Australians lost $77 million to email scams last year. Scammers send 'urgent' emails pretending to be from the government, law enforcement and businesses.

They use the same logo and a similar email address as the real organisation. Scammers can also copy or 'spoof' the email address of an organisation or business to make the scam email look more real.

On this page

Warning signs it might be a scam

Stop and think. There's a good chance it's a scam if the email:

  • Contains a link or attachment that asks you to log on to an online service with your username and password or to provide other personal information
  • Requests a payment but the bank account and BSB details are new or have changed since the last payment you made
  • Claims to be from a well-known organisation or government agency but is sent from a free webmail address (for example @gmail.com, @yahoo.com.au)

Common scams via email include:

  • asking you to confirm your banking details so they can give you a ‘refund’
  • providing you with a phone number to call urgently
  • making a threat such as immediate arrest, deportation, or blackmail 
  • threatening to stop a service or charge a fine if you don’t act
  • stating you’ve been a victim of identity crime and offering compensation or help to recover money lost to scams

Steps you can take to avoid email scams

These simple steps can help prevent loss of money or personal information to scams:

Check that the email is real 

  • Contact the organisation or person using details you have found yourself (on their website or in the phone book) to check if the email was real
  • Access the organisations’ secure, authenticated portal or app directly (never via a link)

Learn how to protect your email account

  • Use unique passwords for different accounts and consider using a password manager so you don’t need to remember every single password you use.
  • Use multi-factor authentication when you can. This provides an extra layer of protection and means a scammer has to correctly guess your email password and a pin number sent to your phone to gain access to your email account.

eSafety has more advice on how to keep your email secure and the Australian Cyber Security Centre has a step-by-step guide on how to check the security of your email accounts following an incident or suspicious behaviour.

Be scam aware

Watch out for other common signs of a scam and immediately cut contact with anyone who tries to threaten or intimidate you.

Never give personal details or payment to anyone offering compensation or help you recover from a previous scam or data breach or winnings, prizes or an inheritance.

Think you've been scammed?

  1. Act fast to stop any further losses

    Contact your bank or card provider immediately to report the scam. Ask them to stop any transactions.

    Change passwords on all your devices and online accounts like banking, email, government and shopping.

  2. Get help to recover

    IDCARE is Australia and New Zealand’s national identity and cyber support service. They can help you make a plan (for free) to limit the damage. Call them on 1800 595 160 or visit their website to find out more.

  3. Report the scam

    Once you have secured your details, you can help us try to stop the scam or to warn others by reporting the scam to us.

Common Email scam types

Impersonation scams

Impersonation scams

Identity theft is a type of fraud that involves using someone else's identity to steal money or gain other benefits.
Unexpected money

Unexpected money

Don't be lured by a surprise win. These scams try to trick you into giving money upfront or your personal information in order to receive a prize from a lottery or competition that you never entered.

Is this page useful?