How can we help?
Popular searches


Security at ING

Report a scam
Protect yourself

How you can protect yourself with ING

  • Security tips

    Install anti-virus software on your computer and keep it updated. You should regularly scan your computer for viruses.

  • Online security

    Computer operating systems are complex and vendors regularly release patches to fix security weaknesses. You should regularly check and update your computer's software by running the update software functions provided (e.g. Windows Update or updates tab in Mac OS App Store).

  • Protect your identity

    Be aware of phishing emails, social networking websites and online shopping; also securely dispose of papers with personal details.
    If personal or payment information is requested, consider if you should proceed.

  • Secure online banking

    Protect your Access code, update your details with ING, check your statements and report vulnerabilities.

Security alerts

Latest security alerts

We'll update you with latest common security alerts

Fixed Income Government Managed Fund Scam - 15th Oct 2021

Scammers are pretending to be ING and promoting fixed income government bonds. This is an investment scam. So please keep your eyes open and tell your friends too.
To reduce your risk of being scammed make sure you check…

the email address to see if it matches the company name (if not, beware)

if the email comes from a non-corporate address like Hotmail or Gmail

if there are spelling mistakes or the information doesn't make sense

if the investment returns seem too good to be true (if so, they probably are)

the company's website through Google and don't click on links contained in emails

ASIC or APRA's websites for warnings about particular scams.

Finally, if you feel pressured to make a payment or lock in an investment immediately – don’t. Call us to confirm on 133 464.

Find out more



How to keep yourself safe from scams and fraud

How to keep yourself safe from scams and fraud
  • Scammers can be very convincing - they can pretend to be from your bank, the government, police, charities, financial advisors, international lotteries, travel agencies and service providers, like for your electricity, internet or phone. They can contact you using emails, phone calls or text messages and try to get personal information about you that they can use to access your accounts. For more guidance, please refer to the latest information from the Australian Banking Association (ABA) below:

    Find out more

  • Received an email or text message with a link?

    Don't click on links from emails or text messages. ING will never send an email or text message asking you to confirm your account details or login details. This includes log in for phone and internet banking.

    If you want to check on your accounts, log in directly through our app or our website – don't click on links from emails or text messages to log in or use the phone number mentioned in the email unless you've confirmed through publicly available sources.

    If you want to verify the legitimacy of the email, it is best to locate the phone number for the company through a trusted source (such as verifying it on their website)

    From time to time ING may reach out to customers to update their details. For more information on KYC click here

    Does it make sense?

    Government agencies and other legitimate businesses will not send you a link asking you to update your details. Also avoid opening attachments from people or companies you don't know or aren't expecting to contact you. Be aware and think about what's being asked for – does it make sense?

    Unsure about something?

    If you're unsure about something to do with your account, you can call your provider directly via their publicly listed number to check on your account.

    What are you being offered?

    Do your homework! If something looks too good to be true or you are invited to invest, make sure you research the investment and weigh up the risk before committing to anything.
    Scammers can appear to be legitimate entities and they often will make an offer which looks too good to refuse.
    Check out the company's online reviews or for any reference to the company being linked to or suspected of being a scam.

    Has a company asked to remotely access your computer, device or mobile?

    Be vigilant. Were you expecting to receive a call or be contacted by this company; asking for a second opinion from a trusted expert (not associated with the company) can be an important step in assessing the risk.
    Important personal information is stored on your computer and allowing remote access can make the information visible to the third party.

    Requests to download new software or allow access?

    Do not download any software or allow access to your computer unless you are 100% certain the person you are speaking with is legitimate. Scammers may access your bank accounts and transfer money without your knowledge.

    Call us immediately on 133 464 if you think you've given a scammer your bank details. You should also call us if you notice any unusual activity on your account.

  • Is it a scam?

    Does the email or text message contain links that look suspicious?

    Does it have an unusual internet address connected to the link?

    Is the email address from the company?

    Does it contain spelling and grammatical errors?

    Scam emails can look legitimate at first glance, so always check. It is common for a phone number to be provided in the email which may also be linked to the scam. If you want to verify the legitimacy of the email, it is best to locate the phone number for the company through a trusted source (such as verifying it on a website).

    Have you received a request to update or confirm your date of birth, tax file number, bank account details or login passwords?

