ING Remote Access Scammer Alert - Lost $2000 to Scammer

mariahwerk on 27/10/2022 - 12:45
Last edited 22/11/2022 - 17:55 by 1 other user

WARNING: Scammer is able to mask their text messages as coming from an ING phone number.

This morning I was on my usual day of work. Received a text message saying "someone logged into your account. If this is not you. Visit link."

ACTUAL MESSAGE:

You just logged in on a NEW device. If you did NOT login, go to: login.au-my-acc.net to cancel.

I use an iPhone, so the messages come in a conversation. The above message is in the same thread as the one that ING uses to send me update messages. Unsupecting anything I clicked on the link in a frenzy in fear of someone taking my money, without realising it's a dodgy link.

Entered my client and access number. Shortly after, 2k money was transferred out. They were even able to register their phone for mobile banking (ING sent me a verify message) and somehow able to bypass this 2FA.

Significant security features issues I found with ING are:

  • NO 2FA once you log in with client number and access code. That's it. They have full control. Even for new payee Pay ID or account number, no PayCode or 2FA verification like Commbank does. Straight to the scammer account via Osko. Edit: 2FA is only enabled for new payee/edit payee if you are on desktop/laptop. No 2FA if the scammer successfully bypassed the 2FA for the first mobile banking registration.

  • Scammer somehow able to mask their sender end into ING's number or conversation.

  • Scammer able to bypass the new phone for mobile registration 2FA (text sent to my phone, I did not give anyone the code).

Edit: The link that I posted is now shown as under Google review and flagged as "suspicious". When I first clicked on it, it took me straight to an ING looking webpage.

Any ING account holders beware. The scam team is saying a lot of people are falling for it.

TLDR: ING account scam going on, do not click on any suspicious links. ING never asks you to put in client number and pass code via SMS.

I have learned my lesson, so please don't victim blame. I am setting this thread up as a support thread for (I suspect) many more victims to come. ING themselves have acknowledged their scam team is very very busy today.

Update 29/10/22:
- Orange Everyday Terms and Conditions states:
"You are liable for the loss if: the security of one or more Codes has been breached and if the breach of the Codes are more than 50% responsible for the loss"
Called their scam team today and basically told "you deliberately gave away the Client Number and Access Code. That's on you." So ING will absolutely not reimburse me if the recall fails.
- I am going to now finally let go. Not helpful for my mental health ruminating on this other than learning my lesson to never click any links.
- Hope no OzB members fell for this like I did.

Update 21/11/22:
- VicPol actually contacted me and filed a report. Detective said she is looking at multiple similar cases, said ING is very slow with responses, so anything that I can supply will be very helpful. Another reason to never bank with them.
- Contacted by ING's complaints team today. Hoping for good news.

Update 22/11/22:
- Goodwill payment of the total amount credited to my account.
- Said they are reviewing the security breaches that I raised but remained that 'the four-digit access codes are secure and you can change it anytime according to our clause X of blah blah blah'
- Key point is that I have evidence that ING does send genuine text messages with link asking their customers to log-in via the link provided to open the account. Initially they claimed that ING never sends text messages with links.

Financial

Related Stores

ING
ING

Comments

  • scrimshaw on 27/10/2022 - 12:48
    +53

    Do not click on any links in text messages, generally speaking. Your bank will never send you an SMS with a link that takes you to a login page.

    • mariahwerk on 27/10/2022 - 13:16
      +6

      I learned my lesson. I was at work and because of the text coming from the same thread that the legit ING sent to me, I fell into their scam. Normally they come from unknown numbers and I am pretty good at picking it up.

      Just setting this up as a support thread as I suspect some of us will also start reporting this… especially with the new 4.05% interest there was lots of interest.

      • mariahwerk on 27/10/2022 - 13:18
        +1

        Regardless, the fact that the scammer is able to bypass 2FA for new payee and new mobile phone registration is beyond me. Commbank (the bank I normally use) would have sent me messages to verify those transactions first.
        I am going to move my money to the Big4s now.

