Last year, Jacob Weitering was caught in an impersonation phishing scam. It cost him much of his life savings, which has caused an inordinate amount of stress and concern.

Jacob and I sat down with Ross McEwan, the CEO of the NAB, to talk through what happened, how, the size of the problem, and how to avoid being in Jacob’s position.

HM: Jacob, last year, you were the subject of an Impersonation Scam. How financially and technologically savvy would you say were out of 10 at the time?

JW: Pre being scammed, I’d probably think I was a seven or an eight. Laptops, phones, apps, banking, buying – anything of that ilk – pretty savvy. Post scam, probably down to a two or a three.

HM: Were you surprised you were scammed?

JW: Yeah, I was. I think I had a preconceived idea that something like this wouldn’t happen to me. You hear about text messages, you hear about emails, you hear about links that you’re not meant to click on. You can usually see if they’re not quite right. Or you can feel it. But the sophistication now – wow – in my eyes, it can happen to anyone.

HM: Beyond anything you had seen or heard about?

JW: It’s hard to imagine how sophisticated they are, at every step of the process. They are very clever, patient and methodical.

‘We cleared all the accounts until they were empty’

HM: Take us back to September last year. What was your first point of contact with – how do you refer to these people – scam artists, impersonators?

JW: Both – just nasty people. My first contact was actually through a text message that was on a NAB message thread ….

HM: … so it was a text message, on an existing NAB thread, that was legitimate and you knew to be right?

JW: Yes. I had a text message thread that had been created as a result of transactions or suspicious transactions in the past, so it existed and it was legitimate.

HM: What did the message say on the thread?

JW: I received a text message that said, “A suspicious transaction has been made using your accounts, please give us a call if this is not you.” It was a sum of $33 that was made. Initially there’s suspicion that sets in and you go, “What’s going on here?” Then I started receiving some phone calls and missed a couple.

HM: You didn’t respond to the text?

JW: No, I didn’t respond to the text. There is no two-way communication when it comes to those text messages. Usually you’d get on the phone or go down to your local branch, and sort it out. I remember it being a Friday. Then I received a couple of calls from a number that read NAB underneath, the 85 number that is the fraud line for NAB.

HM: So they had that number coming up on your phone, even though it wasn’t?

JW: Yes – they are sophisticated and calculating. So I thought the NAB fraud team was calling me to initiate a conversation.

HM: What did they say?

JW: I received a phone call and picked up the phone. “Am I speaking to Mr Weitering?” “Yes”. “Can I confirm your date of birth?” “23rd of the 11th”. And then it was away. They spoke perfect English, the guy almost sounded as if he were an Englishman. Apparently, they can use voice decoders. They went through the suspicious transaction, and played on my emotions a little bit.

HM: In what way?

JW: They said a suspicious transaction had been made, but they’d blocked it at their end. Remember I’m thinking that I’m speaking with NAB here.

HM: I’ve had this exact conversation that you’ve had, but it was legitimate.

JW: It was perfect. The text, the caller ID, the blocking of the suspicious transaction. What I forgot to say with that text message thread, just to make it even more believable, was that there was a verification code that was sent to me in order to verify who I was speaking to. So that verification code was sent through the NAB text message thread. I then relayed that to the person I was talking to before they would proceed!

HM: Cunning!

JW: Cunning. And away the conversation went. But from there, we talked about the suspicious transaction, passwords, account, and they said my data was somewhat at threat. Then I just went into lockdown mode.

HM: Thinking you’re getting sensational assistance from your trusted bank?

JW: Correct. I guess I’d been through it a couple times before. I’d lost my card and the same sort of conversations occurred. A few transactions have been made and they lock it down very quickly. So that was sort of the process, and I thought I was going through it again.

HM: What did they say to do?

JW: They said that my accounts had been frozen and no one could access them but the money needed to be transferred into new, safe, protected accounts. No money had been lost, but they said: “We’ve got to reposition your funds into a safeguarding account.” That was the terminology they used. From there, it was a five to seven day process of getting my money safe.

HM: So did you notice the money moving from your accounts to a safe place, or, suddenly, was it all just gone?

JW: So this is where an understanding of how these guys operate, and how the banks operate is pretty critical to everyone. Whether you’re 18 and you’ve just opened a bank account or a 65-year-old with their life savings in there. They didn’t – and don’t – have access to my accounts. I had to transfer the money into those “safeguarding accounts” myself.

HM: And you did.

JW: Correct. I sent them the money directly. That was the biggest mistake that I made, and that was built off the back of the trust built over the phone, the perfect role playing at their end and then them playing on my emotions as I spoke about before.

