Protecting your bank accounts

Security tokens

To further protect your e-banking, Bendigo Bank provides all customers with the option of Security Tokens. You will be required to have a Security Token if you are authorising payments to third parties.

A Security Token provides a second level of authentication for your e-banking used in conjunction with your Access ID and PIN. It looks like a key ring with a digital number display. At the press of a button, it generates a six-digit number called an Authentication Key. A different number will be generated every 36 seconds.

You can tailor it to your own security needs by activating your Token to protect:

  • Your logon
  • Payments and/or Payee list
  • A combination of the above.

The Token will be activated by the Bank before it is sent to you. This maximises the protection it offers. This will reduce the risk of criminals logging into your e-banking or conducting any unauthorised activity as they will not have the Token to access the Authentication Key.

For more information about Security, click here.

Latest Alert - 28 August 2013

New hoax e-mails with various subjects are still being circulated by criminals at present
28 August 2013

In recent days we have noticed an increase in bogus (or 'phishing') e-mail activity aimed at taking advantage of Bendigo Bank customers.

These e-mails have a number of subjects but the common thread is that they are requesting customers follow links and provide or verify account details. The hoax e-mails will generally contain links to pages where access id and PIN details are to be entered and therefore captured for use by criminals.

The e-mails appear to come from a legitimate Bendigo Bank mailbox but this is not the case.

These attacks can be frequent and aggressive; and as a result Bendigo Bank continues to closely monitor the development of this behaviour and we will continue to advise you on the best security precautions. The bank will never send unsolicited emails to anyone asking them to follow a link in the e-mail to any site to confirm details or to a logon page.

If you receive such an email it is a hoax. The emails are not from Bendigo Bank and you should never open such e-mails or disclose your banking details under any circumstances. It is essential that you delete all unsolicited emails without opening them and that you run an up-to-date firewall and anti-virus software.

For further information about protecting your bank accounts, see below.

Previous Alert - 8 August 2013

New hoax e-mails with subject 'We have been unable to verify your account' are circulating at present
8 August 2013

New hoax emails with the subject 'We have been unable to verify your account' aimed at taking advantage of Bendigo Bank customers are being circulated by criminals at present. The hoax e-mails contain links to pages where access id and PIN details are to be entered and therefore captured for use by criminals.

The e-mails appear to come from a legitimate Bendigo Bank mailbox but this is not the case.

These attacks can be frequent and aggressive; and as a result Bendigo Bank continues to closely monitor the development of this behaviour and we will continue to advise you on the best security precautions. The bank will never send unsolicited emails to anyone asking them to follow a link in the e-mail to any site to confirm details or to a logon page.

If you receive such an email it is a hoax. The emails are not from Bendigo Bank and you should never open such e-mails or disclose your banking details under any circumstances. It is essential that you delete all unsolicited emails without opening them and that you run an up-to-date firewall and anti-virus software.

For further information about protecting your bank accounts, see below.

Known Threats

Phishing

You receive an email purporting to be from your bank. Messages are various but will prompt you to follow a link to our e-banking site. In fact if you follow the link it will take you to a 'ghost website' that looks like ours. When you log on, your keystrokes will be captured by the thieves and then used to siphon money from your account.

An example of one commonly used message is: 'Dear User. We confirm that today the amount of $832.25AUD has been debited from your account - Bendigo Bank'. The message includes a link, apparently to our website. Human nature being what it is, there is a great temptation to click on the link to find out where this apparently unauthorised debit has gone. In fact, the link either goes to a ghost website or contains a hidden key logger which infests your computer and may be 'called up' when you log on to our legitimate banking site.

Trojan horse A program that pretends to be something it's not. Like the original Trojan Horse, it contains something hidden inside it - a malicious program. These programs can damage your computer or might contain a key logger which can even be turned on to capture your keystrokes next time you log on to the official Bendigo Bank e-banking site.
Spyware This is software that gathers information without you knowing. It can enter your machine as a software virus or as the result of installing a new program.
Virus

A malicious software program that invades your computer. There are many viruses. Some cause damage to your computer; others use the infected machine's Internet connection to launch an attack on another computer or computer network.

A particularly serious virus is one that records keystrokes and logs your activities - including your Internet banking numbers and passwords, network passwords and credit card numbers entered into online shopping sites. This information is then sent back to thieves who may use it to siphon your account and make purchases on your cards.
Online Job Scams Criminals are constantly finding ways of encouraging innocent people to become involved in their activities. One of the ways they do this is by advertising for employees, via legitimate job sites or by using spam.

Key points to look out for include:

  • Jobs which are home-based using your own PC.
  • Overseas companies advertising for sales 'agents'.
  • Companies asking for your banking details.
  • Ads which suggest that you can earn lots of money with little effort.
  • Commission based payments, where an amount of money is credited to your bank account and you are required to send the money elsewhere (often overseas) and keep your percentage.

