Skip to Content, Menu, Homepage

Online Security and Fraud Protection

At Heritage, we’re committed to protecting you from fraud. Our Fraud Management and Information Security Teams are constantly updating our processes and technologies to keep you safe. Here’s more information about how we protect you from fraud, some tips on how you can protect yourself, and updates on some recent fraud examples.

If you suspect any unusual activity has occurred while using Heritage On-Line Internet banking or other services, please call the Heritage Bank Contact Centre on 13 14 22, or send an email to our Fraud Team at fraudalert@heritage.com.au with details of what has happened.

If you ever suspect any unusual activity when using Heritage Internet Banking or the Heritage website, we would encourage you to call our Contact Centre on 13 14 22, or contact our fraud department via e-mail at fraudalert@heritage.com.au.

Security Alert: March 2016

Hoax Emails and Phishing Scams

Heritage Bank customers may have recently been targeted by hoax emails, claiming to come from Heritage online and tempting the recipient to click on a link which goes to a forgery of the Heritage online website. This fake website is designed to capture personal information such as your Heritage member number, passwords and contact information. Those who unsuspectingly login to this site may later discover their Heritage online account has been accessed by unauthorised persons.

If you have received one of these emails (known as a "phishing" scam), please ignore it and simply delete it. The email in question is NOT from Heritage, do not click on the link or reply to the email. If you have followed the instructions in the hoax email and logged into the fake Heritage online website, it is most likely your Internet banking details have been compromised. Please immediately change ALL your Heritage online passwords, and also telephone Heritage Bank immediately on 13 14 22 (8:30 am - 7 pm AEST Monday to Saturday).

REMEMBER: While Heritage may send informational or confirmatory receipt emails, Heritage will NEVER send an email that would request the disclosure of any personal security details such as your PIN, Internet Banking passwords, credit card details or require you to click on links or attachments within the email to update or verify details.

Security Alert: January 2015

Hoax Phone Calls

Heritage Bank customers may have recently been targeted by hoax telephone calls claiming to come from Heritage Bank or another financial institution. The caller may suggest that you are eligible for a payment or fee rebate and will attempt to obtain personal information such as your Heritage account number, card numbers, passwords and PINs. Those who unsuspectingly provided their information to the third party may later discover their Heritage account has been accessed by unauthorised persons.

If you have received one of these scam phone calls, please hang up the call and do not provide any personal or sensitive information to the caller. The phone call in question is NOT from Heritage. If you have given information to the third party, it is most likely your account details have been compromised. Please immediately change ALL your Heritage online and phone banking passwords, and also telephone Heritage Bank immediately on 13 14 22 (8:30 am - 7 pm AEST Monday to Saturday).


REMEMBER: Heritage will NEVER call you to request that you disclose of any personal security details such as your account number, PIN, Internet Banking passwords, credit card details.

Security Alert: December 2014

Hoax BPAY Emails

Heritage Bank customers may have recently been targeted by hoax emails, claiming to come from BPAY and tempting the recipient to open an attachment. These emails are unsolicited and not representative of any actual payments or processes. The attachment is designed to infect the recipient's computer with malicious software. Those who unsuspectingly open the attachment may later discover their personal information has been compromised or that their computer has been accessed by unauthorised persons.

If you have received one of these emails, please ignore it and simply delete it. The email in question is NOT from BPAY or a legitimate financial institution, and we caution against clicking on attachments or replying to the email. If you have followed the instructions in the email and opened that attachment, it is likely that your computer has been compromised. If this is the case, do not use your computer for any activities that may access or request personal information, and consider having your PC professionally scanned and cleaned for potential malware. 

If you have any concerns regarding the security of your bank accounts, please telephone Heritage Bank immediately on 13 14 22 (8:30 am - 7 pm AEST Monday to Saturday).

Text Reads:

The BPay transfer (ID: <906380073>, recently sent from your checking account, was aborted by the other financial institution.

Rejected transfer
Transfer Case ID   027962
Transaction Amount   3648.40 Australian dollar
Sender e-mail   <email address>
Reason of abort   See attached document

Please open the word document attached with this email to view more info about this issue.

Security Alert: December 2014

Hoax Emails and Phishing Scams

Heritage Bank customers may have recently been targeted by hoax emails, claiming to come from Heritage online and tempting the recipient to click on a link which goes to a forgery of the Heritage online website. This fake website is designed to capture personal information such as your Heritage member number, passwords and contact information. Those who unsuspectingly login to this site may later discover their Heritage online account has been accessed by unauthorised persons.

If you have received one of these emails (known as a "phishing" scam), please ignore it and simply delete it. The email in question is NOT from Heritage, do not click on the link or reply to the email. If you have followed the instructions in the hoax email and logged into the fake Heritage online website, it is most likely your Internet banking details have been compromised. Please immediately change ALL your Heritage online passwords, and also telephone Heritage Bank immediately on 13 14 22 (8:30 am - 7 pm AEST Monday to Saturday).

