Security and Fraud - CUA

Security and Fraud

Customer rating


While CUA has been active in fighting fraud on a number of fronts, it is important that our members partner with us to reduce the likelihood of fraud on their accounts. It’s therefore appropriate to remind members of some basic precautions that should be taken to protect your money.

Security tips

Here are some general tips on how to protect yourself against fraud:

  • Notify CUA as soon as possible when you change your address or contact details, by visiting your local CUA branch or phoning CUA Direct on 133 282.
  • Always check your statements carefully and report any unauthorised transactions to CUA immediately.
  • If you receive a telephone call from a person claiming to be a CUA staff member requesting your card number and/or PIN or your Online Banking logon and/or WAC, do not give this person any information as CUA staff will not ask for these. Do not disclose personal or account information over the phone unless you are comfortable that you are speaking to the credit union.

If you have any other queries, please contact us on 133 282 or visit your local CUA branch.

More detailed fraud security tips:

  • Shred financial documents/receipts and any document that shows your name and address before putting them in your garbage. Read more under identity fraud.
  • Never reply to any emails asking for personal or account information, especially purporting to be from a financial institution. CUA will never send you an email asking to confirm account details. Read more under hoax emails.
  • Remember that if something offered to you sounds too good to be true, it usually is. Read more under scams.
  • Report lost/stolen cards and/or chequebooks immediately. Read more under cheque books.
  • Ensure that no-one can observe you entering your PIN when using the ATM. Read more under card fraud.
  • Ensure you have current anti-virus and anti-spyware software installed on your computer, and that it is kept up-to-date. Read more under internet banking fraud.
  • Make sure you are using the latest operating software on your mobile devices. To check if a software update is available for your iPhone, iPad or iPod touch, go to: Settings > General > Software Update. On Android devices, go to: Settings > About Device > Software Update > Update.

Internet Banking Security

Internet banking fraud occurs when someone uses your details to access your account in Online Banking, and removes funds from your account illegally and transfers those funds to another account, often with a different financial institution. Access to your logon details is usually made possible through techniques such as phishing emails.

The following tips will help protect you against internet banking fraud:

  • Ensure you have current anti-virus and anti-spyware software installed on your computer and mobile devices, and that it is kept up-to-date.
  • Never divulge your password or web access code (WAC) to anyone.
  • If you have accidentally given out any personal information, change your password on Online Banking immediately and report the matter to CUA Direct on 133 282.
  • Always type your financial institution’s web address into your browser when using online banking — never use a link that has been sent to you by email as this may lead to fraudulent websites.
  • Always log out from your internet banking session when you have finished and remember to close your browser.
  • Make sure you’re using the latest operating software on your mobile devices. To check if a software update is available for your iPhone, iPad or iPod touch, go to: Settings > General > Software Update. On Android devices, go to: Settings > About Device > Software Update > Update.
  • Regularly check your account balances and immediately report any discrepancies to CUA.
  • Never reply to any emails asking for personal or account information, especially purporting to be from a financial institution. CUA will never send you an email asking you to confirm account access details. Please forward any emails of this nature to CUA
  • Change your Online Banking Access Code (WAC) on a regular basis to avoid fraud if someone has learned your code.
  • You can set up some of the security features, including alerts, that are available in Online Banking by clicking on one of the menus listed under the Services section on the left hand side navigation bar:

Online Banking

The ‘Help’ button will assist you with any of these security or activity features.

These menus will allow you to make the following updates to your account:

  • Personal Details - allows you to update your personal information such as your email address or mobile number. Please note that to update your personal details, you’ll be asked to enter the security code sent to your previously registered email address or mobile number.
  • Change WAC - allows you to change your Web Access Code (WAC).
  • Alerts - allows you to register for CUA's SMS banking service to be notified by SMS for a range of alerts.
  • Reorder Cheque Book - allows you to reorder your cheque books via a preformatted order form which is sent via secure email to CUA direct.
  • SMS Banking – allows you to manage the accounts you wish to view on SMS Banker

There are many more important safeguards that you can take to protect you and your family against fraud. The Australian Government has an excellent website that provides detailed information on online safety and security - visit Stay Smart Online.

