Scam archive

Bendigo Bank branded SMS claims VIP access token has been registered to a new device

SMSes are being sent claiming to be from Bendigo Bank. They advise your VIP access token has been registered to a new device.

It asks you to simply reply "No".

Do not reply to the SMS. This may result in follow up communications from the scammers via phone calls and messages.

Always remember:

• If you ever feel uncomfortable about a phone call please hang up and call us on 1300 236 344.
• If you have received a suspicious SMS or email you can report this to phishing@bendigoadelaide.com.au for investigation.

Fake Bendigo email “Important information regarding your account!”

The Bank is currently aware of scammers targeting Bendigo Bank customers via email. This email includes Bendigo Bank images and branding and is asking recipients to access an important message via a secure message centre. If you click on the link, you will be taken to a phishing website.

Do not click the link in this email.

Remember:

• We will never ask you to login to Internet Banking via a link sent in an SMS or sent in an email;
• Never click on a link if you feel uncomfortable, or are not sure about an email.

If you have received a suspicious email you can forward it to phishing@bendigoadelaide.com.au for investigation.

Fake Bendigo email scam - “Payment approval needed”

Scammers are targeting Bendigo Bank customers via email.  These emails include Bendigo Bank images and branding and are asking recipients about a recent payment. The email provides instructions to call a fake call centre if they did not make this payment. 

Always remember:

• We will never ask you to move your funds to a ‘safe account’;
• Never provide your 6-digit Internet Banking security code to anyone - in person, over the phone or online even if they claim to work for your bank and have personal information about you'
• Never provide a caller with remote access to your computer;
• We will never ask you for your Internet Banking PIN, Internet Banking password or 6-digit Internet Banking security code;
• We will never ask you to login to Internet Banking via a link sent in an SMS or sent in an email;
• We may call from time to time and ask to verify your identity by asking for your verbal password. However, we will never ask you for any PIN, password or security code relating to your Internet Banking. If you feel uncomfortable, you can always verify our branch contact details on our website and call us back.
• If you ever feel uncomfortable, or not sure about a call, please hang up and call us on 1300 236 344.

If you have received a phishing email, report this to phishing@bendigoadelaide.com.au.  

Bank impersonation scams

Scammers are using technology to trick their victims, by making the call appear to come from the Bank’s legitimate phone number of +613 5445 0666, or by sending a text that appears in the same conversation thread as genuine bank messages.

Communications often have a sense of urgency to them, such as fraudulent activity raising red flags, or a frozen account.

Remember:

• We will never ask you to move your funds to a ‘safe account’;
• Never provide your 6-digit Internet Banking security code to anyone - in person, over the phone or online even if they claim to work for your bank and have personal information about you'
• Never provide a caller with remote access to your computer;
• We will never ask you for your Internet Banking PIN, Internet Banking password or 6-digit Internet Banking security code;
• We will never ask you to login to Internet Banking via a link sent in an SMS or sent in an email;
• We may call from time to time and ask to verify your identity by asking for your verbal password. However, we will never ask you for any PIN, password or security code relating to your Internet Banking. If you feel uncomfortable, you can always verify our branch contact details on our website and call us back.
• If you ever feel uncomfortable, or not sure about a call, please hang up and call us on 1300 236 344.

Learn more about how to spot a scam.

Cold calling scams

Bendigo Bank business and personal customers are continuing to being targeted by scammers.

The scammers are posing as bank staff, including Bendigo Bank, and are convincing with information they have.

More recently they:

• Have British/UK accents;
  Alert you to unauthorised transactions made from your accounts and banking products, which haven’t occurred;
• Provide information that seems real to get you to provide your e-banking PIN, password or 6-digit security code;
• Are requesting remote access to your computer to 'fix' problems;
• Ask you to download programs to your computer;
• Request that you transfer money into another ‘safe’ account.

These are all signs the person is a scammer, and you should hang up and call us on 1300 236 344.

Remote Access Scam

We are aware of a remote access scam where scammers are contacting customers via phone, SMS or email and requesting them to download software either to their computer or mobile device. 

The scammers may pose as the Bank or as many other businesses and often offer to assist with refunds or resolve technical issues.  Legitimate businesses will never ask you to download any software such as TeamViewer, AnyDesk.

Always remember:

• Never provide a caller with remote access to your computer.
• Never provide your 6-digit e-banking security code to anyone - in person, over the phone or online even if they claim to work for the bank and have personal information about you.
• If you feel uncomfortable, you can always verify our contact details on our website and call us back.

Cold calling scams - call line identification overstamping

Scammers are calling customers and appearing to be calling from within Australia.

They use a system called ‘call line identification overstamping’ (CLI overstamping). This is what makes the call appear to be operating within Australia, but they are not.

They are convincing with apparent previous knowledge of the customer. This is falsified information and they generally engineer the call to appear to be from the Bank's fraud or cyber security team.

Sometimes an SMS alert is also sent prior to the call that seemingly look like they are from Bendigo Bank. This is achieved using another method known as ‘alpha tags’ to make messages appear in a thread of legitimate messages from us. Unfortunately, there is currently no feasible way to intervene or prevent this from occurring.

Please check our things to remember and cold calling scams to protect yourself whenever you receive a call from anyone saying they are from the Bank.

Latitude data breach

A recent cyber-attack on Latitude Financial has resulted in the theft of personal information of customers, past customers and applicants across Australia and New Zealand.

Visit ID Care for more information about the breach.

A reminder to Bendigo Bank customers

• Never provide your 6-digit e-banking security code to anyone - in person, over the phone or online even if they claim to work for your bank and have personal information about you.
• Never provide a caller with remote access to your computer.
• We will never ask you for your e-banking PIN, e-banking password or 6-digit e-banking security code.
• We will never ask you to login to e-banking via a link sent in an SMS or sent in an email.
• We may call from time to time and ask to verify your identity by asking for your verbal password. However, we will never ask you for any PIN, password or security code relating to your e-banking. If you feel uncomfortable, you can always verify our branch contact details on our website and call us back.

If you have any concerns or have been a victim of an ID fraud www.idcare.org/contact/get-help is a free service offering expert help and support.

Latest alert - February 2023

Please be aware that criminals are currently promoting malicious links through search engines such as Google and Bing etc.

These malicious links can appear at the top of internet search results as Ad links with links similar to the real Bendigo Bank website address.

Please ensure you double-check any links in search results before clicking on them.

Below are two examples of malicious search engine Ad links.

Alert - January 2023

Scammers continue to pose as members from our fraud team and may call or send a SMS indicating you have been exposed to fraud or that your internet banking has been compromised or hacked.

In reports, scammers are requesting personal information such as your 6-digit security code, PIN or password. If you are asked this is a scam and hang up immediately.

In some reports, scammers are asking you to transfer money into another bank account. This is to trick you into giving away your personal information or money.

This is a scam.

Remember to always be cautious when giving out personal information or sending money online and follow our guidance to protect yourself.