Not only can you be caught up in a scam involving stolen money but often these emails include a 'trojan' or keylogger which can then compromise your own PC.

Our advice is to ignore these types of ads or if you have received an email, delete it immediately from your PC.

Always remember that if it sounds 'Too good to be true', it probably is.

How to Protect Yourself

To ensure your e-banking is secure, follow our Golden Rules:

  • Always log on to e-banking by typing http://www.bendigobank.com.au
  • When online with Bendigo Bank, always check the address field displays our official website, www.bendigobank.com.au (The address field will not be visible once you are logged into e-banking)
  • Never follow an email link which takes you directly to a logon screen
  • Purchase a Security Token for a second level of authentication. For details, click here.
  • Install Anti-virus, Anti-spyware and Firewall software and keep them and your operating system up to date. More info
  • Only conduct financial transactions online using computers you know are secure. This means that use of Internet cafes should be avoided
  • Always exit your e-banking session when finished, by clicking the 'Logoff' button in the top right-hand corner of the window
  • Always check there is a padlock symbol on the log-on page (where you enter your PIN and Access ID). Click on the padlock to verify you are dealing with Bendigo Bank           
    Internet Explorer 7
              (top right-hand corner)
      Internet Explorer 7
         
    Internet Explorer 6
              (bottom right-hand corner)
      Internet Explorer 6
  • Never divulge your PIN. Bendigo Bank will never ask you for your PIN (either in person or by email)
  • Never leave your computer unattended while logged on to e-banking
  • Regularly check your account balances and transaction histories and immediately report any discrepancies to Bendigo Bank
  • You should protect the security of your PIN and Access ID at all times. Allowing somebody to know these details is the same as giving them a signed blank cheque. If you believe your details may have become known to another person, you should log on to our e-banking site immediately and change your PIN

The bank will never 'cold call' in person or by phone, or send unsolicited e-mails or correspondence requesting any banking details.

You should immediately be suspicious of any person, phone call, SMS, email or correspondence asking you to disclose any of your banking details. This includes details such as:-

  • telephone banking or online banking PINs
  • credit card numbers
  • CVV (card verification value) numbers
  • any other banking details such as account numbers.

To be certain any caller is an authorised bank representative, you can always ask to call us back, then dial our call centre on 1300 BENDIGO (1300 236 344) for a local call cost.

For more security information, click here.

Security software - useful links

Company Name Website Browser Firewall Anti-Virus Anti-Spyware
Apple http://www.apple.com Yes Yes Yes Yes
AVG/Grisoft http://www.avg.com.au No Yes Yes Yes
Computer Associates http://www.ca.com/au No Yes Yes Yes
F-Secure http://www.f-secure.com No Yes Yes Yes
Kaspersky http://www.kaspersky.com No Yes Yes Yes
Lavasoft http://www.lavasoftusa.com Yes Yes No Yes
Linux http://www.linux.org Yes Yes Yes No
McAfee http://www.mcafeestore.com No Yes Yes Yes
Microsoft http://www.microsoft.com/protect Yes Yes Yes Yes
Mozilla http://www.mozilla.org Yes No No No
PC Tools Software http://www.pctools.com No Yes Yes Yes
Sophos http://www.sophos.com No Yes Yes Yes
Spybot http://www.safer-networking.org No No No Yes
Symantec http://www.symantec.com.au No Yes Yes Yes
Trend Micro http://www.trendmicro.com.au No Yes Yes Yes
Webroot http://www.webroot.com No Yes Yes Yes
Zonelabs http://www.zonelabs.com No Yes Yes Yes

If you receive a suspect email

Do not open it

Delete it from your Inbox and then permanently delete it from your Deleted Items folder.

If you have clicked on the link in the email:

  • Use your virus protection software to scan your computer for viruses and Trojans.*
  • After scanning your computer, contact Bendigo Bank on 1300 BENDIGO (1300 236 344) (8am - 8pm weekdays, 9am - 4pm Saturday and 10am - 4pm Sunday, Victorian time). If necessary, we can reset your Access ID.
  • Once you are certain your computer is virus-free, we suggest you change your e-banking PIN for peace of mind.

* It is critical that you ensure your computer is free of viruses before logging on to e-banking. If you have any questions about virus protection, please contact your software vendor or your internet provider.

Contact us if you have a concern

If you believe your e-banking details may have been compromised by one of the methods above, please contact Bendigo Bank immediately on 1300 BENDIGO (1300 236 344). Alternatively, you can alert us of any suspicious activity you have witnessed by emailing us here.

For more security information

The following sites can be visited for more information on security issues in general relating to Internet usage.