Identity fraud 

Identity fraud can happen in many ways. It can range from someone using your credit illegally, to having your entire identity assumed by another person and business conducted in your name without your consent.

There are some very simple processes which will assist you in preventing identity theft:

  • Shred financial documents/receipts, and any document that shows your name and address before putting them in your garbage, to protect your account/personal information.
  • Lock your letterbox securely to avoid your personal mail being stolen. This is one of the most common ways that thieves gain the personal details of their victims.
  • If your mail is stolen, report this to CUA and any other financial institution you use so a warning can be placed on your account to protect against someone impersonating you by using this information.
  • If you live in a shared property basis (boarding or renting with others etc), lock your personal documents in a security drawer or cupboard to prevent someone else obtaining them.
  • Be cautious of all offers that seem too good to be true. Any offer of large commissions or winnings should be checked out very carefully with the authorities in Australia.
  • Ensure you choose passwords that are not easy for someone to guess, such as your date of birth, pet’s name, favourite football team, etc.

Signs of identity fraud

These can vary, but some typical signs that your identity is being used unlawfully are:

  • A financial institution informs you they have received an application for credit that you have not applied for.
  • You receive phone calls or letters advising that you have been denied credit that you have not applied for.
  • You receive bank, mobile phone or credit card statements or notices in your name, of which you have no knowledge.
  • You notice that you no longer receive your bank or credit card statement or you notice that not all your mail is being delivered.

What can you do?

If you believe that you have had personal papers stolen, or have become a victim of identity theft, notify CUA Direct as soon as possible on 133 282 or visit your local CUA branch so a note can be placed against your membership. You should also advise any other financial institution that you bank with so they are aware of the situation.

Any instance of identity fraud should also be immediately reported to your local police.

In addition, consider contacting Veda Advantage, a credit agency, to obtain your credit history report so that you are kept fully informed of any unauthorised activity on your own file. Veda Advantage can be contacted via their Customer Service Centre on 1300 762 207 or at

Card Fraud

ATM Skimming

Protect yourself – know the signs of ATM skimming

A high-tech scam known as ATM card skimming is becoming more common throughout Australia.

Criminals install a skimming device over the ATM card slot, so data can be recorded from a credit or ATM card's magnetic strip. A pin-hole camera may also be installed to record pin numbers being entered into the ATM. 

Once the criminals have skimmed your card, they can create a fake or ‘cloned’ card with your details on it and use it to make transactions from your account.

We all work too hard for our money to have it stolen from us. Here are some simple steps you can take to protect yourself.

1. Know what to look for
Familiarise yourself with your local ATM and always check for abnormalities such as extra plastic panels, hidden pinhole cameras, loose fitting components and scratches, adhesive or tape holding components on.

Also be on the lookout for people in the vicinity of the ATM behaving suspiciously.

2. Protect your pin
Use your hand as a shield when entering your pin, never disclose to anyone and regularly change it.

3. Check the keypad
Some criminals use keypad overlays instead of cameras to capture pins. These devices record keystrokes electronically, so check for anything that seems to have been placed over the top of the keypad that moves, seems unusual, or does not match the ATM.

4. Know your balance and regularly check statements
Always know your current balance and regularly check your statements for unauthorised transactions.

You can securely check your balance anytime, day or night, using either online banking or on our free mobile banking app. You can also set-up automatic email and SMS alerts for instant notification when a transaction is performed that produces a receipt or a foreign logon attempt is made and your Website Access Code (WAC) is deactivated.

5. Contact us immediately
Immediately contact us if you believe your card has been skimmed or if you suspect a card skimming device has been attached to an ATM.

Card Fraud

There are many different forms of card fraud. The most common is that someone obtains your card details and uses them over the phone or online to make large purchases in your name.

