National Australia Bank has issued an alert to customers to look out for suspicious text messages and phone calls, after customers were targeted over the weekend with the phony messages.

The nation’s competition watchdog’s Scamwatch agency has warned that “just because a message shows in the same SMS thread as other legitimate messages it does not mean the new message is real”.

Cyber experts are now saying customers need to “religiously” check their bank or financial statements as scammers ramp up their phishing attacks.

Under traditional “spoofing” scams, conmen are able to “overstamp” or “spoof” their text messages to appear as though they are coming from a real bank, prompting people to call and reveal personal details.

But in the latest version of the scam, criminals have been able to insert their messages into pre-existing official text message communications with banks, making the requests appear totally authentic.

NAB investigations and fraud executive Chris Sheehan said NAB’s systems “had not been breached in any way”.

“Criminals can send messages with the sender’s name set to ‘NAB’ or other organisations which means their messages can appear in the same thread as other official texts sent from NAB,” he said.

““When a customer receives a text message or call impersonating NAB, it means a criminal has ‘spoofed’ our number and is impersonating us.”

One customer who contacted The Daily Telegraph said he’d received a text purportedly from NAB advising “that a suspect transaction I had made was on hold subject to checks”.

The text asked him to call a number and quoted a reference number.

“The text appeared genuine as a NAB text because it was part of an earlier legitimate exchange of texts from the NAB, the same text thread, wherein they advised me about a cancelled card and delivery of a new card,” he said.

When he rang the number, he thought it odd it was answered quickly by someone simply saying “hello”. The scammer asked for the reference number and when challenged to prove he was from NAB, the scammer hung up. The customer rang the bank’s fraud hotline.

“They said the security team had been smashed over the weekend by a high volume of real customers calling to report attempted fraud,” he said.

The Australian Competition and Consumer Commission’s Scamwatch agency said they were aware of scammers impersonating banks using spoofed phone numbers, as well as sender IDs.

“As the sender ID is spoofed the communication looks legitimate and people think they are dealing with their bank and will call the telephone contained in the SMS,” an ACCC spokeswoman said.

“Remember, just because a message shows in the same thread as other legitimate messages it does not mean the new message is real.”

Cyber safety cop Susan McLean said spoofing had been around a while, but “we’re certainly getting more of them and they are becoming more sophisticated”.

“The criminals, the hackers are out there are on the front foot, they are ahead of everyone else,” she said.

“If someone from an organisation cold calls you, take a note of where they are from, hang up, find the phone number yourself and ring back.

“Disconnect the call and walk away if you become concerned at any point in the conversation.

“Never give out banking details, passwords to anyone online purporting to be moving your money from one account to another.”

More Coverage

Scammed: $41 million a month down Aussie toilets

Catherine Piltz

Crypto scams fleece Aussies of $321m this year

John Rolfe

Originally published as NAB bank scam ‘spoof’ on mobile phone text messages fooling customers