Beware of suspicious telephone calls. We won't contact you by phone with the offer of a preapproved credit card. If you receive a phone call from someone offering you a preapproved credit card - on the basis you supply them with personal information such as drivers licence, address details, income details - report it to the police or contact us on 13 37 39.
Protect your identity by keeping your personal data in the right hands. For more information view the Australian Bankers Association fact sheet on protecting your identity.
Internet Banking Security Tips
It is important you disregard and report emails which:
Protect your personal computer
Protect your personal and account data
We are committed to providing a secure online transaction environment for our customers. We use the latest technology and systems to deliver a range of security initiatives as part of an ongoing program to enhance the security of our online website.
For more information the following websites are also available:
Email fraud - spoof (also known as phishing or hoax)
A spoof website is one that mimics a popular company's website to lure you into disclosing confidential information. To make spoof sites seem legitimate, thieves use the names, logos, graphics and even code of the real company's site.
Although they can be difficult to spot, these sites generally ask you to click a link to a spoof website and request you provide, update or confirm sensitive personal information. As bait, they may allude to an urgent or threatening condition concerning your account.
Signs of a spoof email
There may be a sense of urgency. Example: Your account will be closed or temporarily suspended or you will be charged a fee if you do not respond
Advise customers to contact a phone number to verify your card or account details
There are embedded links that look legitimate because they contain all or part of a genuine company's name. These links may take you to spoof sites that ask you to enter, confirm or update sensitive personal information
There may be obvious spelling errors. These errors enable spoof emails to avoid the spam filters that internet service providers use.
If you've received one of these emails, please call us on 13 37 39 and forward it to email@example.com. As email spoofs continuously evolve, providing us with examples will help our ongoing investigations. Email spoofs can continually evolve, and even slight variations, like differences in the embedded links, will aide our investigations.
We will never send emails to you to verify confidential, personal or account information.
For more information the following websites are also available:
What should I do if I suspect that I've received a phishing email?
How can I ensure that I'm communicating with a financial institution during secure session?
You can verify that you are communicating with a genuine financial institution by examining the website certificate during a secure session. This will verify the identity of the specific website you are accessing as well as validate that the site is secure and genuine. It also ensures that no other website can assume the identity of the original secure site. Please refer to your internet browser's documentation for instructions on how to view a certificate. Always ensure that you are using a secure website when submitting credit card or other sensitive information. To make sure you are on a secure web server, check the beginning of the website address in your browser's address bar - it should read https://, rather than just http://.
What should I do if I've already provided my credit or debit card information to a possible phishing email?
How is my information transmitted safely over the Internet?
Web browsers use standard security protocols like Secure Socket Layer (SSL), and Secure Hyper Text Transfer Protocol (S-HTTP) to enable private information to be transmitted safely over the Internet. When you visit a website with the SSL protocol, a secure connection is created between your computer and the website server you are visiting. Once this connection is established, you can transmit any amount of information to the web server safely. In contrast, the S-HTTP is designed to transmit individual messages securely.
How can I tell if my browser session is secure?
For most web browsers such as Microsoft Internet Explorer and Netscape Navigator, a secure, encrypted session will be indicated by a closed padlock or an unbroken key icon that appears in the lower left or right hand corner of the browser window. You should also check the address bar of your browser. If the website address starts with "https://" rather than the standard "http://" then the session is secure.
What do I do if I've downloaded a virus or Trojan program?
Some phishing attacks use viruses and/or Trojans to install programs called "key loggers" onto your computer. These programs capture and send out any information that you type to the phisher, including account numbers, usernames and passwords. In this case, you should:
What is a Digital Certificate and how does it help to ensure security?
Digital certificates are issued by extensively audited and controlled certification authorities to authenticate a website or elements of websites. The certificate identifies the originator of the site and verifies that it has not been tampered with. When your web browser is presented with a certificate, it will check to see if a legitimate certification authority issued the certificate. If there is a match, your session will continue. Otherwise, your browser will issue a warning, and your safest action is to cancel your activity.
Can other people view my personal information when I am using the Internet?
If a secure session is established and the information is encrypted during transmission, then others will not be able to view your information. However, you should be aware that some web browsers will store information on your computer even after you are finished conducting your online activities; this is called caching. Therefore, you should close your browser once you are finished using the Internet, particularly if you visit secure sites to conduct financial transactions, check account balances or view any other information that you regard as private and confidential.
Are email transmissions secure?
Email sent over the Internet is generally not secure unless it is encrypted. In reality, most email programs currently do not have this capability. As most email transmissions are not secure, you should never send any personal or financial information, such as your credit card number, over email.