HM: Did you send it all at once?

JW: No – over the course of about seven days, a very large sum of money was transferred to those safeguarding accounts. As I said, I believed that my accounts were completely frozen, so I didn’t even bother trying to log into my account. I was using cash for that week. But now knowing the situation and speaking to some specialists, I could have easily just gone into my accounts and moved funds around myself in my own accounts, so that they didn’t have access at all to my accounts. It was all me making those transactions based on the information that they’d given me and didn’t second guess them as it was all so seamless at their end, and I guess, I am a trusting guy.

HM: How many conversations did you have with the impersonator to get to a point where you were comfortable to transfer funds to the safe accounts?

JW: There was a phone call on the Thursday night after the text message was received. That was more to alarm me of what was going on. Then on Friday. And then it was basically one phone call a day from me. I think most people would know that there is a daily transaction limit. That’s what we were basically transferring, depending on the transfer limit of my specific account. We cleared all the accounts until they were empty, into what I thought was a safe account.

HM: So it was a methodical, seamless series of conversations and transactions that unless you are highly suspicious, you would think was all in your favour.

JW: Yes. I’d spoken with my partner, mentioned it to my parents and grandparents, and I reassured them that there were no issues with it and we were lucky we caught it. There were no red flags from them, which basically just reinforced the issue that we all have.

‘The money that I’d worked hard for, and saved, was all taken away’

HM: It sounds like the quantum of money was large. Was it a life changing number?

JW: It was significant, yeah. It was a very significant amount of money that I’ve struggled to deal with over the last six months.

HM: How has it taken its toll emotionally?

JW: I’m in a very fortunate position to play the game that I play, and get paid the money that we get paid. But I think for anyone to lose a significant amount of money, it is hard to deal with. I was able to process it quicker than family members and my partner, but it hasn’t been an easy process.

HM: What irked you the most?

JW: It was that the money that I’d worked hard for, and saved, was all taken away. All gone. It just built up a great deal of frustration, and anger, probably towards the wrong people initially as well. Everyone’s got to pay their bills – I’ve got a mortgage and would also like to start a family. It severely impacts those plans. And it’s not just about me, it’s about families, it’s about couples, young couples, elderly people. It can happen to anyone. I honestly didn’t think it was going to happen to me, and it did. It can happen to anyone.

HM: Do you think about it every day?

JW: Yes, every day, many times. I keep going back to the first text message or the first phone call.

‘It can happen to anyone’

HM: What are your emotions?

JW: The first one is that “I’m an idiot!” That’s the overriding sense. I know you shouldn’t think that way, because as I said, it can happen to anyone. Another thought is – “I’d love to have that moment back so I can stop the stress and the frustration, the anger, the emotions that have gone with it”. But I get to get up each day and do what I love and move on. I’ve still got my partner, my family, certainly things could be worse! I’ve had family and teammates that have been in some pretty vulnerable situations, but they’ve taught me that the sun always comes up.

HM: You said you felt embarrassed by it. Was that the sense then – or is that still the feeling now?

JW: It was definitely the sense then. The more and more I think about it, the more and more I can process what happened. It’s less embarrassment now, and more “Let’s do something about it”.

HM: Frustration and anger versus embarrassment.

JW: Yeah. More towards obviously the right parties, the people that did what they did to me.

HM: I hesitate a guess to say no one is judging you – you are the only one embarrassed, not many would be judging you in a negative light. This happens all the time. Australians lost $3.1 billion last year; NAB alone receives 85,000 calls every month about scams. It’s not as if it’s an isolated scenario.

JW: It isn’t, but for whatever reason I am embarrassed. This is a big thing for me to talk to you Hame. But I felt I needed to. I’m told around 70 per cent of people will not report being a victim of fraud and scams – because of embarrassment. That’s the number one reason. Whether that’s because they don’t want their family and friends knowing that they clicked on that link, or picked up that phone call, I’m not too sure. But initially that was certainly the way I felt.

HM: Were you – once you discovered the fraud – hopeful that it was going to be covered by the bank?

JW: I was, yes. I initially felt that the liability was on the bank, but finding more and more information out about these scammers, it’s not as simple as that. There is a lot more to it. It’s on the individual person that’s the victim of these scams, to educate themselves on how they go about themselves and the processes that these people use. The bank and the telcos help the scammers by providing a place that holds money and a way of getting in touch. But it’s not their fault. You are scammed by others, not them.

HM: Initially your anger was directed at the bank. Where is it now?

