By David Taylor, ABC
Australia's major banks say they are under constant bombardment from cyber attacks. Photo: RNZ / 123rf
Australia's "big four" banks are under constant attack, says the National Australia Bank's executive for group investigations Chris Sheehan.
"Every bank. Every bank is being attacked all the time."
Australia's big four banks, it has been revealed, are being bombarded by cyber attacks every minute of every day, leaving customers increasingly vulnerable to scams.
The attackers were trying to get into the banks' computer systems, deny services to customers, use malicious code or breach security logins.
And the purpose of these attacks?
"If it's not us being attacked, then our customers are being attacked, in an effort to steal their information and their money.
"There's no typical demographic.
"The entire community is at risk," Chris Sheehan told ABC's The World Today.
- Read more: 'Banks can't protect New Zealanders on their own'
- Scammers took almost $200m from Kiwis last year - report
Indeed, Chris Sheehan is blunt - it is warfare out there.
"We're engaged in asymmetrical warfare on a day-by-day basis," he said.
"We're dealing with threat actors of all different types.
"From, being colloquial, Larry the loser, in the basement at home that's having a bit of a chop away at the laptop and trying to steal money from people or hack into a system, all the way to highly sophisticated, ruthless and resilient transnational organised crime groups and they're the ones that are driving 90 percent of the scams that are hitting Australian victims.
"And then at the top end of the scale, we're dealing with nation-state actors, malicious nation-state actors.
"So, it's asymmetrical warfare.
"It changes every day," Sheehan said.
Chris Sheehan says the NAB and most other major financial institutions have stopped including hyperlinks in official communications with customers. Photo: 123RF
Massive theft
Australians were being fleeced to the tune of $3 billion (NZ$3.3bn) a year by cyber criminals via scams, according to cyber security expert Troy Hunt.
And while he was hesitant to label the attacks "warfare", he said the extent of the cyber attacks on Australia's financial institutions was not well understood by the public.
"I imagine most people are not aware of how prevalent the online attacks are, probably in part because they don't have a sense of the fact these attacks do originate from all over the world, all sorts of different demographics are mounting them."
"There are attacks online, attacks against individuals, attacks against corporations.
"It really is prevalent," Hunt said.
He argued the exponential increase in cyber crime related to the perceived lower risk compared to, say, physically robbing a bank.
The risk involved with engaging in cyber crimes was different for those in countries where it was unlikely the perpetrator could be extradited.
"The risk is totally different. And the reward's totally different as well.
"It's not about grabbing cash out of a till, it's about potentially grabbing hundreds of thousands of dollars or millions of dollars in one go," Hunt said.
Daily defence
The result was that banks, including the NAB, worked hard on their cyber defences.
"We have a call centre and an operations team focused on the frauds and scams issue that is close to 350 to 400 people - they're on the phone and available to our customers 24/7, 365 [days a year]," Sheehan said.
Like other institutions, the NAB had also told customers it no longer sent text messages to customers with links, so if there was a link in a text message, the customer knew it was a scam.
Sheehan conceded, though, that once a bank customer hit "send" on a scam payment, it was usually too late for the money to be recovered.
"If it looks or sounds too good to be true, or if someone's applying pressure to you that you're going to miss out on something, or you're going to suffer a penalty, if you don't make that payment, they are massive red flags.
"If the story you're being given, either by a text message, email, whatever, contains either of those elements, don't hit send on a payment, run a mile.
"Seek advice from your bank, talk to friends or relatives, but don't hit send."
The Australian Banking Association, which represents the banking industry, agreed with the NAB that the nation's financial institutions were effectively at war.
"We are amidst a scams war in this country," an Australian Banking Association spokesperson told the ABC.
"Banks are working around the clock to protect Australians from scams and the industry will continue to invest record amounts in the latest scam-fighting technology to protect customers.
"Extra safeguards from banks are helping to ensure less Australians are losing money to the international criminal gangs who run many scams."
The ABA said Australian banks were known to have some of the strongest anti-scam protections in the world.
- This story was first published by the ABC
