Skip to Content

Online Banking, protecting your security

We’re 100% committed to protecting your security and privacy online

01

Important info

We’re here to help and should the worst occur, you’re still protected.

The UBank Defence is our promise to you that we’ll reimburse 100% of your money should it be fraudulently taken from your account, provided:

  • It’s clear you didn’t contribute to the loss
  • You promptly let us know when you become aware of any unauthorised transactions

To find out about the latest security alerts click here.

02

Types of fraud, phishing and scams

Identity theft/takeover

  • What is identity theft or takeover?

    This is when a criminal has enough information about an individual to impersonate them for financial gain or other benefits. Criminals can gather your details by stealing from your letterbox or through phishing scams, data breaches, social engineering, malware or hacking systems.


    How does it occur?

    When these criminals have enough information, they can attempt to apply for finance, open bank accounts, phone accounts or set up other services in your name.


    What to look for

    Always look out for changes to your account that you didn’t request .

    This might include:

    • Receiving an email or alert from a change you didn’t make
    • The inability to log in to your account
    • Getting an alert that your profile has been logged in to from an unusual location
    • Receiving bills, letters, invoices or receipts addressed to you that you do not recognise

     

  • What is mobile phone porting?

    This is when your mobile phone number is “ported” or transferred to a new telecommunications provider without your permission. This may enable criminals to receive SMS authentication codes sent by your bank, in order to authorise transfers without your knowledge.


    How does it occur?

    In some cases, all that is required to port a phone number is an account or phone number, and date of birth. These details are often included on phishing sites that appear to represent legitimate companies requesting personal and financial information. Another common way of accessing this information is by stealing mail out of letter boxes or rubbish bins.


    What to look for

    If your mobile phone service is suddenly disconnected, it may show ‘SOS only’ where the carrier name usually appears on the screen. This could be a warning sign that your mobile phone has been transferred to another provider without your authorisation.

    If your service does not return in a short period, contact your mobile provider immediately.

     

  • What is card fraud?

    Any unauthorised transactions made on your Visa Debit Card. This may be due to a card or device being lost or stolen.


    How does it occur?

    Card fraud can occur when the your card details are used to process an unauthorised transaction. Your details may  have been compromised through things such as online shopping or physically obtained (i.e. your card is used after being lost or stolen.


    What to look for

    Banks use historical spending patterns and trends prior and after the transaction(s) in questions to make a decision to process or stop the transaction(s).

    It’s important that you also keep an eye on transactions and contact us I you see anything suspicious.

     

  • What are scams and phishing?

    Spam refers to unsolicited junk emails that are sent to large numbers of people at once. Spam emails are typically advertising fake products or get rich quick schemes.

    Phishing emails are more sinister than spam. They’re designed to trick you into providing personal information like a mobile phone number; usernames and passwords; or credit card details or bank details.


    How does it occur?

    These fraudulent emails or text messages usually appear to be from UBank, NAB or other legitimate businesses. UBank and NAB will never contact you asking for personal information such as account details and/or passwords; and we will never send you a link to online banking asking you to log in.


    What to look for

    There are a few signs the email you received may not be legitimate, including:

    • Sender address - This might be unusual, misspelled or slightly different from the correct address, for example uBank.com instead of UBank.com.au

    • Generic greetings and sign offs - Phishing emails are sent out to hundreds of people at once so use generic greetings and signoffs.

    • Poor grammar and spelling - This can be a tell-tale sign, but it isn’t always the case. Remember, criminals can use spell check too.

    • Creating a sense of urgency - Phishing emails will often encourage you to click a link or download an attachment to avoid a problem to create a sense of urgency. Always read an email carefully before taking any action.

    • Suspicious links and fake websites - If you receive an email with a suspicious link, hover over the link with your mouse to see the actual web address the link leads to – it could lead to a fake website.

    • Malicious attachment - Often an attachment will appear to be a PDF, image or Office file, but when you try to open the document, it tries to run a program or script intended to infect your computer with malicious software.

