Check it before
you click it

Always be alert to scams

Working together to keep your money safe.

Financial scams are an unfortunate part of modern life. Sneaky, sophisticated and ever-changing, spotting them isn’t always easy.

We hope you find the information below helpful and encourage you to call us if you have any questions. It is really important that if you think you are at risk of a scam, are unsure about suspicious activity on your account or believe you have received suspicious communication from us to please call us as soon as possible.

Keep reading to learn how, together, we can keep your accounts and money safe.

Like to know even more?

You’ll find a wealth of useful information at Scamwatch – a website managed by the Australian Competition & Consumer Commission (ACCC).

Commons scams to stay safe from.

Phishing is a common tactic used by scammers to trick you into revealing sensitive personal information like passwords, bank account details and credit card numbers. To do it, they use fake (but authentic looking) emails, text messages and social media posts impersonating an individual or organisation you trust like a government agency or financial institution. Some bold scammers will even try to get this information from you directly over the phone. Their ultimate aim is to use your own identity to steal from you, either now or at some stage in the future.

Red flags

  • Messages, emails and calls from unknown sources
  • Requests for account information from unexpected individuals or businesses
  • Text messages or emails asking you to click a link (even an Opt Out link)

Australians spend millions of dollars shopping online every day. To exploit this, scammers set up fake websites that appear to be genuine retail businesses, often using real logos, brands and product photos. When an order is placed and paid for, shoppers may receive a cheap and inferior product to what they were expecting, or nothing at all. Meanwhile, the scammers have their most sensitive personal and banking information. Some online shopping scammers also post fake ads on social media, use fake celebrity endorsements and even write their own reviews to create the illusion their website is real.

Red flags

  • Amazing deals and prices that aren’t available anywhere else
  • Retailers you’ve never heard of before
  • Unusual payment and delivery options.

Remote access scams use emails, texts, phone calls and pop-up browser windows to spread fake – yet plausible – stories that result in victims voluntarily providing remote access to their computer, tablet or smartphone. Common tactics include impersonating a representative from a trusted business such as a bank, utility or government agency. Once they gain access, scammers are free to steal and misuse all manner of sensitive personal and financial information stored on the device, often without any knowledge of the victim. They can also install ransomware, change passwords and even lock you out of your own device/s.

Red flags

  • Any third party request for access to your devices
  • Unexpected pop-up messages and emails warning of viruses
  • Unusual changes to your device, such as unexplained files or random mouse movements
  • Passwords and usernames suddenly not working.

It isn’t a great idea to ignore the Australian Tax Office. Scammers know this and use emails, phone calls and text messages claiming to be from the ATO and other government departments to access sensitive personal and financial information. It might be the promise of an unexpected tax refund or an urgent security update. On the other hand, it might be the threat of penalties from an unpaid tax or HECS debt. The catch is you need to login to your myGov account using the link provided to resolve it. Clicking the link takes you to a fake ATO webpage that then asks for details like your TFN, residential address, credit card and bank account details.

Red flags

  • Unexpected tax refunds or debt notices from the ATO
  • Emails or text messages containing a link to the ATO or MyGov websites
  • Government email addresses that do not end with ‘’

Enormous amounts of money are stolen through invoicing scams each year, largely as they’re so simple and easy to fall for. Some scammers find ways to compromise or hack legitimate company email accounts. Others simply impersonate a company with similar (but fake) email addresses and domain names. They then change the bank account details on the company’s invoices before sending them to unsuspecting customers. Believing they are making a genuine payment to a trusted supplier, the customer pays the invoice, but instead sends their money straight into scammer’s fraudulent bank account.

Red flags

  • Unexpected invoices from a known supplier
  • Changes to a supplier’s banking details from previous invoices
  • Changes to the visual design of a supplier’s invoices.

First they steal your heart. Then your money. Romance scams often begin through online dating sites and apps, with scammers using fakes names and images (known as ‘catfishing’) to help build a fake relationship over days, weeks or even months. Once they have gained their victim’s trust, they then seek to emotionally manipulate them. Common tactics include asking for money, gifts or banking and credit card details. They may even create a fake personal emergency to deceive the victim into providing urgent financial assistance.