    Have you requested these changes yourself? If you haven't, do not respond or confirm through email – locate the phone number for the company through a trusted source (such as verifying it on a website) and call the company up to check on your account, and think about changing your password yourself. It may have been compromised.

    • Are you buying something online and asked to pay a deposit or pay in full before you receive your product or service? Do your research and make sure that you're buying from a reputable company. Always verify the BSB and Account Number with the issuer before you proceed. ING may not be able to recover funds sent in error, to an unintended bank account, or where there is a disagreement with the person who owns the receiving account.

    Did you receive a call where the caller asks for you to download software or allow remote access to your computer or mobile, for any reason? Hang up immediately. Never give an unsolicited caller remote access to your computer or mobile device.

    First time purchase or investment with a new merchant? Check the company is registered with ASIC or the local government under which they operate. provides information on known scams too. Protect yourself by reading the terms and conditions of the website, including their cancellation, withdrawal or dispute process. Fake online shopping, fake crypto traders and fake investments will disguise themselves and appear genuine.

    Are you being pressured or threatened by the caller? Scammers will often inform you to act fast or miss out. This includes falsely claiming they are assisting you with getting rid of computer hackers or a high return investment opportunity. By using pressure tactics, they are attempting to get you to make a decision you wouldn't otherwise make.

  • If the call is suspicious or doesn't sound right, hang up. Search the company's website and find their number directly. Speak with a representative and check if they have called.

    Don't provide details over the phone, even if you're comfortable with the caller. Tell them you'll ring the company back. Hang up, get the number from the company's website (to make sure it's legitimate) and call back.

    Never share your PIN, mobile security code or passwords. These are designed to protect you and your data security. If you're using a public computer, never save passwords and always ensure you're logged out of any active sessions.

    Use tap and pay or insert your card. Avoid swiping your card when shopping. Tapping or inserting your card is more secure.

Examples of scams

Examples of common scams

Examples of common scams currently impacting customers


Scammers send an email or text to try and obtain your personal information by pretending to be from a trustworthy source like a bank, a charity, or government.

The message looks real and will ask you to enter personal information on fake websites or ask you to click a link – this will allow the crook access to your computer and your personal information.

Online shopping

Scammers pretend to be real online shops, either with a fake website or a fake ad on a genuine retail site.

Fake online shopping sites will often request unusual payment methods such as upfront payment via money order, wire transfer, international funds transfer or gift cards.


Scammers claim to be stockbrokers or portfolio managers offering financial or investment advice.

They will ask you to hand over money for an investment opportunity that seems too good to be true, then they keep your money.

Remote access

Scammers will claim there's something wrong with your computer or internet connection or that it has become infected with malware.

They will try to convince you to install an application or give them access to your computer. They will use this to access your personal information or demand a "fee" for fixing the problem.


Relationship and dating scams

Scammers form a relationship with you, usually through social media, in order to get money or gifts. They develop the relationship over time and may ask you to transfer assets into their name or ask to become a beneficiary of your will. Often, they will ask for money to fix a health, travel or family problem. In many instances the person is not who they claim to be and these scams are often used to fund organised crime.

Invoice scams

A legitimate invoice or payment direction you were expecting is intercepted by a hacker and the payee bank account details are changed.

Puppy scams

This is where online sellers advertise puppies for sale and require a holding deposit. When the time comes to collect the puppy the seller is no longer contactable.

Overpayment scams

These work by getting you to 'refund' a scammer who has sent you too much money and are seeking a return of their overpayment; however, they have not sent you funds.

Prize scams

These scams trick you into giving money up front or your personal information in order to receive a prize, lottery winnings or competition that you have never entered.

Card security

Card security

If you have an ING VISA card, you should take steps to ensure that your card and the associated PIN are protected from unauthorised access or disclosure.

Sign your VISA card as soon as you receive it

Choose a unique PIN that is difficult to guess

Never write down or tell anyone your PIN

When shopping online, ensure the website is reputable and secure

If you have misplaced your card

You can place it on hold using the ING app. This will give you time to find it (without the worry of someone else potentially using it).

If your VISA card is lost, stolen, used without your permission or you suspect your PIN is known to someone else, contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Find out more

General security

General banking security

Phone security

Be aware of phone scams where criminals pretend to be calling from your bank. When receiving phone calls, be naturally suspicious and call back your bank if you are not comfortable.

