The hopelessly late Westpac bank

Posted By on December 19, 2017

Back in 2012, I informed Westpac that I had received a phone call from a male with an Indian accent, saying I had been overcharged bank fees for my Westpac account and would receive over $400.00 if I could confirm my Westpac account I.D. I had some friends who also banked with Westpac and they reported the same thing. However other friends with accounts in different banks had not received any such phone calls. The caller knew my name, bank accousst numbers, phone number and address, along with the fact I banked with the local branch of the Westpac Bank. The fact that only Westpac customers had been phoned, not customers with other banks, indicated some form of security breach at Westpac. I met with Sanjay, the Manager of the Melton Branch of the Westpac Bank, who denied there was any breach in their security but could not explain why only Westpac, no other banks customers were being called.

Having worked in bank security for another bank over 5 years ago, I played the caller at their own game and asked which branch and account was he referring to. I was fishing to see how much information he had and where it might have come from. The caller knew the bank, the branch and my account numbers – including ones that don’t appear on any ATM screen, so he wasn’t spying on ATMs. He didn’t know I had been a Westpac customer over 7 years previously, at another branch, leaving for an opposition bank, so the information had to come from Westpac and not some place like the tax office or a credit reporting company. Because he knew other account numbers, the information could not have come from a phone account (or any other type of account) application.

To be honest, he almost convinced me, he had so much information but I had only opened the accounts he was referring to, a couple of months ago and there was no way I had been charged enough bank fees to be overcharged anywhere near the $400.00 amount he promised.

I contacted Westpac’s head office and followed up with emails, outlining how these scammers were operating. Westpac responded with platitudes and denials. Today they are still refusing to admit there was a leak.

You have to wonder, if there was no security breach:

  1. How did that caller get my name, phone number and and address?
  2. Of all the banks in Australia, how did they even know I was a Westpac customer?
  3. If the information didn’t come from an ATM and acoording to Westpac, there was no security breach, where did the caller get my Westpac bank details?
  4. How did the caller know so much information about me and what other information did he have, that I didn’t know about?
  5. What other institution would have that particular collection of only my personal banking Westpac details, when I also banked with another non Westpac bank as well ?
  6. I use Linux, not Windows, so a key logger or spyware was not likely (remember we are back in 2012). I never let anyone use my card, PIN or bank on my behalf. The leak must have been at the bank, I am sure that the leak did not come from me.

It’s now the 19th of December 2017 and I just received this email from the Westpac Bank, one of Australia’s big 4 banks :

Dear (Name suppressed),

At Westpac, helping our customers avoid falling victim to scams is our top priority. We’d like to make you aware of a current phone scam targeting Australians.

The scam involves a caller posing as an employee of a large telco, utility provider or computer company. The caller will usually advise they are calling you because your PC has malicious software, help is needed to catch a criminal, or to recover an outstanding debt owed to a government body. Callers may become quite aggressive, or threaten you with prosecution, if you do not comply with their request.

(Name suppressed), we strongly recommend you simply hang up if you receive this type of call. If you believe the call was legitimate, we recommend you return the call to the company on a trusted number found in the yellow pages or on the company’s website.

I have heard, the wheels of bureaucracy grind slowly and according to Westpac’s reassurances back in 2012, that they take security very seriously but 5 years later to hear they still deny any leak for the same old scam, is a bit long, you’d think?

Today, in 2017, there is the technology to trace these calls. If the banks really take fraud seriously you have to ask, are the banks really doing enough to prevent this type of scam?

About The Author is the online voice of a collection of consumer advocates working independently to represent people who would otherwise be unheard. We speak for those who are bullied by corporations and don’t realise they can have a say.


Comments are closed.