        • CyberMurning on 27/10/2022 - 13:23
          +4

          please update us of what ING says about "bypass 2FA for new payee and new mobile phone registration" can happened. cheers

          • mariahwerk on 27/10/2022 - 13:58
            +2

            @CyberMurning: the rep said she has escalated to their scam team. I got a 2FA message on my phone "This is the code for mobile banking device registration" at 09:58am. I was actually seeing a patient that time. I never sent anyone or clicked any link for the 2FA to work. And at 10:02am an email came "Thanks, your iPhone is now successfully registered for mobile banking." LOL!?

            • CyberMurning on 27/10/2022 - 14:51
              +2

              @mariahwerk: oh so the system works, you get the code when adding new device… but you werent the one requested it, and you didnt act on it so the code should expire and the device will not get added…..

              gessus that is TERRIBLE.. hmmm wait means yes someone cloned your phone they able to see the code ! omg quick format your phone probably got trojan inside

        • TilacVIP on 28/10/2022 - 09:37
          +2

          Amazing. All the banks I have accounts with require a passcode to be entered for any new account transfer.

          Stopped using ING as they become a non-friendly back in the past 2 years.

      • coxjon on 27/10/2022 - 14:46
        +1

        there was lots of interest.

        4.05% interest to be exact :)

  • ThithLord on 27/10/2022 - 12:49
    +6

    That's rough, mate.

    2FA via text has always been known to be pretty poor, easy to by-pass (I don't know how though). I hope they reimburse you promptly.

    • Sleeqb7 on 28/10/2022 - 10:21

      It's interesting, banks have insurance for this sort of things for their customers, right?
      But given OP opened the link and functionally provided their account credentials to the other party, I wonder if that would void the coverage for it?

  • xazark on 27/10/2022 - 13:00
    +6

    sorry this happened to you it really sucks when you become victim of a scam its an awful feeling. Unfortunately I believe these types of things in Australia are only going to get worse over the next 6-12 months with all the data that has been accessed in the last few months..

  • [Deactivated] on 27/10/2022 - 13:11
    +3

    This is a common scam unfortunately. There was an ABC news article on it a while back - similar thing happened to a woman with a CBA account I think. I remember being surprised that they could make it look like the text was coming from your bank, it makes it so hard to realise it's a scam.

    ID Care has some good guidance on what to do to prevent further damage. https://www.idcare.org/fact-sheets/sms-scams

    • peter05 on 28/10/2022 - 19:03
      +3

      not victim blaming but it is never a good idea to try and secure your system with fundamentally insecure communications methods (sms/phone)

      it wasnt until just maybe 5 years ago that voip providers stopped letting you spoof numbers in sms sending field

      banks should shoulder some of the blame as ss 2fa is no more than just another hurdle to jump rather than a real wall/door

  • Unorthodox on 27/10/2022 - 13:15
    +6

    ING doesn't have outbound fast payments for above $1k so you may still be able to have it and any other transfers held.

    • Some Human on 27/10/2022 - 13:27

      Thanks for the info, I was wondering what their osko limit was.

      • Neoika on 27/10/2022 - 13:39

        It seems to be $1k per day, the same as Virgin Money. If it is over, standard transfer mode applies.

    • mariahwerk on 27/10/2022 - 13:45
      -1

      The scammer did a number of transactions under $500 to bypass this.

      • Neoika on 27/10/2022 - 13:55
        +3

        No, the 3rd lot of $500- probably won't be Osko transfer.

        • mariahwerk on 27/10/2022 - 13:57

          The other ones the scammer did by changing my address book (my real estate agent trust account) to their account and the transfer was instant.

          • DoctorCalculon on 27/10/2022 - 19:08
            +5

            @mariahwerk: The point you seem to be missing is that the total OSKO outbound limit is $1K per day per ING account. This is not changeable even if you ask ING.