To protect yourself from card fraud, follow these recommendations:

  • When you first receive your new ATM or credit card, sign it immediately upon receipt.
  • If the card is a replacement, ensure you cut up or shred the old card once it has expired.
  • Always memorise your PIN and shred the letter that advised you of this number. At no time should a PIN be kept as a written record and retained together with the card, even if you attempt to disguise it within another number.
  • Never disclose your PIN to another person.
  • Do not select a PIN that is a date of birth.
  • Ensure that no-one can observe you entering your PIN when using an ATM. Check that no-one is looking over your shoulder or standing close behind you. If they are, simply ask them to move back or walk away from the ATM until after they have used it.
  • Always shield your PIN when entering it into an ATM by holding an item over the keypad such as your purse, newspaper, hand, etc. If the ATM has been targeted by scammers it may have been fitted with a camera aimed down to the keypad to fraudulently capture your PIN.
  • If you believe an ATM has been tampered with, do not use it. There will be a phone number located on the machine for you to ring to report your suspicions to the ATM owner.
  • Ensure the ATM transaction has been completed before walking away, as sometimes after taking your cash ATMs ask if you would like to complete another transaction. Note any narration on the screen to ensure that the transaction is fully completed.
  • Card receipts should never be discarded into a public area (i.e. street garbage bins). Nor should they be placed in your own garbage bin without being shredded to protect any card information.
  • Always keep your card in sight during a transaction. For example, take your card to the cashier at a restaurant instead of putting it with the bill to be taken out of vision.
  • When using your card to make purchases via the internet, only deal with well-known/reputable companies.
  • When making a payment or purchase, ensure that a padlock symbol appears in the right hand bottom corner of the website and that the address commences with https://, indicating a secure operating environment.
  • If you are going overseas, advise CUA prior to leaving so that we can monitor any overseas debit transactions.
  • CUA does not contact members asking for your card or PIN. Report all email enquiries to 133 282 or your local branch.

Cheque books 

Cheque books are like cash, especially if they fall into the wrong person’s hands.

To protect your cheque book, follow these simple tips:

  • Keep your cheque book in a safe and secure place.
  • When you first receive your cheque book, ensure all cheques are present in the book and that none have been removed. Report any discrepancies immediately to CUA.
  • Never pre-sign cheques.
  • Never give a person a signed cheque and ask them to complete the details.
  • When posting cheques in the mail, cross the cheque 'Not Negotiable' and, where. possible, send it in a plain envelope rather than a window faced one.
  • Do not use pencil to write your cheques. Use a biro or felt tip pen.
  • Make sure that you fill out cheques and forms carefully so that they cannot be easily altered. Always cross cheques, marking them ‘not negotiable’ and make sure the payee is correctly identified. When filling in forms, place a line through unused spaces.
  • Always check your statements for any discrepancies.
  • Always report any lost cheque or cheque book immediately to our helpful staff at CUA Direct on 133 282.

Hoax Emails and Scams

Hoax emails 

Financial institutions in Australia has been subject to various email scams that are designed to compromise the personal information of members in order to illegally obtain and transfer funds overseas.

There are generally two types of emails aimed at obtaining your personal information:

1. Phishing (pronounced fishing) emails

From time to time, emails are distributed claiming to be from CUA. These are in fact fraudulent emails designed to obtain personal information.

These emails ask you to enter a website and then confirm your details. They may also state that specific funds have been debited from your account and that you need to confirm the transaction by clicking on a link and supplying card details.

If you receive this or a similar email pertaining to CUA, please do not follow any of the links, but report these to CUA by forwarding these emails to

If you have accidentally given out personal information regarding your account details, please change your password on Online Banking immediately. If you are unsure how to do this, or have any other queries, please contact our helpful staff at CUA Direct on 133 282 and they will assist you.

It is very important to note that no financial institution, including CUA, would ever ask you to confirm your identity or supply your passwords via email.

2. Virus or trojan emails

These emails come from senders who are usually unknown to the receiver. They contain links or attachments that may download and install malicious software (malware) onto your computer. These emails can have subject headings such as “The queen is dead” or “Win tickets to a concert”, or such subjects to catch your attention.