JW: Now it’s towards the criminals that did this to me. Emotions are high when something like this does happen, and you’re trying to find reasons and people that are liable for what has gone on. The last place I looked, was probably at myself. But when you start to peel back the layers of what’s gone on, there’s certainly more to it. When I say anger, I’ve certainly moved on. Now it’s certainly about the education piece and trying to find ways for these criminals to not play on people’s emotions.

‘This is a crime wave’

HM: Ross – thanks for making the time. The numbers are staggering on every front – $3.1 billion lost in scams Australia last year, NAB said it saw a 38 per cent rise in scam reports, and the bank takes 85,000 calls from people about scams every month.

RM: And it’s only going to get worse Hamish. The numbers for 2023 are even worse than those of 2022 you have quoted. This is a crime wave going on now in Australia, just as it is in the US and the UK.

HM: Jacob being scammed doesn’t surprise you at all then?

RM: Sadly not. Jacob was subject to an incredibly sophisticated scam. You can understand how most people would have thought it was their bank or their telco behind the texts and calls, not the criminals. This is actually getting worse. In the past 12 months we’ve seen a roughly 100 per cent increase in cases, and almost double the number phone calls being made into our bank over that same period you and I were talking about. So this is why we want to talk about it.

HM: Given the potential gain – the market is so big, there’s going to be an unbelievable amount of people that are very sophisticated, spending an amazing amount of time trying to beat the system. Why is it so hard to stop them?

RM: First off, we’re not going to stop them. There is so much money being made out of the scam. It’s such a big business now that we have to – in Australia – create a really hostile environment for those scammers to be operating in, and make it as difficult as possible.

HM: How?

RM: Unfortunately a bank can’t do it on its own, just as a telco can’t do it, and the government can’t do it on its own. I think this is really “Team Australia” that has to pull together, and you’re seeing the government starting to really work the big parties now to come together on this massive task. It’s such an industry that we have to fight against it.

HM: The telcos I would sense are feeling as much obligation and/or apprehension as the banks themselves?

RM: Yeah. 90% plus comes via a mobile phone, which is what Jacob was talking about. And it’s coming through the pipes and it’s using clearly identified symbols like an app, which is where Jacob got caught. Or it’s using the ATO, that was another big scam. Or it’s using Amazon, the “you haven’t paid your $49 fee” or it’s Apple. It’s all those things and people click on them. Once they click and give data, you’ve then exposed yourself to being open up to having all the money in your account drained out over time. It’s very sophisticated.

‘We have to be smarter and quicker’

HM: If it can’t be stopped, what are the ways of minimising it?

RM: There are certainly many ways of minimising and that’s where the banks and telcos are working together. I saw last week that the government is looking to put in place something that Singapore did, where you have to register your SMS. So if somebody is going to have a text number, which Jake got scammed on, that has to be a registered number, and that’s the only people that can use it. Say a NAB number is a NAB number, you can’t use another number without our face on it. Those are really important moves. Now will they stop it fully? No. These criminals will find another way, but we have to be smarter and quicker at blocking and tackling. As a bank, we’ve got 64 initiatives on the go. We’ve done 10 of them already and 52 more between now and May to make it more difficult for these criminals to get into accounts and create scams like they did on Jake. But it’s going to be an ongoing process because this is a massive industry.

HM: My inclination was that the bank would have insurance to cover this, but at no stage was the bank involved in this. So where does the protection start and stop for your clients, where does your onus start?

RM: It’s really difficult because in the UK for example, the banks to a level, are accountable, because the money came out of your account.

HM: That’s what the legislation is in the UK?

RM: Yeah. But what they haven’t realised is that there are so many parties to stop this. You can’t just land at one party, because that’s where the money came out of. Because the perpetration of this came through other areas. And I’m not in your lounge. As Jake knows, I’m not in his loungeroom when he’s putting the data in and putting his accounts in and moving money. So what the banks look at is “Was Jake at all involved, and would the money have disappeared if he hadn’t been involved?” If the answer is no and yes, then there’s a liability on the bank for the movement. But where the person’s involved, there’s got to be some culpability on that as well. Otherwise, you open all of Australia up to, well it’s just the bank’s fault and then the price of banking goes up again, again, and again.

HM: And it becomes unaffordable?