            Any amount over this threshold will be a slow (non-OSKO) transfer. So, your loss from OSKO should be limited to $1K if you can get onto ING fast enough to stop the remaining transfers.

            • mariahwerk on 30/10/2022 - 00:10
              +1

              @DoctorCalculon: The first two were Osko under 1k. The last two were actually transferred to an account with an ING bsb. I called half an hour after the transfers (only looked at my phone then) and even that they said they can’t do anything about it “it’s more complicated than just stopping it” and it’ll take 45 calendar days for an outcome.
              I took all my money away from ING after this response.

              • Chandler on 06/01/2023 - 09:48

                @mariahwerk:

                I took all my money away from ING after this response.

                I'm surprised they didn't block that transaction to ensure its validity.

  • Guybrush57 on 27/10/2022 - 13:15
    +6

    I don't know how fake but genuine looking correspondence can be dealt with but I think ING should reimburse you for their poor security regarding 2FA.

    • DoctorCalculon on 27/10/2022 - 19:11
      +2

      regarding 2FA

      I don't think there is any 2FA from ING.

      I tried it now. Completely new browser + VPN from USA. All you need is account number and access code, and you are logged in.

      • mariahwerk on 30/10/2022 - 07:50

        2FA is required for new phone registration. They used the phone app instead of internet banking because I received a mobile registration request.

        • DoctorCalculon on 30/10/2022 - 10:44

          For either channel, 2FA is broken. Otherwise, the scammers would have been stopped in their tracks.

  • CodeXD on 27/10/2022 - 13:21
    +8

    Unsupecting anything I clicked on the link in a frenzy in fear of someone taking my money, without realising it's a dodgy link.

    This is on you.

    • Muzeeb on 27/10/2022 - 13:29
      +8

      Yep. Banks make it very clear. Never log in via a provided link. Always type in the bank URL or use the app already installed on your mobile device.

  • Some Human on 27/10/2022 - 13:25
    +6

    Sorry to hear that, man.

    I'm not going to victim blame, but next time just go directly to their website. If there's a legit breach, it would likely be in the account messages.

    One time I had a suspicious email from ebay asking me to verify my identity and update my details. It came with a link. I didn't click the link, but went directly to the ebay app. I had the same message on there from ebay. And one the web browser. I was still suss about it and refused to obey the email. Then they kept sending the email. Then they locked me out of my account. Turned out the email was legit. I obeyed it (through the ebay website) and my account was reinstated.

    Still can't believe they would actually ask for these things in a provided link. Most businesses will make you go directly to the website.

  • Yoo on 27/10/2022 - 13:32
    +3

    Can you share a screenshot that shows the scam message with the other legit ING messages? Of course hide any personal info and the scam link. I want to show my parents how some elaborate scams work.

    • mariahwerk on 27/10/2022 - 13:41

      Don't know how to upload an image to OzB.

      The message says "You just logged in on a NEW device. If you did NOT login, go to: login.au-my-acc.net to cancel."

      The message above this scam message is an authentic ING message telling me my legit client number when I signed up 4 weeks ago. However if you lclick on ING as a contact, no number shows up. That's when I knew I (profanity) up.

      I know, how stupid that heated moment I didn't even bother to check the link address.

      • Twix on 27/10/2022 - 14:06

        Always delete legit text messages from banks to avoid scam text messages coming through in one chain. Save your client number elsewhere.

      • bamzero on 28/10/2022 - 12:12

        OzBargain file upload

        Its very easy for them to spoof phone numbers as you've seen, but yeh the dodgy links usually give it away if the bad English doesn't.

        I admit I've almost been caught out once when they got lucky with their timing and received a message right in the middle of doing something with that bank that seem somewhat related. They tried a bit harder with the URL in that case too and it almost looked legit.

    • Twix on 27/10/2022 - 13:58
      +2

      The scam text message looks similar to this. Adelaide man enlists help from former South Australian senator Nick Xenophon after losing $36,000 to scammers. Never click on links sent in text messages.

