Previous updates
2024
Bendigo Bank branded phishing emails
The Bank is currently aware of scammers targeting Bendigo Bank customers via email. The phishing emails include Bendigo Bank images and branding asking recipients to urgently click on a link.
Do not click the link in these emails.
Remember:
- We will never ask you to login to Internet Banking via a link sent in an email;
- Never click on a link if you feel uncomfortable, or are not sure about an email.
If you have received a suspicious email you can forward it to phishing@bendigoadelaide.com.au for investigation.
Impersonation scam risk relating to telco data breaches
We are aware of an impersonation scam that may be targeting customers impacted by telco data breaches.
Impersonation scammers will contact you pretending to be Bendigo Bank, then attempt to obtain personal details or account information.
What to look out for:
- The scammer included a suspicious link in their email or SMS.
- Their message uses strange words or phrases, or it looks different to other messages.
- They’re asking you for personal information or telling you to transfer money to another account.
- There’s a sense of urgency or threat to the message, like “Your bank account has been accessed.” or “Your bank account has been locked.”
How to protect yourself:
- Take a minute and remain calm: consider what you’ve learned about different kinds of scams and ask yourself ‘who’s really there?'.
- Never provide your password or Internet Banking PIN to anyone, even if they are claiming to be from Bendigo Bank and have personal information about you.
- Check that the message is real by contacting Bendigo Bank directly using the details you find yourself on our contact us page.
- Always access the official website or mobile app directly, never via a link.
- Don’t open links in text messages or emails or download any attachments or apps.
- Look out for changes in caller IDs - this could include unfamiliar numbers, special characters, or calls from different locations.
Remember:
- We will never ask you to login to Internet Banking via a link sent in an email, nor will we ask you to transfer / pay money into another ‘safe’ bank account.
- Never click on a link if you feel uncomfortable or are not sure about an email.
- Don’t give money or personal information to anyone if you’re even a little unsure.
To report suspicious activity and remain up to date on any online security issues which may be affecting or targeting Bendigo Bank customers, please visit https://www.bendigobank.com.au/security/report-suspicious-activity/ or call us directly on 1300 236 344.
Phishing scams with fake links to Adelaide Bank e-banking log on page
The Bank is currently aware of scammers targeting Bendigo and Adelaide Bank customers via email and text message scams.
- The phishing scam states, ‘customers accounts has been suspended and to restore access by clicking on a link.’
- This is an attempt to get customers to click on links sent via emails and SMS. The scammers are tricking customers into clicking on a link which takes them to a fake Adelaide Bank e-banking log on page.
Do not click the link in these emails and text messages.
What to look out for:
- The email or text message requests urgent action from you.
- The email or text message looks suspicious or is unfamiliar.
- There is a link for you to click on.
- There are spelling mistakes in the email or text message.
- Emails or text messages are received from people or businesses you are not familiar with.
How to protect yourself:
- Be cautious - remember: *if it sounds too good to be true it probably is*.
- Do not click the link in these emails or text messages.
- Do not open attachments in the emails.
Remember:
- We will never ask you to login to Internet Banking via a link sent in an email.
- Never click on a link if you feel uncomfortable or are not sure about an email.
If you have received a suspicious email you can forward it to phishing@bendigoadelaide.com.au for investigation.
Investment scams
Australians are currently losing more money to investment scams than any other type, and they aren’t the easiest scam to spot.
Scammers will use convincing marketing and technology to make their investment opportunity seem legitimate, and most importantly an offer too good to miss out on. Common themes are the promise of big payouts with minimal risk, interest rates that will come across as ‘too good to be true’ and they will often us pressure tactics to make you act fast.
What to look out for:
- Unsolicited (cold call) offers promoting easy and early access to
superannuation or other investments; - Pressure to make an investment, quickly, and not tell anyone else;
- Over the top promises and celebrity endorsements;
- Detailed documentation may look real.
How to protect yourself:
- Be cautious - remember: *if it sounds too good to be true it probably is*.