    • Urgency – Requests that are positioned as extremely urgent and need your immediate action outside what is expected.

    Report suspicious messages to phish@ubank.com.au and then delete them, without clicking on the links or attachments.

     

  • What are scams?

    There are many types of scams

    1. Investment scams - Australians lose millions to investment scams every year.

      How does it occur?
      Individuals or businesses receive a cold call and are offered attractive investment returns or professional-sounding business opportunities. Once the investment is made, the victim usually receives no returns.

      What to look for
      These scammers are mainly based overseas and often tell victims they only need to invest $1,000 - $2,000 to start seeing returns. Often this escalates into requests for more money.

    2. Romance and friendship scams - Today, it’s easier than ever to make friends and build relationships online. The downside is criminals have become clever at taking advantage of people looking for love. Scammers may be looking for financial gain, to gather information or to use their new ‘friends’ to help them launder money.

      What to look for
      A combination of these red flags could indicate a friend or relative is involved in a scam:
      • they have never met the person face to face
      • they have not seen the person via Skype, webcam or video chat
      • if they have spoken on the phone, it’s rare and the calls are brief
      • they fall in love within weeks, if not days of talking
      • your friend is secretive of the relationship and doesn’t want to discuss it (they may have been groomed not to share too many details)
      • there has been a request for money.

    3. Remote access scams Some phone scammers impersonate a bank, telco or computer company and tell you there’s an issue with your computer, banking or phone.

      What to look for
      They’ll ask you to download a program that gives them remote access to your computer, so they can ‘fix’ the issue. If you do this, they can access all the information on your computer. You should never give an unsolicited caller access to your computer.

    4. Phishing scams - impersonating UBank, NAB or another company to gain access to your accounts.

      What to look for
      Usually, in a phishing phone call:
      • The caller says they are from a bank, a large service provider like the NBN, ATO or a phone company.
      • They may know some of your personal details like your employee number or work address and use it to gain your confidence or offer to let you speak with their ‘manager’.
      • They may ask for SMS codes, or get you to process a transaction or download software so that they can remotely access your computer.

03

Security alerts

Be on the look-out for suspicious messages.

July 2020: COVID-19 scam calls

UBank is aware of current scam phone calls targeting Australians. The caller may claim to be from an organisation that can assist you to get early access to your superannuation. The caller may ask for your personal and superannuation details.

In another example, the caller may claim to be from the Department of Health and Human Services (DHHS). The caller may request credit card details for a testing kit. Please be aware that this is not a legitimate call from the DHHS.

If you’ve received this type of call and have provided information about your superannuation, please contact your superannuation fund immediately. If you’ve provided personal or banking details, please also contact UBank on 13 30 80.

If you receive a text message saying your superannuation fund is going to release your super, and you did not request this, contact your fund immediately.

You can also visit the Scamwatch website for more information about other COVID-19 related scams.

April 2020: COVID-19 emails/text messages

UBank is aware of COVID-19 themed emails and text messages circulating which contain malicious software, lead to phishing sites or asking you to donate money to a bank account.

The emails and text messages may purport to be from legitimate organisations, including government agencies, and request you to click on links, open attachments or donate money to a bank account. Please see two examples below.

If you have clicked on links or attachments in a suspicious email or SMS, or sent funds based on a request received from a suspicious email please call UBank on 13 30 80.

If you receive a suspicious message, do not click on any links or attachments. Please forward it to phish@ubank.com.au and then delete it.

You can also visit the Federal Government's Australian Cyber Security Centre website for more information about COVID-19 related scams.

For more information on UBank’s response to Coronavirus, visit ubank.com.au/coronavirus.

COVID-19 phishing messaging
COVID-19 phishing messaging

January 2020: Mobile phone porting

UBank is aware of mobile phone porting attempts targeting Australians.
 

What is mobile phone porting?

Mobile phone porting describes when your mobile phone number is ported (transferred) to a new telecommunications provider without your permission. This may enable criminals to receive SMS authentication codes sent by your bank, in order to authorise online banking transfers without your knowledge.
 

