Online Fraud

Summary: 

Online Fraud can be a scary thing to experience but by remembering a few key things when banking online, you can learn to spot fake emails, websites and protect yourself from cyberthieves.

CTA: 

 

Coin jar
Call us on
13 11 75
Find a branch

Phishing and Hoax Emails

'Phishing' refers to a method used by criminals to trick our customers into using fake websites pretending to be those of Suncorp or other legitimate companies. These fraudsters send out lots of spam emails which include a link that entices the recipient to visit a fake Suncorp website instead of the legitimate one.

Email Security Tips

  • Be wary of emails from people you don't know or trust. Delete any emails you think are suspicious.
  • Never click onto a link or an attachment in an email, obtained from a source you don't know or trust.
  • Never provide your personal or security details, including Customer ID or passwords, in response to any email. Suncorp will never request this information from you via email.
  • Always scan any new programs or files for viruses before you open, install or use them. Your anti-virus software may do this for you automatically.

Suncorp Bank will never send you an email asking you to verify your details, reset your account or supply any personal details.

No Suncorp Bank email will contain active or clickable links. Any link in an email will be shown in full and not be clickable. You can then copy and paste the link into a web browser.

How to Identify a Hoax Email

  • Poor grammar and spelling (although sometimes they can be grammatically perfect!).
  • Links to web addresses that are different to what you would usually expect (although there are ways to make links appear legitimate).
  • Urgent appeals for help or personal details (like credit card or account numbers, PINs or passwords).

Example of a hoax email (notice the poor grammar and link)

sample fake email

How to Identify a Fake (Phishing) Website

  • Check that the web address or URL of the website looks valid.
  • Become familiar with our Internet Banking website and logon screen - the most obvious way to identify a fake website is to check the login page. We will only ever ask you to provide your Customer ID, password and token code. In the first example below, the fraudsters have added additional fields to the logon screen.
    • Notice how a Social Security Number is requested - this field is not even relevant for Australia.
    • Notice the field 'Mothers Maiden Name (for security)' - fraudsters will often claim 'security' as a way to deceive customers into believing their fake website is legitimate.
    • Remember that Suncorp will only ever ask for your Customer ID, password and token code. We will never ask for your External Transfer Password (ETP), or personal details at the 'Logon to Internet Banking' screen.

Examples of Phishing Sites:

fake website

fake website

Notification Emails From Internet Banking

Below is a typical notification email sent from Internet Banking. Notice how no personal details are supplied as well as no links within the email.

From: onlineaccess@suncorp.com.au
To: customer@isp.com.au
Date: 10/04/2009
Subject: Successful Funds Transfer

One of your future dated funds transfers via Suncorp Internet Banking has been successful

We cannot advise you of the account number and transfer details via e-mail as this message is not secure. A secure message containing this information is waiting for you online. To view simply logon to Internet Banking at suncorp.com.au and select the Secure Messages menu item located on the left of the screen.

If you would like to speak to our Customer Service Team, please call us on 13 11 75.

If you receive a suspicious email appearing to have been sent by Suncorp Bank, DO NOT click on any links or attachments in the email. Forward the email to us at security@suncorp.com.au. If you suspect you have responded to a fraudulent email, we recommend you change your password immediately and contact Suncorp's Internet Banking Call Centre on 13 11 75.

Email Scams

You may have heard about emails that aim to recruit unsuspecting people (also known as 'mules') to launder stolen money. These are known as email scams.

Emails will typically promise you a high salary, guaranteed income or a chance to 'meet someone' in return for sending, receiving or forwarding money. This is money laundering and the recipient is asking you to be the mule.

How to Identify a Job Scam Email

An example can be seen below.

  • Check the sender's email address - it will usually be a long, unusual looking email address.
  • Check the recipient field. A generic recipient field such as 'AU citizen' often indicates a scam email.
  • Check the subject - it will usually include a tagline or a 'gimmicky' marketing headline.
  • Check the email content. If the sender needs you to have a bank account, it is so that you can receive stolen funds.
  • Check the sender's email signature. Would a CEO really send an email like this?

If it sounds too good to be true, then it probably is!


Ways to Bank

Everyday Banking

Savings Accounts

Term Deposits

 

Home Loans

Personal Loans

Credit Cards

 

Personal Superannuation

Financial Planning

Foreign Exchange

Business Bank Accounts

Merchants and Payment Facilities

Business Lending

Agribusiness

Treasury

Business Superannuation

Management Rights

 

Funds Management

 

International Trade Finance