Westpac’s general manager for fraud prevention and financial crime, Chris Whittingham, said “call spoofing” – where scammers use software to mask their phone number with the number of a known business – was a commonly employed tactic in impersonation scams.
“These scams are incredibly challenging to detect because from the customer’s perspective, they appear to be getting a call from say Westpac, when in fact, it’s a scammer posing as a member of our fraud team calling from a completely different number,” he said.
Impersonation scam red flags
- Unsolicited contact. They unexpectedly call, SMS or email you claiming to be from a reputable business.
- They know personal information. They have often already fraudulently obtained personal details like your name, ending digits on your credit card or approximate location, which makes them appear legitimate.
- They want you to action something. They will often instruct you to complete an action while on the phone to them – like updating your banking details, increasing your daily payment limit, downloading an app or sending money to a ‘new’ account.
- They use spoofing software. They may use software to send you a fake SMS that appears to be from the business they say they’re calling you from while on the phone with you to convince you the call is genuine.
Source: Westpac
“The scammer will then use personal information they’ve fraudulently obtained, like quoting the customer’s name or last few digits of their credit card, to convince them the call is genuine.”
To try and combat this type of scam, Westpac is working with Optus to place more than 94,000 Westpac phone numbers on a “Do Not Originate” list in an attempt to prevent scammers from impersonating the bank’s numbers.
“The 94,000 numbers that we have within Westpac have gone to Optus and sit on their Do Not Originate list so that no one can put up a number within the telephony system that would say that it’s from Westpac.”
Loading
“They’ll still see that [number] from a Westpac point of view, but no-one outside Westpac can use that number.”
Optus will share the list with other telecommunications companies to extend the protection to different networks.
There has been pressure on the banks to do more to combat scams. The ACCC says the UK does a better job in protecting consumers against fraud and has urged the banks to adopt a similar model to the UK, which uses Confirmation of Payee (CoP) technology to catch bank transfer scams by matching a recipient’s bank details with their name.
However, Australia’s big four banks have not committed to introducing the measure, and have pointed instead to the New Payments Platform’s (NPP) PayID initiative, which banks argue already blocks those scams from happening. PayID works by linking someone’s bank account to an easy-to-remember piece of information like a mobile number or email address.
Whittingham said he had recently travelled to the UK to talk to industry figures about scams and emerging prevention models, and he believed PayID was a more effective system, but acknowledged it needed greater take-up by the public.
“It probably needs broader use in the market,” he said.
People should be cautious of unexpected phone calls, text messages or emails from a known business, and consider what they are asking, he said. If ever in doubt, hang up and call back on a publicly listed number to ensure the call is genuine.
“Scammers use fear, saying you need to do this urgently to protect you,” he said. “Take a step back and think before you provide any details or before you transact.”
Denial of responsibility! insideheadline is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