- Be suspicious of celebrity endorsement advertisements or stories.
- Don’t be pressured into making an investment when the opportunity has come out of the blue.
- Watch out for offers promoting easy access to your preserved superannuation benefits. If super is accessed illegally, you may face prosecution.
- Before investing, do your own research and check if the company has an Australian Financial Services (AFS) Licence by visiting www.moneysmart.gov.au.
- Get independent advice from a registered ASIC advisor.
Remember:
Remind yourself to stop, think and protect before making any decisions to invest your money.
Tax scams
Tax time scams are generally impersonation scams that happen around the end of the financial year. People are primed to receive communications from the ATO, MyGov and their accountants, and are expecting to be notified of lodgements and potential refunds.
Scammers will impersonate the Australian Taxation Office (ATO) by contacting you via phone, email, SMS text message, or even social media. In these communications, they will try to access your personal information like your MyGov login credentials or bank card details.
How to spot a tax time scam
The most common red flag for tax time scams is any contact claiming to be from the ATO. You may receive calls, texts, emails or messages asking you to click a link to claim your tax refund, or threatening you to make payments or transfers quickly.
Here’s what to look out for:
- Any messages or emails claiming to be from the ATO that contain a link;
- Inbound calls claiming to be from the ATO that are threatening, demanding, or that involve a prerecorded message;
- Any unusual activity in your MyGov account;
- Social media messages from ATO officials;
- Any request for your bank card details.
Remember:
Staying safe from tax time scams is all about being vigilant and knowing what to look out for. Remind yourself to stop, think, and protect.
Bank impersonation scams
Scammers are using technology to trick their victims by making the call appear to come from one of the Bank’s legitimate phone numbers of +613 5485 7872 or +613 5485 7123, or by sending a text that appears in the same conversation thread as genuine bank messages.
Communications often have a sense of urgency to them, such as fraudulent activity raising red flags, or a frozen account.
Remember:
- We will never ask you to move your funds to a ‘safe account’;
- Never provide your 6-digit Internet Banking security code to anyone - in person, over the phone or online even if they claim to work for your bank and have personal information about you'
- Never provide a caller with remote access to your computer;
- We will never ask you for your Internet Banking PIN, Internet Banking password or 6-digit Internet Banking security code;
- We will never ask you to login to Internet Banking via a link sent in an SMS or sent in an email;
- We may call from time to time and ask to verify your identity by asking for your verbal password. However, we will never ask you for any PIN, password or security code relating to your Internet Banking. If you feel uncomfortable, you can always verify our branch contact details on our website and call us back.
- If you ever feel uncomfortable, or not sure about a call, please hang up and call us on 1300 236 344.
Learn more about how to spot a scam.
Bendigo Bank branded phishing emails
The Bank is currently aware of scammers targeting Bendigo Bank customers via email. The phishing emails include Bendigo Bank images and branding asking recipients to open an attached .HTML file to view important changes or to electronically sign a document. HTML attachments must be viewed with extreme caution and never open these without first checking the email is valid.
Do not click the link in these emails.
Remember:
- We will never ask you to login to Internet Banking via a link sent in an email;
- Never click on a link if you feel uncomfortable, or are not sure about an email.
If you have received a suspicious email you can forward it to phishing@bendigoadelaide.com.au for investigation.
Term Deposit Scams on the rise
Scammers are sending emails pretending to be from financial institutions and promoting false investment options for Fixed Term Deposits. These emails are realistically branded making it difficult to spot it is an investment scam.
Signs it could be a scam:
- unsolicited contact especially when the contact is in relation to an investment opportunity
- the email comes from a gmail or Hotmail account i.e. non-corporate
- the email address is a variation of the company email address i.e. @bendigo-savings.com or @bendigoapply.com
- Investment returns promised seem too good to be true
- email contains spelling mistakes and/or grammatical errors.
Not sure if the email is an investment scam? Visit Investor alert list - Moneysmart.gov.au - this alert list can help you know which companies, business and websites (or ‘entities’) are not to be trusted.