      Types of Scams

      • Yoo on 27/10/2022 - 14:53
        +3

        Thanks! That's what I was looking for. These scammers are getting good. I'm tech savvy and I nearly got caught once. I can't imagine how many people are getting scammed and don't even realise it.

    • Ughhh on 11/11/2022 - 11:03

      https://files.ozbargain.com.au/upload/42072/99397/screenshot…

      I got same message as Op, though mine went straight to spam box. I've never had an account with ING.

  • Hardlyworkin on 27/10/2022 - 13:50
    +1

    Thank you for sharing Op. Sometimes I wonder how people fall for scams though not my thoughts on this one.

  • lenspizza on 27/10/2022 - 14:15
    +6

    Just so people are more aware, you absolutely cannot trust the "From" number on text messages. You also can't trust the "Caller" number on phone calls, or the "From" address on emails.

    To understand why you need to think of those paper letters people used to send. The sender can put anything under "senders address", no one along the path can verify whether its correct or not.

    So unless you initiated an action, you should never click on links in SMS or Emails. And if you receive strange requests make sure you pick up the phone and check with the person directly. It's far too common for scammers to email receptions "from" the CEO, asking for an emergency payment.

  • brendanm on 27/10/2022 - 14:17
    +2

    login.au-my-acc.net

    That's not an ing site though.

    • jorf on 27/10/2022 - 14:44
      +4

      They are using other similar addresses too. I reported acc-ref.com a few days ago for running this scam and the registrar took that site down.

      • brendanm on 27/10/2022 - 15:26
        +4

        I suppose my point was that it's glaringly obvious that it isn't from ING.

  • o53djz7qTPY4der on 27/10/2022 - 14:23
    +1

    I recently received 2FA codes from ING. I also bank with them. I had not requested the codes. I tried to call ING but couldn't get through. I ended up sending a message on internet banking. It took a week of back-and-forth before somebody called me and said "yes, we have records of somebody with an Indian IP trying to make transfers and use your card."

    Needless to say, I was annoyed at the time it took for them to deal with it - notwithstanding the fact that I couldn't get through on the phone. But moreso, the first exchange in messages they said "totally normal, you requested them".

    • mariahwerk on 27/10/2022 - 18:17
      +3

      This is what should’ve happened. The fraud should’ve stopped at 2FA because I had it activated and I have the phone with me. Instead somehow they bypassed it and set up their phone with my account without the code.
      ING has some serious banking security breaches going on here.

      • DoctorCalculon on 27/10/2022 - 19:16
        +2

        ING has some serious banking security breaches going on here.

        I would say more security holes than any other bank that I have dealt with.

        Here is a glaring one. When they send out your debit card in the mail, your client ID is clearly listed in the letter along with a whole bunch of other identifying details.

  • unfunkable on 27/10/2022 - 14:24
    +4

    Wow, sorry to hear OP.
    I got exact same message on Tuesday. I was actually freaking out that someone had gotten into my account and was xfering funds out!
    Lucky, I was at work, and logged onto my work PC and everything looked fine. No new payee in address book, no message in the inbox, and then it pinged it was a scam.
    I consider myself a veteran at picking scams, and this one looked pretty damn good - what got me was this point : Scammer somehow able to mask their sender end into ING's number or conversation.

    Also, they prob got your SMS 2FA message when you entered it into their website

    • netjock on 27/10/2022 - 14:38

      logged onto my work PC and everything looked fine

      Or check your phone app to check if there is movement of funds.

      Also have the bank phone number in your contact list and call them (not taking calls from that number)

    • mariahwerk on 27/10/2022 - 18:18
      +1

      The phishing link also asked for my client number and access code, no 2FA request.

      • unfunkable on 27/10/2022 - 21:04

        Oh wow…hmm
        Did ING say how they managed to xfer the funds ?
        When ever I add a new contact I am asked for a phone code…well at least I am sure I do

        • mariahwerk on 29/10/2022 - 19:14
          +2

          Apparently 2FA only applies for new payee when you are on the webpage, not for the banking app. I tried it myself, and once you registered your phone, you can Pay Anyone or Edit Address Book without 2FA. Big loophole and when I told them they don't seem to care!

