A seemingly innocent message allegedly from “Microsoft” telling NAB customer Philip Waller his computer had been hacked was the start of a sophisticated remote access scam.
While NAB was able to recover retiree Philip’s funds – approximately $10,000 – the 68-year-old is sharing his story during Scams Awareness Week to help educate others so they can protect themselves.
Philip knew about remote access technology through his career in business, human resources and teaching, and from when he’d had a local computer expert help with IT issues.
The message appearing to come from “Microsoft” said they needed to do work on Philip’s computer system, and they’d send him log in details so he could access the device.
Philip put the details in, which allowed criminals access to his computer, and the conversation moved from a message on Philip’s computer screen to a phone call.
“They said, ‘OK we’ve got to take you from Microsoft to your bank because that’s where we’ve been having a lot of problems with scams and we want you to help us catch someone at NAB who is conducting these scams’,” Philip recalled.
“They were incredibly convincing and sounded so professional. They asked me about my transaction limit, which was $10,000, and made a payment for that amount because they had access to my computer.”
The criminals had an answer for everything, including telling Philip that NAB would likely contact him and that he should be definite and firm that the purpose of the transaction was to help his son buy a car.
NAB’s systems triggered an alert because the payment had the red flags of a scam. NAB’s Fraud Operations team contacted Philip, while trying to hold the payment and contacting the other bank to get the recipient account blocked to prevent loss.
“When I spoke to Philip, I could hear him talking to someone with a muffled voice in background and they were telling him ‘I think she is going to unblock the account’,” NAB Fraud Analyst Shivani Shukla said.
“I asked him to disconnect straight away.”
Shivani’s colleague, Fraud Analyst Dane Clifford-Wolfe also contacted Philip’s wife Janne – the joint account holder – who wasn’t convinced the payment was genuine.
“After a quick chat with Philip’s wife, who didn’t recognise the recipient’s name, it was apparent something was wrong,” Dane said.
Through talking to Shivani, Philip quickly realised he was tangled up in a scam.
“I realised, ‘Oh no. There’s something wrong here’. I thought, `You were just so stupid. You should be smarter than that, but you weren’t,” Philip recollected.
NAB reported the scam transaction to the recipient bank and blocked Philip’s account, while his computer was cleaned up.
“I’m so glad we were able to help Philip. I explained to him that NAB would never ask you to transfer all your money to a different bank or give remote access to your devices,” Shivani added.
Philip acknowledged he is one of the lucky ones and said the experience made him more vigilant about unsolicited approaches via phone, email or computer.
“They tried to get me a second time with another pop-up message and I knew it was a scam,” he said.
“I am grateful NAB was able to recover the money. I would have felt a debt to my family if it was gone.”
Philip has a simple message for others who get unexpected computer messages: “Switch the computer straight off.”
“Restart the computer and contact the organisation directly on details you’ve found yourself,” he said.
NAB Economics insights released today reveal 66% of Australians don’t feel like an expert when talking about scams, clearing showing a need for further action and education.
NAB Executive, Group Investigations Chris Sheehan said the bank was investing in people and technology and continued education to reduce the impact of scams and stop the crime.
“We’re starting to see some positive signs from this work with customer losses down 17% between October 2023 and March 2024, compared to the previous six months. That’s despite customer reports increasing by about 10% in the same period,” Mr Sheehan, a former Australian Federal Police executive, said.
“While it’s clear more action is necessary, it’s pleasing to see the report indicates that Australians can see banks are taking action.”
Initiatives to detect scams include biometric technology connected to NAB’s fraud engine to help see and hold payments in real time, while more than 500 experts work across NAB’s fraud, scams and investigations areas.
Mr Sheehan said common red flags of remote access scams included unexpected contact, like in Philip’s case, and an urgency to perform tasks.
“Multi-Factor Authentication (MFA) on banking, email and online accounts is a quick and easy way to protect yourself. It adds extra steps like your password plus a one-time code to confirm your identity when you log in,” he said.
“Our experts will be talking about common scams, including remote access scams, red flags and how you can protect yourself as part of NAB’s Big Scam Education Conversation.
“Anyone can attend the free, online event on Thursday 29 August.”
Register for The Big Scam Education Conversation Scams Awareness Week
Learn more about remote access scams at Remote access scams | scam awareness – NAB
NAB has a bank-wide strategy to reduce the impact of scams and fraud. Recent actions include:
- Stopping the use of links in unexpected text messages to customers
- Introducing payments prompts to digital banking to encourage customers to pause before they pay
- Collaborating with telecommunications providers to prevent spoofing scams.
- Using BioCatch technology in digital channels to help identify fraudulent activity.
- Placing blocks on some high-risk crypto currency platforms.
- Free monthly webinars that all Australians can attend.
- Free and discounted anti-virus software offers for customers.