"Fraud Department" SCAM - LA

Last updated 11 April 2022

LA took a call from someone who she thought was her bank's fraud department one evening, alerting her to the likelihood of scammers (!) having access to her bank account and urgent action was required to protect her bank account. The scammer provided his name, a reference number for the incident and a phone number to call. The scammer then convinced her to install remote access software on her phone including AnyDesk, and then took control of her phone. SL was then encouraged to check her bank account so she logged in to her Bendigo Bank app while the scammer was remotely accessing her phone, and she was advised that her funds needed to be transferred to a "safe" bank account to prevent them being stolen by the "scammer". The scammer noted that LA had a $2000 limit on her internet banking and knew that LA would need to call er bank to get the limit increased so they advised her to tell the bank (a story) that the limit needed to be increased so that she could pay money to her son. Over the next two hours $30,000 was stolen from her bank account by the scammer. LA called her bank the following morning, ie within 24 hours, only to be advised that the stolen funds were "gone" and she was unlikely to get them back. Her local branch then advised her to call in to LCC to have the phone checked and remote access apps removed.

LA called in with her daughter-in law and we had a conversation about what had transpired. I rang her Bendigo branch manager who stated quite firmly that it was LA's fault because she gave up the SMS verification code to the scammer. LA never saw the verification code and did not here the SMS tone because the scammer had control of her phone and muted both. The manager refused to confirm how many payments to which bank(s) and stated that she had already spoken to LA's "power of attorney" (one or both of LA's daughters) but she did not know what type of Power of Attorney was in place and was not interested in my observation that the type of Power of Attorney in place was indeed an important element of this conversation.

Key Questions for Bendigo Bank

  • If there was a Power of Attorney in place, why was LA's internet banking not flagged as such? Did Bendigo Bank know there was a Power of Attorney in place? The branch manager spoke with one of the Powers of Attorney (AA?) so the question of who called who and why is relevant to this conversation

  • Why was it so easy for LA to increase her transaction limit from $2000 to $15000 with a simple phone call? The scammers know that all banks will accept pretty much any given reason that a customer gives them so why even bother to have the customer make the call? All banks are aware of the myriad of ways that scammers operate, how can it be that the Bendigo Bank Financial Crimes Department is not aware of how easy it is for a scammer to convince a vulnerable customer to tell them a (plausible) story as to why the increase is needed?

  • Why did Bendigo Bank allow $30,000 to be stolen over a two-hour period? LA informed me that she has never paid a sum greater than approx $300 from that bank account, ever, so why were there no red flags regarding the pattern of expenditure from that account. It is unclear the the moment as to the precise amounts stolen and transferred to which bank accounts, but no matter what, all of the payments went to other Australian Banks

  • Why doesn't Bendigo Bank have better protections for first payments to a new payee? By definition, any payments made to the scammer's bank account at the recipient bank are first payments to a new payee. Why does Bendigo Bank allow these payments to be made instantly using OSKO? Again, Bendigo Bank is well aware of all manner of scams used to steal their customers' funds and the one good thing they could do would be to slow down first payments to a new payee. Or at least warn their customers.

  • Why doesn't Bendigo Bank warn their customers when they logon to their internet banking? As you can see below, there is no warning whatsoever about scams at the login screen No warning about logging in to your bank at the request of someone else, no warning about first payments to a new payee, no warning about scam calles from your bank's "Fraud Department" nothing.

If you scroll down the page you will see a button marked Banking Securely which includes advice about a range of scam types including telephone hoaxes and scams but only in the context of "if something appears too good to be true, it almost certainly is" which is completely irrelevant when the call comes from the "Fraud Department" of your bank on the pretext of protecting your funds from being stolen. This advice is locked in the olde worlde scams relating to mail-order brides and overseas lottery wins and inheritances. Scammers have moved on and left all banks in their wake, at the expense of all bank customers who will be blamed because a) they gave up the SMS code and b) if only the customer had read all of the scam information on the bank's website plus all of the scam information on Scamwatch....

  • Why doesn't Bendigo Bank try harder to get the stolen funds back? Well for starters, it's your fault as their customer for giving up the SMS verification code. That's it, that's all they've got. It's your fault. They will ask the recipient bank politely if they can have the funds back but when the recipient banks "sorry, the funds are gone" your bank says "OK, thanks for that" and then tells you again that it's your fault. I kid you not. No bank has ever tried hard to find out , from the other bank, where the stolen money went. So they don't learn anyhting, let alone put better systems in place to protect first payments to a new payee, all they can say is, you guessed it, it's your fault.

  • Where did the $5000 come from which has been offered to LA as "recovered funds"? Especially given the first response from Bendigo bank was that none of the stolen funds can be recovered. In this case, there appears to have been no $5000 payment to the recipient bank, so this looks a lot like "oh well, it's better than nothing" to have $5000 returned. Did Bendigo Bank actually recover the $5000 or was this an attempt to "soften the blow" for LA?

On the bright side, LA's son, RA, has the same view that I have formed over more than 60 scam investigations by LCC, and this is only his first one! He is asking the same questions of Bendigo Bank that I have asked and getting pretty much the same result. When he called in to the Bendigo Bank branch to pick up a statement of his mother's bank account from which the money was stolen, the branch refused to give him the statement even though his mother LA was with him in the branch and they insisted on delivering the statement to her house later in the day. And this after the branch manager refused to tell me, while LA was with me on speakerphone in my office, what payments were made to which bank. It's like Bendigo Bank does not want anyone, including their customer, to know what really happened. We are about to find out....