  • aneil915 on 27/10/2022 - 15:23

    Thanks for letting everyone know. This has me thinking about moving away from ING. I'll need to look into a bank with better 2FA and a good interest rate

  • ECE on 27/10/2022 - 18:32
    -3

    This is an old basic scam that still works. If you look closely to the email address before you had clicked it then you could had picked it up.
    Hope you get your money back.
    Think before you click 🙏🏿

    • kerfuffle on 27/10/2022 - 22:16
      +8

      Maybe you need to look closely as well as it wasn’t an e-mail.

  • MeesusEff on 27/10/2022 - 19:13
    +1

    The spoof won't just be with ING, I had the same with ANZ, I just ignore it

    • DoctorCalculon on 27/10/2022 - 19:22

      I received a similar phishing attempt on the official AUSPOST SMS ID.

      Even though it was right underneath a legitimate package delivery message, it was very easy spot due to:

      a) their terrible English
      b) I wasn't expecting any parcels. Nice try, scammers!

      • MeesusEff on 27/10/2022 - 21:10
        +2

        Haha i like to spot how many grammatical and spelling errors are in the scam sms and emails. Even punctuation gives it away. I've actually never seen a perfectly written scam sms/email so far

        • DoctorCalculon on 27/10/2022 - 21:22

          Agreed. If the "Click Here" link doesn't give it away, it is always their rubbish English.

      • Benno007 on 28/10/2022 - 13:47
        +1

        Same thing happened to me recently but there was no grammatical errors, and I was expecting a parcel… so was wondering if the delivery company is sharing details with scammers…

        • 7ekn00 on 04/01/2023 - 20:53

          I like to click the links and add hundreds of fake ID/password combos just to keep the scammers on their toes ;)

          Scammers get paranoid with fake attempts as the banks log and investigate too many of them!

  • MeesusEff on 27/10/2022 - 21:21

    My husband clicked on a link once because he was curious to see what the site looks like. Luckily he doesn't have any banking apps on his phone. But do you actually need to 'login' the fake links to get scammed or is clicking the link itself bad enough for spyware or something to be installed?

    • CyberMurning on 27/10/2022 - 21:27

      Well the scammer could install something and they can listen to your husband private conversations that may involves financial. Good luck.

    • Twix on 27/10/2022 - 21:48

      Clicking the scam link can be enough to trick you into installing malware apps. Read this article about the flubot scam.

    • bulletmark on 28/10/2022 - 08:03
      +2

      Simply clicking on a link won't cause a problem, contrary to what mainstream media says/implies. Just don't then start entering personal/account/login details on whatever site that link leads you to.

    • BigBirdy on 28/10/2022 - 10:19

      I often click on these dodgy links, just for a look, and sometimes I put in false username/password to waste their time. I never do it from a Windows PC (it's higher risk than a phone or tablet) and I've never had a problem, but there is a very low risk a dodgy website might have an exploit into your device, but it really is low nowadays. Country security services is another matter …

  • vince088 on 27/10/2022 - 22:55
    +1

    its not just ING, mum got scammed into a commbank looking one too.

    Luckily we got the money back (3k)

    • MeesusEff on 27/10/2022 - 23:07

      Did she login through the fake link? My mum was telling me how she knew someone who lost $33k just from clicking a link. I'm like… Yeh… Nah she totally logged in. But obviously she's not going to admit that since that's saying bye bye to the money

    • mariahwerk on 28/10/2022 - 05:33

      Can you share how she got her money back?

      • vince088 on 28/10/2022 - 06:54

        Call your bank asap and report the scam, bank will try freeze the bank account it was transferred to, to recover the funds.