How does it occur?

In some cases, all that is required to port a phone number is an account or phone number, and date of birth. These details are often included on phishing sites that appear to represent legitimate companies requesting personal and financial information. Another common way of accessing this information is by stealing mail out of letter boxes or rubbish bins.
 

What to look for

If your mobile phone service is suddenly disconnected, it may show ‘SOS only’ where the carrier name usually appears on the screen. This could be a warning sign that your mobile phone has been transferred to another provider without your authorisation.

If your service does not return in a short period, contact your mobile provider immediately to confirm why your mobile service is not working.

If your mobile has been transferred to another provider without your permission, please contact us on 13 30 80.


How to protect yourself

  • Be on the lookout for suspicious emails, text messages and calls requesting personal and banking information. UBank will never ask you to confirm, update or disclose personal or banking information via a link in an email or text message.
  • Report suspicious messages to phish@ubank.com.au and then delete them, without clicking on the links or attachments.
  • Access UBank’s website by typing ubank.com.au into your browser, rather than clicking on links or attachments.
  • Turn on two-factor authentication for your UBank accounts, and ask your mobile provider if you can do the same for your mobile phone account. This means another piece of information (such as a password, or code sent to you via SMS) is required before certain actions can be taken.
  • Ensure you have a locked padlock on your letterbox, and shred any documents such as bank statements before disposing of them.

December 2018: Security changes

At UBank, we’re 100% committed to protecting the security and privacy of our customers online.

On Friday December 21, 2018, we made some changes to security. Customers will now receive an SMS authentication code when transferring between their own UBank accounts.

More information on these changes can be found here.

What are phishing/hoax emails?

Fraudulent emails, text messages and phone calls that appear to be from UBank, NAB or other legitimate businesses may attempt to trick you into providing personal information such as your online banking password, email address or credit card details. This is known as ‘phishing’.

UBank and NAB will never contact you asking for this type of information and we will never send you a link to online banking asking you to log in.

If you’re unsure about the legitimacy of a call purporting to be from UBank, hang up, and call us back on our official phone number (listed on our website and on the back of your cards) to verify the call was legitimate.

 

If you have received a suspicious message that appears to come from UBank or NAB, do not click on any links or attachments. Please forward it to phish@ubank.com.au and then delete it.

You can report suspicious SMS messages by taking a screenshot on your phone and forwarding it via email to phish@ubank.com.au.

If you have received a message of this type and clicked on the links or attachments, or provided any information, please contact UBank immediately on 13 30 80.

Visit the NAB Cyber Safety Hub for more tips to help you stay safe online.

04

Tips to stay protected online

  • Be on the lookout for suspicious emails, text messages and calls requesting personal and banking information.

  • Never share your passwords, PIN’s, passcodes or Pattern Lock codes with anyone including UBank staff, and don’t write them down. 

  • We’ll SMS you one-time passcodes for online banking transactions and password resets, so it’s important to keep your phone secure. 

  • If you call UBank, we may send you an identification verification SMS; the message will state that this is the only code we will ask you to provide to us. Ensure to read the whole message to ensure the action being requested matches what you were trying to do. 

  • Use a unique password for each of your online accounts. Make passwords hard to guess. Your password should:
    • be at least 7 characters long
    • begin with a letter
    • include at least 1 number
    • not include your first name, last name, birth date or email address 
       
  • Turn on two-factor authentication for your UBank accounts and ask your mobile provider if you can do the same for your mobile phone account. This means another piece of information (such as a password, or code sent to you via SMS) is required before certain actions can be taken.
     
  • Turn on automatic software updates to ensure your devices always have the latest software installed. 

  • Remember to log off when you’ve finished using online banking. 

  • Avoid using computers in public places such as internet cafes, hotels and airport lounges to conduct online banking. 

  • Always access UBank’s website by typing ubank.com.au into your Internet Browser. Make sure the website address starts with “https” and a padlock is displayed. 

  • When downloading Apps, ensure they are from official App stores (Apple App store or Google Play store). 