REMEMBER: While Heritage may send informational or confirmatory receipt emails, Heritage will NEVER send an email that would request the disclosure of any personal security details such as your PIN, Internet Banking passwords, credit card details or require you to click on links or attachments within the email to update or verify details.



Text Reads:
"Access to Heritage Transfers and Bpays have been restricted pending identity verification.

See detail(s) below:

Account Temporarily Restricted:
We noticed suspicious activity on your account from an unrecognized device on December, 4. This may have been you via a mobile device or other devices. For your security, we have temporarily restricted access to domestic and international transfers until you verify your identity with us.

Please take a minute to make sure that the information we hold about you is up to date and to verify your identity with us. What do you do? Simply verify your identity with us by visiting: www.heritage.com.au/customer/support/help

You will be required to answer security questions you have provided us when you registered in order for us to verify your identity; after which normal Banking activities will continue. We apologize for any inconveniences and appreciate each opportunity to serve you."

Security Alert: September 2014

Shellshock Vulnerability

A significant vulnerability has recently been disclosed called "Shellshock". The vulnerability is associated with Bash, a command shell present on many Unix, Linux and Apple systems. Heritage Bank does not utilise Bash on its Mobile Banking, Online Banking or any of its other internet facing systems and so these sites and their associated services are not vulnerable to Shellshock. Heritage's lack of vulnerability to Shellshock has been independently confirmed.

Security Alert: May 2014

Hoax Emails and Phishing Scams

Heritage Bank customers may have recently been targeted by hoax emails, claiming to come from Heritage online. The email contains an attached file which, when opened, displays a forgery of the Heritage online login page.

This forgery is designed to capture personal information such as your Heritage member number and Heritage online password. Those who unsuspectingly login to this site may later discover their Heritage online account has been accessed by unauthorised persons.

If you have received one of these emails (known as a "phishing" scam), please ignore it and simply delete it. The email in question is NOT from Heritage, do not click on the link or reply to the email. If you have followed the instructions in the hoax email and logged into the fake Heritage online website, it is most likely your Internet banking details have been compromised. Please immediately change ALL your Heritage online passwords, and also telephone Heritage Bank immediately on 13 14 22 (8:30 am - 7 pm AEST Monday to Saturday).

REMEMBER: While Heritage may send informational or confirmatory receipt emails, Heritage will NEVER send an email that would request the disclosure of any personal security details such as your PIN, Internet Banking passwords, credit card details or require you to click on links or attachments within the email to update or verify details.



Text Reads:
Dear Valued Customer,

Find attached, the Electronic Statement Review on your account for the period of 01-May-2014 to 08-May-2014.

Please we strictly advice that you check the attached e-statement immediately and confirmed that is up to date. You may be required to reconfirm some details during the process.

We assure you that your complaints will be resolved as quickly and efficiently as possible.

Security Notification: April 2014

Heartbleed Vulnerability

A vulnerability to some secure Web sites has recently been disclosed called "Heartbleed". The vulnerability is associated with some versions of OpenSSL often used to secure Web sites. Heritage Bank does not utilise OpenSSL on its Mobile Banking or Heritage Online Banking sites, and so these sites and their associated services are not vulnerable to the Heartbleed issue. This has been recently confirmed by Heritage using independent vulnerability assessment tools.

Security Alert: March 2014

Hoax Emails and Phishing Scams

Heritage Bank customers may have recently been targeted by hoax emails, claiming to come from Heritage online and tempting the recipient to click on a link which goes to a forgery of the Heritage online website. This fake website is designed to capture personal information such as your Heritage member number and login password. Those who unsuspectingly login to this site may later discover their Heritage online account has been accessed by unauthorised persons.

If you have received one of these emails (known as a "phishing" scam), please ignore it and simply delete it. The email in question is NOT from Heritage, do not click on the link or reply to the email. If you have followed the instructions in the hoax email and logged into the fake Heritage online website, it is most likely your Internet banking details have been compromised. Please immediately change ALL your Heritage online passwords, and also telephone Heritage Bank immediately on 13 14 22 (8:30 am - 7 pm AEST Monday to Saturday).

REMEMBER: While Heritage may send informational or confirmatory receipt emails, Heritage will NEVER send an email that would request the disclosure of any personal security details such as your PIN, Internet Banking passwords, credit card details or require you to click on links or attachments within the email to update or verify details.

Hoax Email

Text Reads:
" Dear Customer

Your internet banking profile has been blocked due to 3 unsuccessful logon attempt.
You have 24hrs to rectify this problem in order to avoid deactivation of your internet banking.

Rectify Now

Note: Enter all information correctly as prompted because failure to do so accurately will lead to account suspension.

Internet Banking Security
Heritage Bank
"

* Based on a $150,000 loan over 25 years. WARNING: This comparison rate is true only for the examples given and may not include all fees and charges. Different terms, fees or other loan amounts might result in a different comparison rate.