Phishing is when scammers impersonate trusted people or organisations to deceive you into providing personal information. Phishing attempts can take many forms.

Scammers make phone calls, send fake emails, texts, or messages, and even create fake websites that look like the real thing but they’re not.

They create a sense of urgency to manipulate you into clicking links to fake websites or to download harmful attachments. They may also send messages urging you to call a phone number that connects you to the scammer.

The criminals design these communications to appear authentic, using official logos, branding, and language to deceive their targets.

The scammers will then either sell your stolen personal information or use it to commit fraud in your name.

On this page

Warning signs it might be a scam

  • You receive an email, text or phone call claiming to be from a business you regularly deal with, such as your bank. They may ask you to update or verify your details or tell you there is a problem with your account.
  • The communication requires urgent action from you.
  • The email or text message doesn't use your proper name.
  • The email’s sender details do not match the legitimate business or government agency the message claims to be from.
  • The website address is slightly different to normal.

Steps you can take to protect yourself

Never share your personal information, credit card details, passwords or one-time codes with anyone who contacts you unexpectedly, even if they claim to be from your bank or another trusted organisation.

Check who it really is

  • Check that a message, call, or email is real by:
    • contacting the person or organisation directly using contact details you’ve found yourself on the organisations official website, or,
    • accessing the organisations’ secure, authenticated portal or app by never using a link.
  • Watch out for slight variations in caller or sender IDs like dots, special characters, or numbers.
  • Do an online search using the exact wording of the message, phone number, email address or organisation name, and 'scam'.

Stay safe online

  • Don’t open or download any attachments or apps as these can install malicious software on to your computer or phone.
  • Don’t click on links in text messages or emails.

Common phishing scams

Scammers will pretend to be from trusted government organisations or use brands such as myGov, Services Australia, Centrelink or the Australian Taxation Office to gain your trust. Sometimes scammers claim to be from international government organisations as with Chinese authority scams.

They try to get your personal information by contacting you on social media or sending a link in a text message or email. They may also call and threaten you with immediate arrest, deportation, or other legal action.

Government organisations won’t ever send a text message or email with a link to log onto online services such as myGov. They also won’t ask to access your device remotely or ask that you download software.

Scammers can make their calls and text messages appear to come from your bank. They can even send you text messages that appear in the same chain as other genuine messages.

They will come up with a believable story and convince you to take action. They may ask you for personal information or tell you to click a link to verify your account. They may also ask you to make an immediate payment, or transfer money to another account to keep it safe from suspected fraudulent activity.  Clicking these links can install malware on your device.  

For more information, watch our video about bank impersonation scams.

Scammers send messages pretending to be a family member or a friend desperate for money. They say they have a new phone, and they need you to pay money to help them out of a crisis. Sometimes scammers may even use your family or friend’s real photo when contacting you on social media making the scam harder to spot.

Scammers use phishing techniques to impersonate toll road companies. They send messages or emails claiming you did not pay a road toll and include a link to pay the toll.

Once you click on the link you are asked to provide credit card or bank details and the scammers will make unauthorised transactions with the information. They may also use those details to try and scam you again later.

Video about bank impersonation scams

Dealing with your bank is part of everyday life, and that's why it's really important we stay on the lookout for bank impersonation scams.

They become highly sophisticated and they look and sound authentic, and if the scammer succeeds, you could lose your life savings.

That's why Ashley here needs to be really careful.

The scammers already contacted him with a text message that looks like it's from his bank.

The contact is so realistic, he can't tell it's fake.

In fact, this scam is so sophisticated, Ashley can expect to receive a follow-up phone call from the scammer soon.

In Ashley's case, the text message has appeared in the same message thread as previous messages from his real bank, making it almost impossible to spot the scam.

Had they called or emailed him, the scammer would've disguised their phone number or email address to look like it really was from Ashley's bank.

In this type of scam, the scammers use the type of language you'd expect from your bank.

So the communication sounds very genuine.

And then they apply pressure by telling you that they've identified suspicious activity on your account or they need you to verify or confirm a transaction.

Ashley's first contact with the scammer came via text message and the scammer's given him a phone number and asked him to call them straight away.

Now that he's speaking to the scammer, they're offering to help him secure his bank account or device.

Be careful, Ash.

If you receive a call or message from someone saying they're your bank, stop before you provide them with any details.

Even if the scammer knows some details about you already, and they probably will, they'll always ask you for more, like your one-time password or a security pin.

They tell you that they need this information to verify who you are or to secure your account, but they're actually using it to access your account to steal your money.

So if they ask you for more information about you, or if they're telling you to move quickly because you could lose your entire savings, stop and slow things down.

Great job, Ash.

There are other red flags too.

If they ask you to download software onto your device, it's a scam.

If they ask you to transfer your money to a secure account, it's a scam.

If they ask you to hand over cash to a courier, it's a scam.

Banks would never ask you to do any of these things.

Even if it sounds legit, before you hand over any personal details, check, call your bank like Ashley using the number on their website to check that the contact is real, or if you can contact them using their secure app.

And finally, protect yourself. If you've shared personal details with a scammer or transferred money to them, act quickly.

Contact your bank immediately so they can secure your account.

If you've downloaded any software onto your device, take it to a qualified technician to have it removed and please report any scam to Scamwatch.

Your report will help us to protect others and the best thing we can do to fight back against scammers?

Share your story with others.

The more we talk, the less power scammers have.

Think you've been scammed?

  1. Act fast to stop any further losses

    Contact your bank or card provider immediately to report the scam. Ask them to stop any transactions.

    Change passwords on all your devices and online accounts like banking, email, government and shopping.

  2. Get help to recover

    IDCARE is Australia and New Zealand’s national identity and cyber support service. They can help you make a plan (for free) to limit the damage. Call them on 1800 595 160 or visit their website to find out more.

  3. Report the scam

    Once you have secured your details, you can help us try to stop the scam or to warn others by reporting the scam to us.

Find out more about what to do if you've been scammed