ANZ customers sent $77m to scammers, reveals CEO

“Through the pandemic, I have been increasingly troubled by scams targeting our customers,” he said.

“We saw a 73 per cent increase in scams detected or reported by customers in the first eight months of 2021, compared to the same time last year. 

“Over this time our retail customers sent about $77 million to scammers, of which we were able to recover almost $19 million. 

“We’ve increased our dedicated scam prevention team with our frontline people also playing a role.”

According to the CEO, ANZ’s internal data suggests that the average age of a scam victim is 59, and 44 per cent are aged over 65. In addition, the most prevalent and successful scams were found to be those that gain remote access to customers’ computers and their devices. 

“We’ve also seen a year-on-year increase in investment scams of around 53 per cent and a high proportion of these involve cryptocurrency,” Mr Elliott added. 

But while responding to the MP Julian Simmonds’ questions regarding the reporting of scams to authorities, Mr Elliott highlighted a key issue in ending scams: customer reporting. 

Not all scam recipients report to authorities.

“...Just to give you some of the data. From the low end; malicious and spam emails – we block over 15 million malicious emails every month,” Mr Elliott said. 

“Those are emails coming in, phishing attacks wanting staff members to click here, there, or anywhere and that’s increasing quite dramatically every month. 

“[O]ver any week, in terms of attacks on our website, we will see somewhere between 15 and 20 million attacks on the website that we need to block, which includes some of these [distributed denial-of-service] attacks as well, so it’s a massive issue.”

As he continued, the big four CEO acknowledged that the Australian banking system has invested “heavily in the area” and that “it’s pretty well protected”. However, Mr Elliott added that one hurdle is when scam victims, such as bank customers, don’t report that they have been scammed.  

“Our concern is more to do with our customers who either don’t have the resources or don’t see the need to do this,” he said.

“So it is a growing issue. When we see serious attacks, and again, we can’t report every single malicious email, but where we are able to identify who the perpetrator might be, we certainly work with the authorities,” Mr Elliott said, adding that this could be the Australian Transaction Reports and Analysis Centre, national security teams, or the police. 

The CEO added that if the bank is aware of a scam – including ransomware attacks – it would encourage customers to report it to the relevant authorities.

“It’s not for us to report that on their behalf. So we encourage them,” he said.

“...[O]ur advice would be to seek advice themselves about what to do in such a situation and to work with the relevant authorities.”

Finance sector seeing increase in scam activity

The CEO’s comments come as the finance sector experiences a dramatic uptick in cyber-security issues. 

Earlier this month, the Australian Banking Association released a new scam awareness campaign following data that suggested more than a third of Australians knew someone who had lost more than $150,000.

Published last month, the Office of the Australian Information Commissioner’s Notifiable Data Breaches Report cited more than half of the data breaches in the financial sector were considered to be malicious or criminal related.

In addition, recent reports have suggested that brokers too are experiencing a rise in this form of activity, with reports of attackers successfully impersonating brokers and borrowers to intercept payments.

[Related: Momentum launches new cyber-security podcast]