The National Australia Bank (NAB) faces the mammoth task of re-educating its more than 8.5 million customers after announcing that it will fight scammers by stopping the inclusion of clickable links in “unexpected” text messages it sends to customers.

The bank – which sent around 112 million text messages to customers last year alone – has long included clickable links to guide customers to help where, for example, their accounts are overdrawn or a new debit card has been posted.

Such messages are often spoofed by scammers sending ‘smishing’ messages in which they claim to be the bank, typically including a link that either loads malware onto the customer’s device, connects them to a criminal posing as a customer service representative, or directs them to a lookalike site that asks for the customer’s banking, financial, or personal details.

By completely removing links from its official messages, NAB CEO Ross McEwan said in announcing the change, the bank was working to “make it as simple as we can for customers to know whether a message from NAB is legitimate.”

“If you get an unexpected text message that looks like it’s from NAB and it contains a link, don’t click on it,” he continued.

“We want to make it as hard as possible for these criminals to steal money from hard-working Australians.”

Instead of including links, text messages will carry written advice that customers go to the NAB website, call the bank, or log onto their Internet banking or app to take a specific action.

The average loss to scams is $569 but businesses are losing an average of nearly $20,000, according to a recent NAB Economics study.

One victim saw her NAB accounts drained after she clicked on a text message link and was put through to someone who claimed to be from NAB’s fraud team – and requested her online banking credentials to assist her with a purported issue.

Even as her money was stolen, the real NAB fraud team had detected the activity and was trying to get through to her at the same time.

Getting proactive about scams

The change is the latest of 64 anti-scam projects now completed or underway across the bank, which has added over 50 new employees to its anti-fraud team in the past nine months.

Earlier this year, NAB partnered with telecommunications firms to put scam caller numbers onto a ‘do not originate’ list that, the bank has said, cut the volume of scam calls in half and reduced customer losses by 70 per cent – and cut reports of NAB-branded spoofing scams by 29 per cent this year alone.

NAB has issued regular customer scam updates, and in April launched a major educational campaign to make customers think more objectively about the messages they receive.

Smishing scams are by far the most frequently reported to the ACCC Scamwatch service, with more than 53,600 such messages reported between January and May this year – with total reported losses of $13.1 million.

That is on track to exceed last year’s 79,835 reported smishing scams, which took $28.6 million from unsuspecting Australians amidst total reported scam losses of $568.6 million.

Despite being a perennial target for scammers, NAB is far from the only company that is being spoofed: online retailers, in particular, regularly see smishing activity spike during the mid-year sale season, with the proportion of scams reportedly causing financial losses increasing from 35.9 per cent in 2021 to 47.5 per cent this year.

Even as NAB works to re-educate its customers that a legitimate text message from the bank will never include a link, Ewan warned that “transnational, organised crime gangs… will always look for new ways to rip people off.”

“While we’re doing whatever we can…. we continue to encourage all Australians to stay alert, curious, and educated.”