisations to gather information from their victims.

    Money Recovery Scams – We’re seeing a prevalence of scams, the latest campaign is known as recovery scams or “follow up” scams. They target victims who have already lost money to a previous scam. These scammers act as legitimate businesses and promise to help victims recover their losses after paying a fee (often upfront). Scammers will also often ask for the victim’s personal information before offering help to the victim.

    ASIC recently issued a scam alert warning customers about a specific money recovery scam involving an entity named Payback-Recovery Co ( www.paybackrecovery.com ) who claims to be a service helping victims of online fraud or scams get their money back. The website falsely claims that www.payback-recovery.com is approved by ASIC and provides fake documents displaying the ASIC logo and Commonwealth Coat of Arms.

    Suspicious website offering investment opportunities – ASIC has issued a scam alert warning investors not to deal with www.cambridgeassetmanagement.com. This website is allegedly run by a Hong Kong entity, Cambridge Asset Management and is offering suspicious “investment opportunities”. ASIC has received reports that Australian consumers who invested their superannuation through the website were unable to withdraw the funds they invested.

    ASIC has created a new ‘Investor Alert List’ as one of the methods for alerting the community to scams:
    https://moneysmart.gov.au/check-and-report-scams/investor-alert-list

    End of financial year tax scams – ACMA has issued a scam alert warning consumers to be on the lookout for scammers during tax time. As Australians start to prepare their tax returns, scammers are likely to take advantage of the end of the financial year and target individuals who are submitting tax returns or waiting for the outcome of an assessment. As a result, ACMA is warning consumers to be aware of tax themed scam emails, SMS and calls over the coming months. Common tax scams include robo-calls or calls from people pretending to be from the Australian Tax Office (ATO), MyGov or another government department. The scammer will often claim they require urgent payment of a tax debt or request personal information in order to process a tax refund. ACMA has cautioned consumers that the ATO will never threaten arrest, demand immediate payment of a tax debt or fine, or cancel or suspend a person’s Tax File Number and encourage consumers to contact the ATO to confirm that a call or message is genuine. The ACMA scam alert can be found here: https://www.acma.gov.au/articles/2023-07/scam-alert-end-financial-year-tax-scams

    Call Centre Spoofing Scams are rapidly sweeping the country resulting in thousands of dollars in card fraud. Scammers are calling customers, impersonating their Financial Institution’s call centre; requesting the OTP (one time password) which is being sent to their phone. Customers willingly provide the password to the scammers, thereby allowing the scammer to conduct fully authenticated transactions on the customer’s card or reset NetBanking passwords.

    ‘Hi, Mom!’ or ‘Hi, Daughter/Son!’ –Scammers pretend to be someone from your family via SMS or phone call asking to borrow money.

    TOLL – Phishing scam sending SMS with a fake link. Linkt (the Transurban e-Tag tolling brand in Australia) don’t send text messages, you would receive their communication or fine via mail.

    BIN Attack Fraud – A BIN Attack involves a fraudster taking the first six numbers of a card (the Bank Identification Number or BIN) and then using software to automatically generate the remaining numbers and test these combinations to see which card numbers are correct and if the cards are active.

    This is usually done by making small transactions through an online store. Fraudsters can write programs that run card numbers through the website, with multiple cards tested per second. The volume of cards being tested can range from several a day to thousands of cards in a matter of hours.

    Here’s how to spot the signs of a possible BIN attack:

    One or more transaction being charged or sitting as a pending transactions

    Most of these transactions occur consecutively, but not always

    Can come from a merchant you may or may not have had any involvement in the past i.e. PayPal, Amazon

    If you notice any unauthorised transactions or suspicious activity on your account, please notify us asap on 1300 360 744 or visit your local Southern Cross Credit Union Branch.

    Please remember we won’t ask for your full card number or any personal passwords over the phone.

    Mobile Wallet – Monitor the mobile wallet provision (eftpos, Visa, MasterCard) and transactions that follow.

    Fake Advertisements – Bogus advertisements on Google, Bing and Yahoo including a direct link to a fake internet banking login page. We don’t do advertisements with a link to our NetBanking Portal.

    Term Deposit – Fake rate comparison websites offering Term Deposit application on site, even including a confirmation email. All SCCU service applications are completed through www.sccu.com.au.

    Disaster Chasers – Scammers are pretending to be Claim Managers and contacting people who have been impacted by recent flooding in VIC, SA, NSW and TAS to ask that insurance excess payments are made directly to them. Go direct to your insurance company before making any payments.

    Cryptocurrency Scams – These scams often come with the tease of big payout, doubling your money or a guarantee of similar nature. They also often target those who are elderly and are vulnerable to scams (especially online investment scams) and are isolated from family or live alone. Please be alert to the dangers associated with investing money with people you don’t know, often based overseas, for seemingly great returns.

    Fraudsters – We are aware of fraudsters contacting customers and impersonating SCCU employees in an attempt to extract personal information, often saying they are verifying withdrawals or card transactions.