Remember:
It’s important to seek independent financial advice before determining if an investment opportunity is right for you. If you feel pressured to make a payment or lock in an investment immediately – don’t.
If you’re unsure or need help identifying whether the contact is legitimately from Bendigo Bank, call us on 1300 236 344
2023
Fake Bendigo Bank emails
The Bank is currently aware of scammers targeting Bendigo Bank customers via email. This email includes Bendigo Bank images and branding and is asking recipients to verify or update accounts. If you click on the link, you will be taken to a phishing website.
Do not click the link in this email.
Remember:
- We will never ask you to login to Internet Banking via a link sent in an email;
- Never click on a link if you feel uncomfortable, or are not sure about an email.
If you have received a suspicious email you can forward it to phishing@bendigoadelaide.com.au for investigation.
Bendigo Bank branded SMS claims VIP access token has been registered to a new device
SMSes are being sent claiming to be from Bendigo Bank. They advise your VIP access token has been registered to a new device.
It asks you to simply reply "No".
Do not reply to the SMS. This may result in follow up communications from the scammers via phone calls and messages.
Always remember:
- If you ever feel uncomfortable about a phone call please hang up and call us on 1300 236 344.
- If you have received a suspicious SMS or email you can report this to phishing@bendigoadelaide.com.au for investigation.
Fake Bendigo email “Important information regarding your account!”
The Bank is currently aware of scammers targeting Bendigo Bank customers via email. This email includes Bendigo Bank images and branding and is asking recipients to access an important message via a secure message centre. If you click on the link, you will be taken to a phishing website.
Do not click the link in this email.
Remember:
- We will never ask you to login to Internet Banking via a link sent in an SMS or sent in an email;
- Never click on a link if you feel uncomfortable, or are not sure about an email.
If you have received a suspicious email you can forward it to phishing@bendigoadelaide.com.au for investigation.
Fake Bendigo email scam - “Payment approval needed”
Scammers are targeting Bendigo Bank customers via email. These emails include Bendigo Bank images and branding and are asking recipients about a recent payment. The email provides instructions to call a fake call centre if they did not make this payment.
Always remember:
- We will never ask you to move your funds to a ‘safe account’;
- Never provide your 6-digit Internet Banking security code to anyone - in person, over the phone or online even if they claim to work for your bank and have personal information about you'
- Never provide a caller with remote access to your computer;
- We will never ask you for your Internet Banking PIN, Internet Banking password or 6-digit Internet Banking security code;
- We will never ask you to login to Internet Banking via a link sent in an SMS or sent in an email;
- We may call from time to time and ask to verify your identity by asking for your verbal password. However, we will never ask you for any PIN, password or security code relating to your Internet Banking. If you feel uncomfortable, you can always verify our branch contact details on our website and call us back.
- If you ever feel uncomfortable, or not sure about a call, please hang up and call us on 1300 236 344.
If you have received a phishing email, report this to phishing@bendigoadelaide.com.au.
Bank impersonation scams
Scammers are using technology to trick their victims, by making the call appear to come from the Bank’s legitimate phone number of +613 5445 0666, or by sending a text that appears in the same conversation thread as genuine bank messages.
Communications often have a sense of urgency to them, such as fraudulent activity raising red flags, or a frozen account.
Remember:
- We will never ask you to move your funds to a ‘safe account’;
- Never provide your 6-digit Internet Banking security code to anyone - in person, over the phone or online even if they claim to work for your bank and have personal information about you'
- Never provide a caller with remote access to your computer;
- We will never ask you for your Internet Banking PIN, Internet Banking password or 6-digit Internet Banking security code;
- We will never ask you to login to Internet Banking via a link sent in an SMS or sent in an email;
- We may call from time to time and ask to verify your identity by asking for your verbal password. However, we will never ask you for any PIN, password or security code relating to your Internet Banking. If you feel uncomfortable, you can always verify our branch contact details on our website and call us back.