RM: Pretty much. We all have to take accountability, and the big thing I really love about Jake coming forward with courage to actually say, “I don’t want this to happen to anybody else, so I’m prepared to stand up and tell my story so that others don’t get knocked around like I did”. When I first met Jake, the guy was sitting there telling the story as it was a horror for him. And he said, “I just don’t want others to end up in this mess that I’ve ended up in”. So that’s where we need more education, and the bank can do a lot of education, but it whips over the top of most people’s heads. So we’re intervening at the moment. We’re making it harder for transactions to be made. So for example, when you click on to make the payment, we’ll pop up and say, “You haven’t made one of these before. Are you sure you want to make this payment?” We tried this out the other day. Already we’ve stopped payments worth millions. The person said, “I’m not making the payment”. But you’re putting friction back into a frictionless system. Because everybody wants their payment made yesterday and we are starting to put more friction into the system and I think the banking system probably has to put more friction in. So when you put your head on the pillow at night, you go, “Should I have made that payment?” And if we’ve held that payment for say 12 hours, we can stop and block it on your behalf. But unfortunately the system is a real time banking system now, which means you click the payment, it’s gone. We can intervene in some of these where it just looks a bit strange and we’re starting to do exactly that. But can we stop every payment being made? No, we can’t. The system’s built around electronic payments.

HM: So when you go down the rabbit hole of trying to find where Jacob’s money went -where do you end up?

RM: Usually into another bank account like Jake moved it to, and then pretty much instantaneously, it’s gone offshore.

HM: And once it’s gone offshore?

RM: The chances of getting it back is probably 2%. So that’s why the question of “Do you hold back payments for a period of time?” So when Jake puts his head on the pillow at night and goes, “Should I have made that payment?” And he rings the bank on the number on the back of his card and we go, “Right, we’ll block it for a period”. It’s that time frame we’re having to look at. And there are other ways with the new NPP system, which is an automatic payment system, we can intervene digitally in those payments and say, that looks a bit strange, let’s hold it and block it. Even though it might be like Jake, who’s one was underneath the payment structure. If we haven’t seen them being paid before, there are ways over time we’ll be able to stop and block those payments. And these are some of the 64 initiatives we are working on. It’ll just make it a bit safer. But it will slow down payment structures in the Australian market.

HM: It seems a small price to pay to have a 24-hour delay in payments.

RM: But for some people – that’s crucial if you’re making certain payments. But there are a lot of payments like Jacob.

‘This is happening every minute, every second, every day’

HM: Is there a country that is more advanced here than others in the scam?

RM: I’ve described the Singaporean market where they’ve actually blocked out at the telco level using the SMS numbers. Because as we’ve discussed, most of this is coming through a phone or an iPad.

HM: From where generally?

RM: It’ll be a number of alien countries. Countries that you and I know, they’ll be ones that aren’t that friendly to the Australian market. There’s a war going on in one of them at the moment.

HM: The Russians are good at it?

RM: They’re pretty good at it. You’ve got some others in Asia that are pretty good as well. Then you’ve got people who have just turned this into an industry and are making money out of it.

HM: I remember reading 10 years ago when the internet became a common way of paying your accounts. There was an office set up and they’d just send 10,000 invoices out a day for less than $30 for things like ‘Stationary” to big businesses, and about 20 per cent got paid per day. It was just a business.

RM: And that’s what you’re saying here, this is a business. This one that got Jake was very sophisticated. The use of the NAB, the fact that they followed through and it looked and felt like we would normally do, it’s very sophisticated. The thing I keep saying to people is, “Feel free just to hang up the phone, push the red button. Don’t click on the link”. There’s still lots of legitimate businesses including ourselves still sending something out with a link. Now we’re going through and saying “Where are those?” and we’re stopping them, but don’t click on a link! If we really want to get hold of you, there are other ways of doing that. Even if I have to write to you, I’ll do that. Take the time to stop and think about it because as you say, the payment in another hour’s time, you can still make it if you have to. It’s just that time lag – also be very suspicious. We as human beings are very compliant, trusting human beings, most of us.

HM: And that’s also what the scammers are preying on. You’re saying they preyed on your suspicion and your mistrust of others by portraying an honest “Let’s help you here.”

JW: You talk about hanging the phone up – I was never very good on the phone anyway, as people who know me can probably attest to. For me now more than ever when it comes to unknown numbers, text messages, it’s very simple. No answer, or I’ll wait for a voicemail. And the urgency and sort of the generation that we now live in, it’s very much, “I want things now. I want things done now”. So taking that time and just being patient enough if something is going on, go down the local branch. That is something that I could have easily done on that Friday and just gone, “OK, something doesn’t feel right” so I’ll go down the local branch and try and sort this out there because then you’re face-to-face with someone that you can probably trust.

HM: Have you received similar lures since?

JW: Not to the extent of this one. In terms of the sophistication of using NAB’s ID. But almost daily text messages, I continue to get emails, and now more than ever, I can pick it up and just see it, “Yeah that doesn’t seem quite right”. As we’ve spoken about with family members, friends, just in text message chats and messages, you might put a screenshot of this sort of scam that’s come in and we share it so we all see it.