        • mariahwerk on 28/10/2022 - 07:06

          ING said they’re osko transfers so they could only recall it, but up to the other end to accept the recall. Kept saying because I gave them the details it’s harder. Kept avoiding talking about the 2FA fail.

          • LFO on 28/10/2022 - 15:23
            +3

            @mariahwerk:

            ING said they’re osko transfers

            Interesting you mentioned $2000 was transferred.

            My ING account only allows $1000 via "instant" Osko. Anything above that amount is delayed ~12 hours.

            Is this your case? Is your account somehow different?

            • mariahwerk on 28/10/2022 - 18:47

              @LFO: 4 lots of under $1000 payments transferred to 2 different accounts (one ANZ one ING). There were "instant" according to ING records. The scammer clearly knows >$1000 will take longer.

              • mariahwerk on 28/10/2022 - 18:48
                +1

                @mariahwerk: The $2000 daily limit was reached (for my rent payment) therefore the scammer could not withdraw further luckily.

  • SteveB00 on 28/10/2022 - 08:51
    +2

    Everyone’s talking about 2FA but when I searched the ING site, I could find no way to add 2FA to my accounts. You can add it to a NEW account when applying but, as far as I can, see exisiting customers aren’t catered to. Did I miss something?

    • vince088 on 28/10/2022 - 12:38

      Im a ING customer from 2017 also dont have f2A

  • Mugsy on 28/10/2022 - 09:23
    +4

    I don't even trust legit SMSes from Auspost!

    Never click on links in SMS messages.

  • 2026 on 28/10/2022 - 10:20
    +1

    Sorry to hear that, it is very easy to be taken in. Similar thing happened to me – I received a text from Amazon from the same number that I had previously received Amazon verification texts. This was clear from my phone records. I rang the number and the person was able to give details of my past several Amazon purchases (Kindle books I had bought). She said there was a suspicious transaction and I needed to reset my password.
    I almost provided them with the code they then texted to me, but simultaneously I decided to ring the bank to find the transaction. Fortunately the bank security immediately said DO NOT provide this code, you are a few seconds away from losing$15,000. This happened about a year ago, I didn’t know text/phone number masking existed – but it definitely does. Be very, very careful. NEVER, EVER SHARE a code that is sent to you by text message.

  • jonkvh on 28/10/2022 - 10:56
    +2

    This is why I regularly clean out my SMS/Messages of corporate texts especially since they appear in a threaded/conversation style on the phone.

  • Benno007 on 28/10/2022 - 13:45
    +1

    I recently had the same issue with a message coming in as ‘AusPost’ into my same conversation thread as legitimate auspost texts, coincidentally on the day I was expecting a package. Was definitely a scam as the link wasn’t right.

    Phone companies should verify numbers from financial institutions with like a blue tick like Instagram lol.

    • AaronRain on 29/10/2022 - 08:54

      I also had an AusPost one sent, but it was separate from the legitimate one I usually get and I was also expecting a package from eBay.

  • oO0Dam0Oo on 29/10/2022 - 11:54

    Received the same masked messages from Citylink/Linkt yesterday. Same number I had previously received legitimate SMS from.

    The fact some banks still have SMS MFA is insane.

  • gromit on 29/10/2022 - 12:22
    +1

    simple rule never trust an SMS, that goes double for a link in one. Phone numbers are easy to fake and phone sims to be duplicated or potentially churned. If your bank only relies on SMS you should find yourself a new bank.

  • Herbse on 29/10/2022 - 12:29

    ING have 2fa though?
    You didn't have it activated?

    • Friendly Troll on 29/10/2022 - 15:59
      +1

      ING has weak 2FA. Using a physical security key to login is the best or using single-use codes generated by mobile apps. ING has neither.

    • DoctorCalculon on 30/10/2022 - 00:20

      ING have 2fa though

      LOL!

      ING 2FA is horribly broken. I have reported this security issue to them a long time ago, and it is still not fixed.

      I also asked them to allow me to change to a 9-digit PIN for my access key. They said it cannot be done.