ATM security

Ensure no-one else can view your PIN when using an ATM. Be alert for suspicious activity around ATMs or EFTPOS. In particular, suspicious individuals nearby or unusual attachments which may indicate the ATM has been tampered with. Do not use the ATM in these circumstances.

More security information

If you wish to find out more about security, visit the following websites:

Stay Smart Online has been provided by the Australian Government to help home computer users and small businesses to be safe when online.

ScamWatch - provided by the Australian Government, provides useful information on methods used by scammers and strategies you can use to protect yourself.

We protect you

How we protect you

ING takes the security of your information and money very seriously. We use technology and physical security measures to ensure a high level of protection for your information and money.

Protection of your information
  • ING takes the security of your information and money very seriously. We use technology and physical security measures to ensure a high level of protection for your information and money. We continually monitor trends and work with industry experts and authorities to ensure that we provide a high level of protection.

Industry-leading encryption with Extended Validation Certificates
  • Our website uses SSL (Secure Sockets Layer) encryption to ensure that others cannot read information travelling over the internet between your computer and our website. This can be verified by checking that there is a padlock icon in the address bar, which will appear when you log into ING online banking.

    We've also made it even easier for you to make sure you're accessing the genuine ING website, by using "extended validation" certificates. Simply look for the green address bar when you access ING online banking (when you use compatible web browsers).

    In order to use this feature, upgrade your web browser to the latest version available.

Login security
  • Virtual keypad
    We use a virtual keypad on our website when you are required to enter your Access Code. The order of the numbers on the keypad changes on each login. This keypad is designed specifically to help prevent hackers from capturing your Access Code and therefore gain access to your account.
  • Security tips
    On login, you will see regularly changing security tips, to help you to protect your information and money. Please take a few moments to read these tips and follow the instructions.
  • Last login time displayed
    When you successfully sign in to online banking, the Welcome screen will display your last sign-in date and time. This will help you to determine whether unauthorised parties have accessed your account.
  • Login timeout
    If you do not perform any activity on online banking for 8 minutes or more, your online banking session will automatically timeout and you'll be logged out.
  • Account lockout
    For your account protection, after three failed login attempts, your access to online banking will be suspended. To unlock your account you'll need to call us on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.
  • Security Codes provide you with an additional level of protection. When banking online your existing Client Number and Access Code already provide you with security. But because you can't be too safe when it comes to your information and money, to enable you to perform certain transactions online with even greater confidence we've introduced an additional level of security called Security Codes.

    These are once-only codes sent to your mobile phone. Once received, you need to enter the Security Code in the secure online area within 5 minutes of receiving it every time you perform certain online transactions such as paying bills via BPAY for the first time or changing any of your contact details (address, phone number, etc). Expiring after 5 minutes, they help to ensure it is you (rather than a potential fraudster) who is performing the transaction.

    Security Codes are a form of "two-factor authentication" designed to protect you against many types of online fraud such as phishing, Trojans and identity theft. Two-factor authentication is a process designed to verify two things - something you know and something you have. In the case of ING, we verify your Access Code (something you know) and your receipt of a Security Code sent to your registered mobile phone (something you have).

    For more information including when Security Codes are required, see our Security FAQs.

    Please contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days if:
    - you receive an SMS Security Code sent from ING and don't know why;
    - the details of the SMS we send you are different from what appears on your computer screen;
    - you receive a request for your Client Number and/or Access Code via SMS. ING will never request that you provide your Client Number and/or Access Code via SMS. We will also never ask you to reply to an SMS Security Code text message; or
    - your online and phone banking access has been suspended.

    Do not disclose your Security Code to anyone (the only exception to this is when you call our Contact Centre, they may send you a Security Code to help verify your identity).

  • For customers registered for Security Codes, an email alert may be sent to your email address that we have on file after certain transactions have been performed.

    Please contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days if you:
    - receive an email alert from ING and don't know why;
    - do not recognise the transaction described in the email alert;
    - receive a request for your Client Number, Access Code, card PIN, Security Code or any personal information via email.

  • My Messages contain a copy of all email alerts sent to you by ING for customers who have registered for Security Codes. If you wish to confirm an ING email alert is genuine, simply login to ING online banking and click "My Messages". You should see a My Message identical to the email alert you received.