Make a complaint
Home chevron-big Guides & cases chevron-big Case notes chevron-big Fraud & scams - 81682 chevron-big

Customer reimbursed $44,000 after nothing in fake bank log-in page to suggest a scam

Categories:
Fraud & scams,
Summary:
In February 2023, Madison received an email purportedly from the Inland Revenue Department saying she had a tax refund. She had been expecting a refund and clicked on a link in the email that took her to what appeared to be the department’s website. There she was asked to select her bank from a drop-down box and was then taken to what looked like her bank’s log-in page. Madison entered her customer number and password, and then logged out.
Published:
August 2024

The email was a scam. A week later, Madison discovered the scammer had made two transfers totalling $49,000 via the bank’s mobile banking app, which the scammer had set up on a new device. Madison called the bank and learned it had sent her an SMS text six days after she had entered her details into the fake website with a code that had to be entered to set up the bank’s mobile banking app on a new device. Madison said she had not seen that code and had not disclosed it to anyone.

The bank tried to retrieve the $49,000 but managed to get back only $4,404.03. Madison said the bank should reimburse the outstanding amount of $44,595.97. The bank said it was not liable for her loss because she had breached the terms and conditions of her account by entering her customer number and password into the fake log-in page. The bank also said Madison had missed opportunities to detect the scam, such as that the email did not come from an address associated with the Inland Revenue Department. Madison said that she didn’t see the entire address when she saw the email on her phone.

Our investigation

The Code of Banking Practice contains an online fraud guarantee whereby banks are liable for unauthorised online transactions unless the customer has been dishonest, negligent, breached the account terms and conditions, or failed to take reasonable steps to protect his or her banking details. The bank argued Madison was not covered by the guarantee because she gave the scammer her customer number and password.

However, we were satisfied Madison was covered by the guarantee. She did not knowingly make the transactions or consent to the money going to the payees the scammer had set up. Nor, in our view, had she been negligent, breached her account’s terms and conditions or failed to take reasonable steps to protect her banking credentials. She had genuinely believed the email came from the Inland Revenue Department, just as she had genuinely believed she was disclosing her log-in details to the bank. The log-in page contained nothing, in our view, that would have alerted any reasonable person to the fact it was a fake.

We were satisfied Madison was entitled to reimbursement of the outstanding amount under the online fraud guarantee. 

Outcome

The bank paid Madison $44,595.97.

Print this page

Latest Case Notes

December 2024

Fraud & scams /

Scam victim responsible for one of two Airbnb payments

In February 2024, Kyla received a call from a number belonging to her bank. The caller alerted her t…

Read full case note

December 2024

Fraud & scams /

Customer not negligent despite sharing code with scammer

In November 2023, Ollie received a phone call from the bank’s phone number, and the caller, purporte…

Read full case note

December 2024

Freezing an account /

Bank froze accounts longer than justified

Harlow was a member of an incorporated society that had accounts with the bank, including term-depos…

Read full case note