- If you ever feel uncomfortable, or not sure about a call, please hang up and call us on 1300 236 344.
Learn more about how to spot a scam.
Cold calling scams
Bendigo Bank business and personal customers are continuing to being targeted by scammers.
The scammers are posing as bank staff, including Bendigo Bank, and are convincing with information they have.
More recently they:
- Have British/UK accents;
Alert you to unauthorised transactions made from your accounts and banking products, which haven’t occurred; - Provide information that seems real to get you to provide your e-banking PIN, password or 6-digit security code;
- Are requesting remote access to your computer to 'fix' problems;
- Ask you to download programs to your computer;
- Request that you transfer money into another ‘safe’ account.
These are all signs the person is a scammer, and you should hang up and call us on 1300 236 344.
Remote Access Scam
We are aware of a remote access scam where scammers are contacting customers via phone, SMS or email and requesting them to download software either to their computer or mobile device.
The scammers may pose as the Bank or as many other businesses and often offer to assist with refunds or resolve technical issues. Legitimate businesses will never ask you to download any software such as TeamViewer, AnyDesk.
Always remember:
- Never provide a caller with remote access to your computer.
- Never provide your 6-digit e-banking security code to anyone - in person, over the phone or online even if they claim to work for the bank and have personal information about you.
- If you feel uncomfortable, you can always verify our contact details on our website and call us back.
Cold calling scams - call line identification overstamping
Scammers are calling customers and appearing to be calling from within Australia.
They use a system called ‘call line identification overstamping’ (CLI overstamping). This is what makes the call appear to be operating within Australia, but they are not.
They are convincing with apparent previous knowledge of the customer. This is falsified information and they generally engineer the call to appear to be from the Bank's fraud or cyber security team.
Sometimes an SMS alert is also sent prior to the call that seemingly look like they are from Bendigo Bank. This is achieved using another method known as ‘alpha tags’ to make messages appear in a thread of legitimate messages from us. Unfortunately, there is currently no feasible way to intervene or prevent this from occurring.
Please check our things to remember and cold calling scams to protect yourself whenever you receive a call from anyone saying they are from the Bank.
Latitude data breach
A recent cyber-attack on Latitude Financial has resulted in the theft of personal information of customers, past customers and applicants across Australia and New Zealand.
Visit ID Care for more information about the breach.
A reminder to Bendigo Bank customers
- Never provide your 6-digit e-banking security code to anyone - in person, over the phone or online even if they claim to work for your bank and have personal information about you.
- Never provide a caller with remote access to your computer.
- We will never ask you for your e-banking PIN, e-banking password or 6-digit e-banking security code.
- We will never ask you to login to e-banking via a link sent in an SMS or sent in an email.
- We may call from time to time and ask to verify your identity by asking for your verbal password. However, we will never ask you for any PIN, password or security code relating to your e-banking. If you feel uncomfortable, you can always verify our branch contact details on our website and call us back.
If you have any concerns or have been a victim of an ID fraud www.idcare.org/contact/get-help is a free service offering expert help and support.
Latest alert - February 2023
Please be aware that criminals are currently promoting malicious links through search engines such as Google and Bing etc.
These malicious links can appear at the top of internet search results as Ad links with links similar to the real Bendigo Bank website address.
Please ensure you double-check any links in search results before clicking on them.
Below are two examples of malicious search engine Ad links.
Alert - January 2023
Scammers continue to pose as members from our fraud team and may call or send a SMS indicating you have been exposed to fraud or that your internet banking has been compromised or hacked.
In reports, scammers are requesting personal information such as your 6-digit security code, PIN or password. If you are asked this is a scam and hang up immediately.
In some reports, scammers are asking you to transfer money into another bank account. This is to trick you into giving away your personal information or money.
This is a scam.
Remember to always be cautious when giving out personal information or sending money online and follow our guidance to protect yourself.
