Security alerts - hoax emails

5 November 2018

Sometimes it is necessary for us to contact our members to provide important product information and updates but we will never send a message asking you to confirm, update or disclose your personal or banking information, and most legitimate businesses and financial institutions follow the same practice.

This is important to keep in mind, as scammers often try to impersonate legitimate businesses in an attempt to trick you into revealing sensitive information.

Here are some examples of hoax messages to be aware of:

hoax email  hoax website

We continue to monitor the presence of these types of imitation messages and it is important to note that they are not a sign that G&C Mutual Bank systems have been breached in any way– rather that a criminal is attempting to impersonate our brand. 

What is a phishing scam?  

A scammer contacts you pretending to be from a legitimate business such a bank, telephone or energy service provider. You may be contacted by email, social media, phone call, or text message and asked to provide or confirm your personal details via a website controlled or monitored by the attacker.

They will often create a fake scenario to implore you to act and create a sense of urgency. For example, claiming that your account has been suspended and you need to unlock it, or as part of an inheritance scam where you need to provide personal information and transfer money in order to receive an inheritence or donation.   

Once they obtain your personal information, they can then use it for illegal purposes, such as transferring funds, purchasing goods or threatening you to keep transferring money. Phishing emails are often designed to look genuine and imitate your most trusted service providers, and may include links to a convincing replica home page with a similar website address (URL). 

Tips to protect yourself: 

  • Trust your instincts: If something seems too good to be true, then it most likely is. Always be suspicious of correspondence received from overseas advising you to forward sums of money, or claiming that you have won a prize or will receive an inheritance from an unknown person.  
  • Close enough, isn’t good enough: Hoax emails often don’t get the branding and design of the legitimate business they are imitating quite right. If you’re concerned about a message claiming to be from an organisation you regularly transact with, compare it to previous correspondence from the same organisation. Other indicators of hoax emails may include spelling mistakes, inaccurate company information and a lack of personalisation with customer information.  
  • Better safe than sorry: If you’re still unsure, before replying or providing any personal information, you should contact the organisation directly using a phone number from their official website and not via the contact email, phone or website details provided in the suspect email.  
  • Don’t open up: Never open an attachment that you’re unsure about. It may contain malicious software designed to infect your computer.  
  • Think before you click: You can typically check that links in emails are legitimate by ‘hovering’ your mouse over the link to view the destination URL, without the risk of clicking on it. To do this on a smartphone, you need to tap and hold on the link and wait for the URL to appear.  

If something doesn’t feel right, stop and think before you act.

What to do if you receive a hoax email or SMS?

  • Never click on a suspicious link or provide any information requested by a phishing email or SMS. 
  • If you are a G&C Mutual Bank member and have provided your confidential information after receiving a suspicious email or SMS, please call us on 1300 364 400.  
  • If you have clicked on a suspect link or opened an attachment, run a security scan of your computer to check that your computer hasn’t been infected with malicious software.  

Further information on current scams and how to protect yourself can be found at StaySmartOnline and ScamWatch