SCAMwatch is warning Australians to continue to be wary of phishing scams received by email or SMS following a twist which leads to fraudulent online banking transactions.

How the scam works

  • You receive a genuine looking email or SMS which appears to have come from a bank, financial institution, email provider, social networking service, payment service provider or telecommunications company, to name a few.
  • Emails may be convincing as they often contain official looking company logos, letterhead or signature blocks.
  • The email or message will give a false reason for you to provide personal and account details, for example:
    • It may claim that you online banking account (and passwords) or credit card account requires resetting and that your username, pin/password and mobile number are required.
    • It may claim that your credit card, email or social networking account has been compromised, frozen or cancelled and that personal and pin/password details are required to unlock it.
  • The scam email or SMS will often direct you to a scam website where you are required to enter the details. Beware the website may look like your bank, email provider or social networking site’s official login page but is really a scam copy!

New Twist

Some internet banking systems send authentication messages to their account holder’s mobile before they are able to make a transaction to a new party. Scammers are using phishing techniques to tap into these messages by:

  • Sending a phishing email to gather their victim’s mobile number and internet banking passwords and usernames.
  • The details are used to access their victim’s internet banking accounts and to get the victim’s mobile number ported to a scam mobile phone.
  • Once this happens the victim’s mobile phone will suddenly and unexpectedly be disconnected from their provider.
  • The scammer uses the scam mobile to get access to these authentication messages and to perpetrate fraudulent internet banking transactions.

Protect yourself

  • If you think you have provided your banking details to a scammer and /or your mobile is unexpectedly disconnected from your provider, contact both your bank and telecommunications provider immediately.
  • Never give your personal, credit card, online banking or mobile phone details in response to an unsolicited email or SMS.
  • Never enter personal or banking details into any website unless you are certain that the website is genuine. Especially never enter details into a website which you visited by clicking on a link in an email.
  • If you receive unsolicited emails, delete them immediately!
  • If in doubt about the authenticity of an email or SMS, always contact the business, service provider or bank to verify that the request is genuine. Never rely on contact details provided in the emails or SMS. Instead, find genuine contact details independently from an authentic source.
  • Keep your computer updated with the latest anti-virus and anti-spy ware software. Also, use a good firewall.


You can report scams to the ACCC via the report a scam page on SCAMwatch.

More information

Learn more about phishing scams via our Requests for your account information (phishing scams) page. SCAMwatch has also previously issued radars on phishing scams:

Stay one step ahead of scammers, follow @SCAMwatch_gov on Twitter or visit


Read more

Phishing scams are attempts by scammers to trick you into giving out your personal information such as your bank account numbers, passwords and credit card numbers.