2022
Alert - December 2022
We have been made aware that scammers are posing as members from our Fraud Team. We have also had reports that scammers are posing as Bendigo Bank staff.
Scammers may call or send a SMS indicating you have been exposed to fraud or that your internet banking has been compromised or hacked.
They may also advise your funds have been placed "on hold".
In some instances we have received reports that scammers have even replicated our phone IVR options with one voice prompt linking to the "Fraud Department".
We have also received reports of customers receiving scam emails. The emails appear to come from Bendigo Bank asking customers to urgently call a phone number to address irregular activity against their bank account.
This is a scam.
Bendigo Bank will never request personal information such as your Pin/Password or ask you to login to online services from an email or SMS.
Before contacting Bendigo Bank please verify contact details against those published on our Contact us page.
Here are some other ways to protect yourself:
- Never provide your 6-digit e-banking security code to anyone - in person, over the phone or online even if they claim to work for your bank and have personal information about you.
- Never provide a caller with remote access to your computer.
- We will never ask you for your e-banking PIN, e-banking password or 6-digit e-banking security code.
- We will never ask you to login to e-banking via a link sent in an SMS or sent in an email.
- We may call from time to time and ask to verify your identity by asking for your verbal password. However, we will never ask you for any PIN, password or security code relating to your e-banking. If you feel uncomfortable, you can always verify our branch contact details on our website and call us back.
Latest alert - November 2022
Bendigo Bank has received reports of customers receiving scam emails. The emails appear to come from Bendigo Bank asking customers to urgently call a phone number due to irregular activity with their bank account.
This is a scam and the phone number is not a valid bank phone number.
Before contacting Bendigo Bank please verify contact details against those published on our Contact us page.
Here are some other ways to recognize a phishing email:
- Spelling and grammar – Look out for poor spelling and bad grammar within messages.
- Urgent call to action or threats - Be especially cautious if messages threaten you to take a suggested action.
- Mismatched email sender – Verify the sender is who you think it is by carefully checking the senders real email address.
Previous alert - September 2022
Bendigo Bank will never ask you to click on a link in an SMS text message to login to e-banking. Do not click on the link.
We are aware of a SMS phishing campaign targeting Bendigo Bank customers. The messages claim to be from Bendigo Bank and include a website link. The link leads to a fake Bendigo Bank website asking you to login to e-banking.
What to do if you have received this type of SMS text message
Please forward it to 0429 557 997 or take a screenshot and email it to phishing@bendigoadelaide.com.au and then delete the SMS text message. Please be aware you will not receive a personal response for any SMS text messages sent.
What to do if you clicked on the link and entered your details
If you have received this type of SMS text message and have clicked on the link and entered your e-banking details, please contact your local branch or call 1300 236 344 immediately.
Latest alert - July 2022
SMS phishing
We are aware of a current SMS phishing campaign targeting Bendigo Bank customers. The messages claim to be from Bendigo Bank stating that a payment has been attempted or your contact details have been updated in e-banking and to click on a link if this was not you. The link leads to a fake Bendigo Bank website asking you to login to e-banking.
Do not click on the link. Bendigo Bank will never ask you to confirm, update or disclose e-banking information via a link in an SMS text message.
What to do if you have received this type of SMS text message
Please forward it to 0429 557 997 or take a screenshot and email it to phishing@bendigoadelaide.com.au and then delete the SMS text message. Please be aware you will not receive a personal response for any SMS text messages sent.
What to do if you clicked on the link and entered your details
If you have received this type of SMS text message and have clicked on the link and entered your e-banking details, please contact your local branch or call 1300 236 344 immediately.
Example messages:
Previous alert - 14 January 2022
Phishing Scam Alert
Please be alert to any unsolicited SMS or Emails claiming to be from Bendigo Bank. Any SMS/Phishing Scam should be deleted immediately. If in doubt, attend your local branch or independently call 1300 236 344 to verify the legitimacy of the message received.
Any customer that has suffered a financial loss from cybercrime are encouraged to report at www.cyber.gov.au/report.