  • iLikeSales on 29/10/2022 - 12:32
    +1

    I always go to the websites by myself never click through anything. I have ANZ messages before and called them up asking why they keep sending me messages and it wasn't them.

    ALWAYS go to the websites by yourself.

  • htc on 29/10/2022 - 13:09
    +3

    Thanks op for alerting us.

  • ipiok on 29/10/2022 - 13:24
    +1

    I suggest changing to a bank that does 2FA via authentication app and not just SMS, jesus.

  • Quagles on 29/10/2022 - 14:09
    +1

    I'm curious what can be done to help educate people not to click links in sms or emails. I thought it was common knowledge by now. I still get "spam" emails from my banks often to not click on links and they won't send links.

    • mariahwerk on 29/10/2022 - 19:12
      +1

      It's a slip of mind when emotions took over "God people are in my account! Gotta act fast" Fight or Flight response. I usually never click any links on SMS.

      • gromit on 29/10/2022 - 20:56

        which is exactly the behaviour scammers have targeted for years. No offense but I highly recommend going and reading a little bit about scams and researching secure MFA (which SMS does not fall under). Find a bank with a secure form of MFA and have a read through https://www.scamwatch.gov.au/

        • kiitos on 31/10/2022 - 12:44

          What is it about SMS that makes it less secure than an authenticator app?

          • gromit on 31/10/2022 - 14:23
            +1

            @kiitos: The source phone number can be faked, many phones show the SMS on the front screen so subject to shoulder surfing, the phone sim can be duplicated meaning the scammer can receive the SMS, your phone number can be churned meaning again the scammer can potentially receive the SMS. SMS was never meant as a security mechanism and is inherently unsafe to use as one, it is better than nothing at all but if you are going to the effort of a 2nd factor then use one that isn't so fundamentally broken security wise. an authenticator app isn't subject to these attacks (that doesn't mean they are all perfect either, but they are a significant step up).

  • Herbse on 29/10/2022 - 16:16

    Get onto Up Bank.
    All app based, everything is authenticated on your phone with biometrics and password, instant notifications for every transaction in and out and any changes to the accounts.

    • samfisher5986 on 31/10/2022 - 13:58
      +1

      But you've failed to mention their 2FA method.

  • ECE on 30/10/2022 - 08:31

    login.au-my-acc.net

    There is no way this URL is ING 🤔

  • Hearthstone on 31/10/2022 - 13:54
    +1

    get rid of ING that is a huge security risk, go with Macquarie or some other better banks with apps based 2FA
    even without scam message anything that don't provide 2FA is a no go zone these day

  • aneil915 on 31/10/2022 - 14:06

    I have a 4 digit access code but I thought I seen somewhere that you can have a 6 or 8 digit access code. Apparently not and I asked them about 2FA at the same time for their website.

    From ING

    We don't have the option to extend your access code, I apologise.

    Having said that, we do have two-factor authentication available on the website. You log in initially using your confidential access code. If you are making any changes to personal details or higher risk transactions (e.g. external transactions, BPAY's, etc.), you are generally required to receive and confirm a SMS security code to proceed.

    I do apologise for any inconvenience caused, I will lodge feedback on your behalf.

    • Hearthstone on 31/10/2022 - 14:23

      not good enough get rid of them seriously, SMS based can be intercept or phone get port out etc…

  • goodfella on 31/10/2022 - 22:53
    +3

    Raised a complaint to ING demanding to implement app-based 2FA ASAP due to recent cyber attacks in Australia and the increasing number of scams targeting ING clients. My complaint won't change anything, but what if we get the ING complaint team "Ozbargained" if you guys know what I mean?

    • mariahwerk on 01/11/2022 - 16:35

      If anyone here is an ING customer, PLEASE file a complaint and send them a link to this post!

      • KiwiTheGreat on 06/01/2023 - 16:33
        +1

        Done. A complaint filed with ING.

Login or Join to leave a comment
Login Join