Public servant Bridget Box was having a stressful day dealing with family health problems when her phone rang. The caller claimed that they worked for the National Australia Bank’s fraud team.
Sensitive to the possibility of scam calls, Box was at first hesitant, but the caller told her to pull out her NAB bank card and check the phone number on the back.
NAB customer Bridget Box was scammed out of $35,000. Credit:Luis Enrique Ascui
The digits of the incoming call matched the number on the card and Box was told by the caller that NAB spent millions of dollars each year ensuring the bank’s phone lines were secure. The caller then told Box her account was being targeted by hackers and detailed instructions for how to protect her money.
Without thinking much further, Box followed the instructions and transferred $35,702 to three separate accounts. But immediately after she hung up, “the haze lifted”, she says, and she panicked.
Box dialled the NAB number – the same number that the caller had appeared to use. NAB’s actual fraud team answered and advised they would take immediate action.
NAB was able to recover $8130 for Box but the remaining funds had been transferred to other banks and withdrawn from ATMs. NAB has denied liability for the remaining money, citing the ePayments code that protects banks from refunding payments that are “authorised” by customers.
NAB told Box she had probably been a victim of caller ID “spoofing” – where hackers can display a phone number different from the one they are actually calling from.
“We all get fake calls but it’s been embedded in me to trust NAB’s number and that telephone banking is secure,” Box said. “My trust in NAB was used to deceive me.”
Since the COVID-19 pandemic, there has been an explosion in the number of scam calls and texts around the world as malware becomes cheaper and institutions struggle to keep up with the evolving threat. Last week, Optus was targeted by hackers in what has been described as the largest data breach in Australian corporate history.
The Age and Sydney Morning Herald revealed earlier this year the major banks have strongly opposed any change to the ePayments code (that outlines consumer protections for customers of banks and other financial institutions) that would put the banks on the hook for scam losses.
At the crux of the debate is the definition of “authorised payment”. Consumer groups argue these payments, while made by the customer, cannot be considered authorised as they were made under duress.
In Britain, for comparison, more than 90 per cent of banks have now agreed to reimburse customers who are tricked by criminals into making payments through impersonation. By increasing bank liability for these losses, regulators and lawmakers hope the industry will invest in upgrading technology and defences to prevent scam losses from occurring in the first place.
Box complained internally with NAB, but says the investigation was “one dimensional” and ignored the fact a NAB-branded number was used. Ultimately, NAB found there was “no NAB error in process” and efforts to recover the funds had failed.
“There was no opportunity in which NAB could have intervened to have prevented your loss,” NAB said in a letter dated June 6.
Box has now taken the complaint to the Australian Financial Complaints Authority (AFCA), arguing NAB’s failure to warn customers about this type of scam makes them complicit.
“I am claiming NAB has turned a blind eye and has not taken adequate steps to inform, protect and educate me of the risk of this type of scam. Since April, NAB has failed to alert me, and all NAB customers, about spoofing,” Box said.
“I’ve been with NAB since 2004. I’ve received calls from the NAB fraud team before. I have no reason to mistrust the NAB-branded number. Why would I think that number would be breached?”
NAB offered to settle the matter for $2500, then $3000, then $5000 over a number of months, Box said, but she rejected the payment so that she could speak out and raise awareness of what she believes is the banks’ failure to protect customers.
“I’m lucky in the sense that I have money and I’m not financially screwed even though this is a huge amount of money,” she said. “But I just keep thinking – how often is this happening to people where this is everything?”
In a statement, a spokesman for NAB’s group investigations and fraud team said he could not comment on individual cases but there had been a significant increase in scams in recent years.
“It’s upsetting to see the devastating effects these can have on the impacted victims. The prevalence of scams highlights a society-wide issue and we all have a role to play in taking action, driving education and raising awareness,” the spokesman said.
However, the statement did not address how many NAB customers had been impacted by caller ID spoofing specifically. NAB said it hosted 70 free customer education sessions last year and the bank has recently hired more than 80 people to join its cybersecurity team.
“In regard to phishing scams, NAB will never ask a customer to confirm, update or disclose personal or banking information via a link in a text message or email. We will never ask a customer to transfer money to another account to keep it safe,” the spokesman said. “If someone is ever unsure if the person contacting them is from NAB, they should hang up, and call NAB on the number found on the back of their card.”
Box is now determined to take the complaint to the Ombudsman, in the hope that banks improve their handling of scam losses and complaints.
“The banking code of practice talks about integrity, trust, confidence, transparency and accountability. There is none of that going on. They shut you down. It’s mentally exhausting. Utterly exhausting,” she said. “My hope is gone with NAB.”
The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.
Most Viewed in Business
From our partners
Source: Read Full Article