HM: Every day this is happening, Ross?

RM: No, this is every minute, every second, every day.

HM: What was happening a year ago is now dark ages?

RM: Oh yeah. A year ago for example was that you owe the ATO money. You could see those coming through and you can block and tackle the ATO ones with them being made there. Then they start getting more and more sophisticated. Like the one Jake talked about is probably one of the most sophisticated I’ve seen, where it was multifaceted the way they came after him. And as soon as he went into the link, they knew that they had somebody to really talk to and the numbers that they gave him and then intercepting the numbers. That’s very sophisticated. You’re still seeing ones that we chatted about. Like Apple’s you owe me $1.49 or Aussie Post.

HM: When you click the link – what does that give them?

RM: You put your details in about to make the payment, and then they grab your payment details. Once they have that, they can come back and fraudulently come into your accounts to take your money out.

HM: Ross, you are throwing huge amounts of hours at this, 500 people all up. It’s a big cost to the bank obviously, but if it’s unbeatable in the end, it then just becomes a part of society?

RM: We can’t accept that these people are going to win. We have to go at it with the ferocity that they’re coming after us. Because at the end of the day, there’s Jake sitting at the back of us. We should never forget that we have to keep the Jakes of this world safe. We have to go after these criminals and we cannot let these people ruin our customers’ lives and our brand. We’ve spent 160 years building the NAB brand. They’re ruining it on the back of every individual that they attack, like Jake.

‘Let’s hope that tens of thousands, if not hundreds of thousands of people listen to Jake’s story’

HM: The awareness through someone like Jacob talking, is enormous.

RM: Well that’s why I was delighted Jake came forward. And when you meet an individual like Jake, you realise he has huge courage on the field and off it. He was articulate about what had happened to him and he said, “What can I do?” Let’s hope that tens of thousands, if not hundreds of thousands of people listen to Jake’s story. It would be great.

HM: I assume your teammates are all aware of this?

JW: Not initially but I spoke with them recently.

HM: Because?

JW: I didn’t think they needed to know in terms of performance and training. I’m a leader of the football club, I just wanted to carry on with my business and I didn’t think that needed to be told straight away. I wanted to wait until I felt this was the right time. Now, I can tell my story and try and help a few.

HM: It would be interesting to see whether or not any of your teammates or other players when they read this say “I haven’t been saying anything either!”.

JW: Yeah. It will be interesting to see who is in the same boat. I hope that’s going to be a helpful part of telling my story. Allowing people to be open and honest about these things and hopefully learn from my experience.

RM: I guarantee that there’ll probably be huge numbers that have been scammed and have never had the courage to come up like Jake in the AFL arena. It’d be amazing all the ones that just got that close, or different types of scams that we probably haven’t talked about today. Because there’s some pretty embarrassing scams that people get caught up in.

HM: Romantic?

RM: Romance. The stuff that gets put out there on those romance scams is a horror, because you get sucked into it month after month after month. There’s a lot of scams out there.

HM: Any other scams we need to be aware of?

RM: The other one is when you get notification that the account you’ve been paying into has changed. Be careful. Pick up the phone. Call. Confirm.

JW: It’s doing the little things as well. For me, once it all happened, just getting everything in check for me was getting a post office box, something as simple as that. That’s what most people, probably my parents’ generation and grandparents’ generation did. That’s another way you can protect your privacy and your details. Making sure you’re face-to-face and have regular catch ups with your accountant. Do the little things that will certainly help and stop these sorts of things from happening.

HM: How do you, Jacob, get past the anger? Because it’ll eat at you.

JW: I think telling my story is going to be a big part of that. That’ll enable me to somewhat move on from what happened and then empower me through NAB, through conversations and education to help others. Sometimes you go through your life and there are little bumps, but for me this is a big, big learning opportunity, not just for me, it’s for my friends and family and it’s for a lot of people my age all the way through to the older generation. I think that’s going to be the best way to certainly move past it. If I can help just one person that’s had a similar incident or could possibly have something similar happen to them, I think I’ve done something good.

RM: I think if every AFL player listens to Jake’s story, it’ll be a great service done mate. Because they will experience this. They’re making good money. They’ve got other things on their minds and they get hit with stuff like you did that Friday. The quickest, easiest thing to do is hit that link. But our message is don’t click on the link. And if every one of them hears the story and just says, I remember Jake talking about this. Pause, hit delete. It will be a massive service.

More Coverage

‘It’s everywhere, it’s a matter of time Jez’: Kellie’s epic cancer fight

Hamish McLachlan

Nathan Jones at peace with Premiership miss

Hamish McLachlan