  • Only perform banking on trusted devices and on trusted Wi-Fi/networks. Never accept a request to download a program or certificate to your device in order to use a public Wi-Fi network. 

  • If you discover a transaction you don’t recognise, please contact us immediately. 

  • If you have a UBank Debit Card:
    • Notify us immediately if you become aware that your card has been lost, stolen or used by someone else.
    • Sign the back of a new card when you receive it.
    • Don’t let anyone else use your card – including family members or friends.
    • Regularly check that the card is still in your possession.
    • Destroy your card when it expires by cutting it diagonally in half (including any embedded microchip on the card; magnetic strip and security code).
    • Protect your PIN when entering it on ATMs and EFTPOS terminals.
    • Try to memorise your PIN so you don’t have to write it down.
    • Don’t choose a PIN that is easily identified with you. For example, your birth date, car registration, telephone number or your name in part or full. (If the guidelines for choosing a PIN are not followed, you may be liable for any unauthorised transactions.) 
       
  • Ensure you have a locked padlock on your letterbox and shred any documents such as bank statements before disposing of them.

05

How we protect you

Security measures to keep your investments secure.

SMS security

We’ll send you one-time passwords via SMS for transactions you make using online banking as an extra security measure.

Transaction monitoring

Every transaction made through UBank is monitored for anything suspicious or unusual.

Transport Layer Security Encryption

UBank’s website uses TLS (Transport Layer Security) encryption technology to protect your information. To ensure compatibility with our site, please keep your browser up to date.

Banking sessions timeout

We’ll automatically log you out if you’ve been inactive for a while.

Maximum transfer limits

We limit the maximum you can transfer via online banking each business day. If you need to transfer more, call us on 13 30 80 for assistance.

Lockout

After a number of failed logins, access to online banking is automatically blocked.

06

Useful links

  • Australian Securities and Investments Commission (ASIC) website where they publish companies identified as operating cold calling scams: https://www.moneysmart.gov.au/scams/companies-you-should-not-deal-with 

  • Australian Competition and Consumer Commission’s (ACCC) Scamwatch website to learn more about current types of scams.

  • The Australian Cyber Security Centre (ACSC) is a federal government led initiative to securely report instances of cybercrime. You can submit a Report at www.cyber.gov.au.

  • IDCare is a not-for-profit Australian and New Zealand national identity and cyber safety support service. They have a team of trained counsellors that can assist individuals facing identity and cyber security concerns. Visit: http://www.idcare.org/

07

Contact us

You should contact us immediately on 13 30 80 when:

  • Your password/PIN has been shared or compromised.
  • Your card or mobile phone has been misused, lost or stolen.
  • The device you use for online banking has been lost, stolen or infected with malicious software.
  • There’re unauthorised transactions on your account/s or you believe your UBank account has been accessed by an unauthorised person.
Back to top

Products

Tools & calculators

Useful links

Legal stuff

© UBank is a division of National Australia Bank Limited ABN 12 004 044 937 AFSL and Australian Credit Licence 230686. Terms of use available here. Target Market Determinations for these products are available at ubank.com.au/tmd. Are you experiencing financial difficulty? See how we can help.

       

    


UHomeLoan info: Credit is provided by AFSH Nominees Pty Ltd Australian Credit Licence 391192. UBank is the mortgage manager for UHomeLoan products. Govt charges may apply. The Comparison rate is based on a secured loan of $150,000 over the term of 25 years. ^WARNING: This Comparison rate applies only to the example or examples given. Different amounts and terms will result in different Comparison rates. Costs such as redraw fees or early repayment fees, and cost savings such as fee waivers, are not included in the Comparison rate but may influence the cost of the loan.


The Apple logo and Apple Pay are trademarks of Apple Inc., registered in the U.S. and other countries. Google Pay, the Google Pay logo, Google Play and the Google Play logo are registered trademarks of Google LLC. Samsung and Samsung Pay are trademarks or registered trademarks of Samsung Electronics Co., Ltd.