The New Payments Platform or NPP allows users to make and receive payments with banks and financial institutions in near real-time. As with all new technologies, the new functionality brings with it new ways in which cyberattacks can occur. While all banks have security teams which constantly monitor bank accounts to keep them secure, you can help to further minimise the risk of cyberattacks by being aware of the usual techniques used by online fraudsters.
Aside from the convenience that near-real-time payments provide, another convenience is the use of PayIDs. A PayID can be a phone number, an email address or an ABN that is connected to an account so that money can be transferred or received without using a BSB and account number.
If a cyberattack occurs and one or any of these details (phone number, an email address or an ABN) is obtained, there is a heightened risk of ‘social engineering’ as the criminals may try to use the information they have to access accounts using tactics such as SMS, email or phone call phishing. Phishing is where fraudsters send personalised messages which looks like a legitimate message from a bank or another institution in an attempt to acquire details and passwords.
As many people may also have their mobile phone numbers attached to their social media accounts, hackers may be able to gain more personal information (eg birth date, dependants and workplaces), try to contact them through social media, or even port their phone number.
If you receive suspicious calls, SMS or social media messages, please be cautious, never click on a link in a random message and never give your details out over the phone.
- Consider the source. How does your bank or financial institution usually communicate with you?
- If you receive a message from a bank or financial institution, contact them on the regular Customer Service number to find out if it is genuine or not.
- If the call/text/ message was not genuine, block them.
- If there were any links in the SMS or messages, do not click on the link.
- Do not pass on any details such as your credentials or passwords over-the-phone
- Report it to Scamwatch which is part of the Australian Consumer and Competition Commission (ACCC).