Major bank-ING customers locked out of accounts for ignoring phishing-like emails
Customers of a major bank have blown up after they were locked out of their accounts because they ignored a phishing-like email that asked for their personal details to be updated.
QLD News
Don't miss out on the headlines from QLD News. Followed categories will be added to My News.
Customers of a major bank have blown up after they were locked out of their accounts because they did not reply to an email they thought looked like a phishing scam.
An Australian Securities and Investment spokeswoman said financial institutions should not encourage customers to participate in risky behaviour that could make them vulnerable in the future.
ING bank customer Catherine, who asked for her surname to not be used, said she recently received two emails claiming to be from ING – but sent from an unfamiliar email address – that asked her to verify her personal details using a PDF document.
Catherine said the instructions asked her to then sign the completed document and return it via email or post.
After ignoring both of the emails, which were received in weeks apart, Catherine’s account was locked earlier this week and told it would take nine days to reopen.
“Yesterday I went to purchase something and our accounts were locked and I logged in to ING and the balance is there, but available balance across all our accounts is zero,” she said.
“I couldn’t transfer money out. I can’t receive money in. Any direct debits we have coming out or mortgage, insurance, car payments are all frozen.
“I was told then that after I’d given that information the process to unlock my account would take nine days. I tried to escalate that to explain nine days is impossible.
“How is anyone supposed to live without their bank account for nine days?”
Catherine said the correspondence was sent from a different email address to the one regularly used by ING.
“The email I received was from this random email address and it was asking to verify all my personal information in a pdf that needed me to sign it and post it back,” she said.
“In this day and age it’s a very outdated way of doing things, it just screams scams. So I ignored it.
“I phoned ING and highlighted how ridiculous it was, they said I failed the process of responding to that email.
“To be clear responding to that email meant printing something with all my personal details that someone would use and emailing it back.”
Catherine said there were a million of better ways to do it.
“Aside from that, even if it was a legitimate email from the bank which it turned out to be, I am not comfortable emailing all that information just to a random email address,” she said.
“There’s got to be a much more secure way of doing that, every other bank has one.”
An ING spokeswoman said that under regulatory obligations the bank was required to contact customers sometimes to ensure they had up-to-date information.
“In this situation, we contact customers multiple times to give them notice to provide their updated information,” she said.
“As a digital bank, most interactions are via our app, however some responses are only able to be provided via email or over the phone.
“If the customer does not provide the requested information after multiple requests, we may apply account restrictions in line with our terms and conditions.
“When this occurs, we aim to resolve any concerns as quickly as possible where we can, to ensure there is minimal impact to our customers.”
In a written statement, the ASIC spokeswoman said it was important for institutions to not encourage risky behaviour.
“We think it’s important for institutions, when they are engaging with customers for legitimate purposes, to engage in a way that does not encourage future risky behaviours by customers (e.g. generating expectations by customers that they should feel okay about responding to these things via non-secure email channel and getting into the habit of responding to email communications for sensitive personal information) that could lead customers to being vulnerable in the future to falling for scam attempts,” she said.
Other ING bank customers have also taken to social media to describe their disappointment.
“I received an extremely sketchy looking email from a generic address that didn’t look legit – and the email itself looked like it was made in Microsoft Paint – suddenly demanding personal information that you already had,” one man said.
“Naturally, I ignored this email being 100 per cent sure it was a scam, stupidly thinking that if it was really important ING might send a text as well.
“Then I receive another shonky looking email threatening to close my account if I don’t send the information, which I also ignored.
“Aaaaand then my accounts got closed.”
Want to behave like an animal? Keep it at home, not in our schools
I’m all for self-expression, but if you’re teaching in a classroom full of children, is it too much to ask that you behave like a respectable adult and not the family pet, asks Kylie Lang.
Sports body set to break away as ‘gold medal maker’ eyed for return
Laws to make the Queensland Academy of Sport an independent body are set to be introduced into State Parliament.