Red flags

  • Reluctance to actually meet and/or last minute cancellations
  • Sudden emergencies requiring urgent funds
  • Constant requests for money or loans, often of increasing values

Investment scams

Investment scammers pose as stockbrokers, bankers, financial planners and other trusted professionals. From cryptocurrency and real estate to term deposits and shares, they approach their victims with offers of once-in-a-lifetime, high return/low risk investments. Trouble is, it’s rarely authentic. Once they gain your interest and trust, they request payments to ‘secure’ the amazing opportunity – only for that money to never be seen again.

Job scams

These types of scams typically promise very attractive job opportunities with very minimal effort. Scammers impersonate an employer, advertise fake positions on legitimate job sites and can even directly contact individuals through messaging platforms or email. The catch comes when victims are required to make an upfront payment for training or to guarantee their new position. Scammers may also request sensitive personal information as part of the employee onboarding process, such as Tax File Numbers, home addresses and bank account details.

Identity theft

Over a period of time, scammers use a variety of means to build a detailed profile of your most sensitive personal documents and information. Armed with things like your passport, driver’s licence, TFN, birth certificate, banking details and photos, they then recreate your identity. This allows them to access your existing financial accounts, and even apply for new credit cards and loans in your name. They may also try to sell your identity to other cyber criminals.

Threat & penalty scams

Rather than subtle deception, these scams are all about aggression and fear. Scammers will contact their victims with highly demanding phone calls (sometimes using recorded messages), emails or text messages impersonating official organisations with threats of penalties, arrest, legal action and even physical harm if they don’t provide immediate information and/or payment.

Business Email Compromise (BEC) scams

BEC is a form of targeted phishing, sometimes known as ‘spear phishing’. Scammers use official looking emails – and even real compromised email addresses – to impersonate people within an organisation, deceiving their victims into making fake payments, filling bogus orders or revealing sensitive company information. Increasing work-from-home arrangements have seen BEC scams on the rise worldwide since the pandemic.


Malware refers to malicious viruses and software programs that are used to unknowingly ‘infect’ computers, devices or networks. Scammers use it for many purposes including corporate spying, stealing personal information, sabotage and extorting payment from individuals and businesses. Malware often acts like a Trojan horse, hiding its true purpose behind a seemingly legitimate program or app.

Staying alert. Staying protected.

Each new day brings new scams to watch out for. Whilst the methods may change, there are some basic things we can all do to stay one step ahead. Scammers may come up with fake scenarios in order to access your banking details or to convince you to send funds to an unknown account.

  1. Stop. Investigate. Verify.

    We will never ask you for your internet banking login details or PIN.

  2. Rethink every link.

    Links provide doorways to your most personal details. Only click on them if you’re certain they’re authentic.

  3. When in doubt, delete.

    Trust your instincts. If something doesn’t seem right, it probably isn’t.

  4. Take care. Never share.

    Always keep your passwords, PINs and usernames to yourself.

  5. Change is good.

    Get into the habit of changing your passwords regularly. The more random they are, the better.

Empower yourself with these resources.


Run by the Australian Competition & Consumer Commission (ACCC), Scamwatch is a great place to learn about the very latest scams, and report them.


IDCare provides free and confidential support to people who may have had their identity compromised or stolen through a targeted fraud or scam.

Australian Cyber Security Centre

This is the Australian Government’s lead agency for cyber security. Visit their website to report suspicious activity and learn more about staying safe from cybercrime.

We're here to help.

Call us

Our contact centre is open Monday-Friday 9am-5pm (AEDT)

Give us a call

Report a scam online

See anything suspicious? Tell us by sending us a message!

Report a scam

Send us an email

Share screenshots and details of suspicious behaviour by email to [email protected]

Apply now.

Already a customer?

Apply in internet banking

New customer?

Apply online