If you click on a link in these emails, or open an attachment, the malware will try to install itself automatically on your computer, though this could be blocked if you have the appropriate software security updates installed on your computer. However, some of these viruses are even programmed to uninstall your anti-virus scanner prior to downloading these viruses.

If you have already actioned an email by clicking on the link, or you notice that your computer has become slower and you have other icons on your computer that you don't remember downloading, these are signs that your computer has been infected by viruses.

In this case, have your computer professionally cleaned by a computer technician to remove any viruses/spyware that may have been downloaded, and have them install the latest anti-virus and anti-spyware software.


While there are numerous scams that have been active, it would be impossible to note every one of them. Just remember that if the offer seems too good to be true then it probably is.

Some of the more common scams are listed below.

Employment scams

Online fraud depends on people who are prepared to launder money, commonly called money mules. The ads can appear on major employment websites, or via email, offering stay-at-home positions with various titles. Victims of this scam are asked to provide their bank account details so the employer’s customers can transfer funds. Often, commission payments are noted instead of wages.

However, the funds have been stolen from other bank accounts in Australia, and they are involving the person who applied for this position in money laundering, which can lead to a criminal record, heavy fines, and even imprisonment.

Nigerian scam

Fraudsters have been sending out letters and emails inviting individuals to participate in a scheme that ultimately turns out to be non-existent. The request could be from a Nigerian “senior civil servant” seeking a reputable person into whose account he can deposit funds ranging from $10-$60 million from the Nigerian government, or from a barrister claiming he needs someone to claim an inheritance from a deceased estate before the government claims the money.

Once the victim becomes confident of the potential success of the deal, something goes wrong. The victim is then pressured or threatened to provide one or more large sums of money to save the “deal.” Once that money is forwarded, the promised funds do not arrive.

Cheque overpayment scam

This scam usually occurs in association with online auctions. A fake bidder offers to buy a product over the internet and sends a cheque for more than the agreed amount. The bidder then contacts the seller and asks for the additional money to be refunded by money order. Once the seller sends the overpayment, the bidder then cancels the original cheque leaving the seller out of pocket.

Lottery scams

Victims of these scams receive a letter or email advising that they have won a large prize from the 'lottery'. In order to collect the prize, they must send money before a certain date to a bank account in the country that the lottery was drawn, to cover the cost of traces, bank fees, delivery and insurance costs.

The winner is asked to keep his/her prize confidential. There is a deadline to claim the money. Once the “transfer process” begins, the victim is informed of various delays requiring the payment of transfer fees, taxes, anti-terror fees, insurance fees, claims agent fees, and other administrative costs that they must pay before the prize can officially be collected.

Remember, if you didn’t buy a ticket in that lottery, you cannot expect to win a prize.

Romance scams

People looking for love online have proved to be particularly easy prey - mainly because dating website profiles provide personal information and preferences that allow scammers to tailor their approach. But "Mr Right" or the Russian bride hopes to dupe the lovelorn into becoming a money-launderer or drug mule.

Like the employment scams, the person is overseas, often in Russia or Nigeria. They ask their “love” to accept funds into their account, stating it is from a relative or close friend that is in Australia, so they can come out and meet the person they have been “dating.” Often the hook is they are coming out to marry them, but need the money for the airfare, but the person who is giving them the money is not able to transfer it overseas.

Again, like the employment scams, the funds transferred have been fraudulently obtained from other bank accounts in Australia.

Be aware of these and other scams, such as spam email, chain letters and persons purporting to be representatives of financial institutions seeking personal information.

Do not give or send your name, bank account details, copies of your passport, birth certificate or any other personal details to anyone unless you are absolutely certain they are legitimate.

    Call 133 282

    Mon - Fri   8:00am - 8:00pm (AEDT)
    Sat - Sun  8:00am - 4:00pm (AEDT)

    Find a rediATM, branch or Mobile Banker