    There have also been reports of fraudsters impersonating a transaction fraud committee. They ask for information to identify they are speaking to the right person while reiterating they are not asking for account or passwords to reassure. They flag there are suspicious transactions that they have not yet released, which is why you can’t see them on your account. After some questioning, the fraudulent company then says they can confirm that they’re speaking to the right person but cannot confirm that the customer hasn’t made the queried transactions and will have to let them pass through unless they can verify the answers discussed through NetBanking. They then reiterated that they will not ask for any account information and instead have a completely secure app such as AnyDesk. After the customer downloads the App the fraudsters then have the ability to watch as the customer’s login to NetBanking, emails and other password protected sites.

    Please be aware that a range of tactics are used by fraudsters, including the use of language that triggers panic which in turn motivates the customers to act quickly rather than question what is being said (if I don’t do this right now, my money will be gone) as well as the use of a female voice to put people at ease.

    Please be alert to these types of scams and we encourage you to contact us directly if you are concerned that this has happened to you.

  • Spot a Crypto Scam

    According to ASIC’s investigators, the top–10 signs of a likely crypto scam are:

    1. You receive an offer out of the blue;
    2. You see a celebrity advertisement that is actually a fake;
    3. A romantic partner you only know on-line asks for money in crypto;
    4. You get pressured into transferring crypto from your current exchange to another website;
    5. You’re asked to pay for a financial service with crypto;
    6. The app you’re using or directed to isn’t listed on the Google Play Store or Apple Store;
    7. You need to pay more to access your money;
    8. You are ‘guaranteed’ returns, or free money;
    9. Strange tokens appear in your digital wallet;
    10. The provider withholds investment earnings ‘for tax purposes’.
  • NetBanking & Mobile App Security

    There are a few things you can do to protect your security when banking online.

    • Consider the use of the ‘Save Password’ feature in browsers (this often pops up when you’re logging in to a site, or making an online payment). These passwords can often be viewed by simply going into browser settings and are vulnerable to hackers and in instances where property, like a laptop, is lost or unattended.
    • Log out after using NetBanking – Always click on the ‘Logout’ button and close the browser when you have finished using NetBanking. Simply closing the browser when you are done may not log you out of NetBanking completely.
    • Choose secure access codes – When choosing your password try to make sure it is as unique as possible. Don’t use your birthday or the name of your pet.
    • Remember never to disclose your password to anyone.
    • Ensure you have adequate protection against Virus’s (including Trojan) and Malware on your computer and phone.
  • 24/7 Fraud Monitoring

    Together with Orion (our supplier of fraud management services) we have a sophisticated card monitoring program in place to provide additional security to you 24 hours a day, 7 days a week, while you’re at home or travelling overseas.
    Orion monitors your usual card spending activity and is able to quickly identify any unusual spending patterns with the aim of preventing attempts by others to use your card.

    What happens if there has been an unauthorised transaction on my card?

    If Orion detects suspicious or unusual spending behaviour on your card they will contact you via phone and email to confirm the transaction was genuine before putting a stop on your card.
    It is very important that you ensure your details with us are up to date and correct and that you notify us if you are travelling overseas, as your card may be blocked if we are unaware of your plans to travel abroad.

    Remember we will never:

    • Ask you for your NetBanking login or credit card details via phone or email
    • Use email to send you a link to the NetBanking login page
    • Ask you to disclose your password to us in any form

    Avoiding Scams
    For more info about how to identify and avoid scams, check out www.moneysmart.gov.au/scams/avoiding-scams

  • Security Tokens

    Security tokens are available to provide enhanced security when accessing your accounts online via NetBanking or your mobile.

    There are two types of security tokens available:

    • SMS Token
    • VIP Access Tokens

    SMS OTP (One Time Password) or SMS Token

    If you would like access to enhanced security when accessing your accounts via NetBanking or mobile banking you can enable the SMS token facility.
    The SMS security token can be enabled by all customers, no matter what your daily access limit amount is set at.

    VIP Access Token

    The VIP Access token is available via a SCCU mobile app or physical token that can be attached to your keyring.
    The VIP Access token provides you with a unique security code that you can use in addition to your username and password when logging into NetBanking or mobile banking. This code changes every thirty seconds. The use of a secondary security device increases safety and security when accessing your accounts online. This device does not require internet to access.

    If your daily transaction limit is more than $5,000, or you would like to increase your daily limit to more than $5,000 you will be required to use either the SMS token or a VIP Access token to access your accounts online via NetBanking or mobile banking.

  • Disputed Transactions & Chargeback Guidelines
    • Contact the merchant if you have an unrecognised transaction on your account. This can often be the simplest solution. If this isn’t suitable or you’re not satisfied with the outcome, contact us and we can start the chargeback process on your behalf where the right to a chargeback exists.
    • To enable this, you’ll need to get in touch within 45 days from the transaction date. If the transaction is an unauthorised transaction, contact us as soon as possible
    • For more information on chargeback rights and disputed transactions, get in touch with our team for help. You can also read through our Resolving a Dispute guide for further assistance.

     

Need Help? Contact us immediately

if you are suspicious of scam or need help detecting a fraudulent transaction, please take action immediately.

– Visit your closest Financial Service Centre, or;
– Call our Customer Contact Centre at 1300 360 744, or;
– Contact us via email here.

Our team will take the necessary measures and assist you in further protecting your information and funds.

Contact Us