Check it before
you click it
Always be alert to scams
Working together to keep your money safe .
Financial scams are an unfortunate part of modern life. Sneaky, sophisticated and ever-changing, spotting them isn’t always easy.
We hope you find the information below helpful and encourage you to call us if you have any questions. It is really important that if you think you are at risk of a scam, are unsure about suspicious activity on your account or believe you have received suspicious communication from us to please call us as soon as possible.
Keep reading to learn how, together, we can keep your accounts and money safe.
Like to know even more?
You’ll find a wealth of useful information at Scamwatch – a website managed by the Australian Competition & Consumer Commission (ACCC).
Commons scams to stay safe from.
Phishing is a common tactic used by scammers to trick you into revealing sensitive personal information like passwords, bank account details and credit card numbers. To do it, they use fake (but authentic looking) emails, text messages and social media posts impersonating an individual or organisation you trust like a government agency or financial institution. Some bold scammers will even try to get this information from you directly over the phone. Their ultimate aim is to use your own identity to steal from you, either now or at some stage in the future.
Red flags
- Messages, emails and calls from unknown sources
- Requests for account information from unexpected individuals or businesses
- Text messages or emails asking you to click a link (even an Opt Out link)
Australians spend millions of dollars shopping online every day. To exploit this, scammers set up fake websites that appear to be genuine retail businesses, often using real logos, brands and product photos. When an order is placed and paid for, shoppers may receive a cheap and inferior product to what they were expecting, or nothing at all. Meanwhile, the scammers have their most sensitive personal and banking information. Some online shopping scammers also post fake ads on social media, use fake celebrity endorsements and even write their own reviews to create the illusion their website is real.
Red flags
- Amazing deals and prices that aren’t available anywhere else
- Retailers you’ve never heard of before
- Unusual payment and delivery options.
Remote access scams use emails, texts, phone calls and pop-up browser windows to spread fake – yet plausible – stories that result in victims voluntarily providing remote access to their computer, tablet or smartphone. Common tactics include impersonating a representative from a trusted business such as a bank, utility or government agency. Once they gain access, scammers are free to steal and misuse all manner of sensitive personal and financial information stored on the device, often without any knowledge of the victim. They can also install ransomware, change passwords and even lock you out of your own device/s.
Red flags
- Any third party request for access to your devices
- Unexpected pop-up messages and emails warning of viruses
- Unusual changes to your device, such as unexplained files or random mouse movements
- Passwords and usernames suddenly not working.
It isn’t a great idea to ignore the Australian Tax Office. Scammers know this and use emails, phone calls and text messages claiming to be from the ATO and other government departments to access sensitive personal and financial information. It might be the promise of an unexpected tax refund or an urgent security update. On the other hand, it might be the threat of penalties from an unpaid tax or HECS debt. The catch is you need to login to your myGov account using the link provided to resolve it. Clicking the link takes you to a fake ATO webpage that then asks for details like your TFN, residential address, credit card and bank account details.
Red flags
- Unexpected tax refunds or debt notices from the ATO
- Emails or text messages containing a link to the ATO or MyGov websites
- Government email addresses that do not end with ‘.gov.au’
Enormous amounts of money are stolen through invoicing scams each year, largely as they’re so simple and easy to fall for. Some scammers find ways to compromise or hack legitimate company email accounts. Others simply impersonate a company with similar (but fake) email addresses and domain names. They then change the bank account details on the company’s invoices before sending them to unsuspecting customers. Believing they are making a genuine payment to a trusted supplier, the customer pays the invoice, but instead sends their money straight into scammer’s fraudulent bank account.
Red flags
- Unexpected invoices from a known supplier
- Changes to a supplier’s banking details from previous invoices
- Changes to the visual design of a supplier’s invoices.
First they steal your heart. Then your money. Romance scams often begin through online dating sites and apps, with scammers using fakes names and images (known as ‘catfishing’) to help build a fake relationship over days, weeks or even months. Once they have gained their victim’s trust, they then seek to emotionally manipulate them. Common tactics include asking for money, gifts or banking and credit card details. They may even create a fake personal emergency to deceive the victim into providing urgent financial assistance.
Red flags
- Reluctance to actually meet and/or last minute cancellations
- Sudden emergencies requiring urgent funds
- Constant requests for money or loans, often of increasing values
Investment scams
Investment scammers pose as stockbrokers, bankers, financial planners and other trusted professionals. From cryptocurrency and real estate to term deposits and shares, they approach their victims with offers of once-in-a-lifetime, high return/low risk investments. Trouble is, it’s rarely authentic. Once they gain your interest and trust, they request payments to ‘secure’ the amazing opportunity – only for that money to never be seen again.
Job scams
These types of scams typically promise very attractive job opportunities with very minimal effort. Scammers impersonate an employer, advertise fake positions on legitimate job sites and can even directly contact individuals through messaging platforms or email. The catch comes when victims are required to make an upfront payment for training or to guarantee their new position. Scammers may also request sensitive personal information as part of the employee onboarding process, such as Tax File Numbers, home addresses and bank account details.
Identity theft
Over a period of time, scammers use a variety of means to build a detailed profile of your most sensitive personal documents and information. Armed with things like your passport, driver’s licence, TFN, birth certificate, banking details and photos, they then recreate your identity. This allows them to access your existing financial accounts, and even apply for new credit cards and loans in your name. They may also try to sell your identity to other cyber criminals.
Threat & penalty scams
Rather than subtle deception, these scams are all about aggression and fear. Scammers will contact their victims with highly demanding phone calls (sometimes using recorded messages), emails or text messages impersonating official organisations with threats of penalties, arrest, legal action and even physical harm if they don’t provide immediate information and/or payment.
Business Email Compromise (BEC) scams
BEC is a form of targeted phishing, sometimes known as ‘spear phishing’. Scammers use official looking emails – and even real compromised email addresses – to impersonate people within an organisation, deceiving their victims into making fake payments, filling bogus orders or revealing sensitive company information. Increasing work-from-home arrangements have seen BEC scams on the rise worldwide since the pandemic.
Malware
Malware refers to malicious viruses and software programs that are used to unknowingly ‘infect’ computers, devices or networks. Scammers use it for many purposes including corporate spying, stealing personal information, sabotage and extorting payment from individuals and businesses. Malware often acts like a Trojan horse, hiding its true purpose behind a seemingly legitimate program or app.
Empower yourself with these resources .
Scamwatch
Run by the Australian Competition & Consumer Commission (ACCC), Scamwatch is a great place to learn about the very latest scams, and report them.
IDCare
IDCare provides free and confidential support to people who may have had their identity compromised or stolen through a targeted fraud or scam.
Australian Cyber Security Centre
This is the Australian Government’s lead agency for cyber security. Visit their website to report suspicious activity and learn more about staying safe from cybercrime.
We're here to help .
Send us an email
Share screenshots and details of suspicious behaviour by email to [email protected]