Scam Awareness

Don't let Tax Time become Scam Time

Tax time often means Australians have more contact from the Australian Taxation Office (ATO) or myGov, something scammers are quick to exploit. "Scammers target tax season because they know people expect to hear from official agencies, so they use fake messages about unexpected refunds or urgent debts to trick you into sharing personal details or to make payments,” the Customer Owned Banking Association’s (COBA) Head of Financial Crimes and Cyber Resilience Martin Latimer said. To help you protect your money and personal information this tax season, COBA’s Financial Crimes and Cyber Resilience team shares common tax scams to watch for, the warning signs to look out for, and simple steps you can take to stay safe.   ATO impersonation scams Tax scams often involve scammers impersonating trusted government services, including the ATO, myGov and myID. They may contact you by phone, email, SMS, social media or fake websites, trying to trick you into sharing personal information such as your tax file number (TFN), myGov username, password or bank details. Scammers may also send phishing messages that include suspicious links, QR codes or attachments designed to steal your information or install malicious software. If you are unsure whether contact is genuine, do not reply, click links or download attachments. To combat tax time scams, the ATO has launched a verify call feature in the ATO app to help taxpayers confirm, in real time, whether a call claiming to be from the ATO is genuine. If you receive a call from someone claiming to be from the ATO, open the ATO app, log in and select verify call. If the app does not confirm the call, treat it as suspicious and hang up.   Urgency, threats and pressure tactics Scammers rely on pressure to make people act before they have time to think. Be wary of messages or calls that threaten arrest, legal action, account suspension or cancellation of your tax file number, or that tell you not to speak with your tax agent. Stay calm, end the interaction and verify the claim independently through official channels. Demands for payment by gift cards, cryptocurrency or unusual methods Scammers often create fear and urgency by claiming there is a warrant for your arrest, an unpaid tax debt or an immediate fine. They may ask you to pay using gift cards, cryptocurrency, cash delivery, prepaid cards or personal or offshore bank accounts. These payment methods are difficult to trace and are a major red flag. The ATO will never ask you to pay a tax debt or fine using gift cards, cryptocurrency or other unusual payment methods.   Requests for an ‘admin fee’ to receive a refund Another common scam involves a call, email, or message claiming you are entitled to a refund for overpaid tax. The scammer may pretend to be from the ATO or another government body and claim you need to pay an administration fee or an upfront cost before your refund can be released. The ATO will never ask you to pay a fee to receive a tax refund.   What to do if something feels suspicious Always remember to “Stop. Check. Protect.” If you receive a suspicious call, SMS, email or social media message, do not reply, click links, download attachments or share personal information. If you encounter a potential scam, report it to Scamwatch to help protect others. If you have shared information or lost money, contact your bank or financial institution immediately and report the incident through official channels. Customer-owned banks are committed to safeguarding customers from scams and fraud. In November 2023, the sector joined forces to launch the Scam-Safe Accord with the Australian Banking Association. This industry-wide initiative reflects a united effort to disrupt scammers, strengthen consumer protection and help Australians stay safer online.   Need help? If you believe someone has gained access to your bank account and/or personal information, even if the scam appears unrelated to your finances, you should contact your bank immediately. A timely response can be critical. If you have concerns about your account contact us immediately. You can report cybercrime directly to the Australian Cyber Security Centre (ACSC) or National Anti-Scam Centre (NASC) – Scamwatch. Find out how scams work, how to protect yourself, what to do if you’ve been scammed or report a scam to the Australian Competition and Consumer Commission (ACCC) via Scamwatch. Change your passwords and enable two-factor authentication to protect your accounts. As always, we remain committed to your security and privacy online. To understand how we help to keep you safe, please refer to our Security page. For more information on common scams and how to protect yourself, please visit the News section of our website.

Scam Awareness

Scam alert: Watch out for mobile fraud

This Scam Alert is a joint warning from the Australian Communications and Media Authority (ACMA) and the National Anti-Scam Centre’s Scamwatch.   Recently, it's been reported by Scamwatch that criminals are committing fraud by taking control of mobile phone numbers or making unauthorised changes to phone accounts. Once they gain access to your phone, they can receive verification codes, reset passwords, restrict access to your systems, and get access to a wide range of services that rely on your mobile number for security checks, including: your bank accounts myGov subscription services rewards programs. Some people are at risk of mobile number fraud when their email account is compromised. Mobile phone fraud can also occur when scammers gain access to your ID documents or passwords through phishing attempts and following data breaches. Who’s at risk Anyone with a mobile phone number can be targeted by this scam. However, people who know or suspect they have been in a data breach may be at greater risk of being targeted. Warning signs to look out for Unexpected alerts about changes to your mobile account. Verification codes you didn’t request. Account login attempts or password reset emails you didn’t initiate. Your phone suddenly stops working, shows no signal or switches to ‘SOS only’. If you've been affected If your phone stops working unexpectedly or you notice suspicious activity, contact your bank immediately then contact your phone provider. Change passwords on all your devices and online accounts and notify your bank or card provider straight away. Monitor your bank statements and account activity for anything unusual. Need help? If you believe someone has gained access to your bank account and/or personal information, even if the scam appears unrelated to your finances, you should contact your bank immediately. A timely response can be critical. If you have concerns about your account contact us immediately. You can report cybercrime directly to the Australian Cyber Security Centre (ACSC) or National Anti-Scam Centre (NASC) – Scamwatch. Find out how scams work, how to protect yourself, what to do if you’ve been scammed or report a scam to the Australian Competition and Consumer Commission (ACCC) via Scamwatch. Change your passwords and enable two-factor authentication to protect your accounts. As always, we remain committed to your security and privacy online. To understand how we help to keep you safe, please refer to our Security page. For more information on common scams and how to protect yourself, please visit the News section of our website.

Scam Awareness

Scam alert: Tai Chi and community activities malware scam

Recently, it's been reported by Scamwatch that scammers are advertising ‘free’ classes and creating fake social media groups on various platforms and search engines such as Facebook and Google for a range of activities including Tai Chi, dancing, walking, or hiking.   Once you join the online group, you will receive a call or message from the group administrator. You’ll be advised to download an app from a website to view and register for the free classes. The website may have a button or link to click to ‘Download’ the app from an app store but once you click, it will immediately begin downloading the malware directly to your device. This malware can access and steal your money. Who’s at risk Web and social media users People interested in free or new activities Warning signs to look out for Offers for free classes, activities, and events that require you to click on links, download attachments or install software. Calls or messages from "group administrators". Class locations and times not freely available. being asked to download an app from a third-party website. Need help? If you believe someone has gained access to your bank account and/or personal information, even if the scam appears unrelated to your finances, you should contact your bank immediately. A timely response can be critical. If you have concerns about your account contact us immediately. You can report cybercrime directly to the Australian Cyber Security Centre (ACSC) or National Anti-Scam Centre (NASC) – Scamwatch. Find out how scams work, how to protect yourself, what to do if you’ve been scammed or report a scam to the Australian Competition and Consumer Commission (ACCC) via Scamwatch. Change your passwords and enable two-factor authentication to protect your accounts. As always, we remain committed to your security and privacy online. To understand how we help to keep you safe, please refer to our Security page. For more information on common scams and how to protect yourself, please visit the News section of our website.

Scam Awareness

ClickFit: Are you fit to click-date?

ClickFit: Are you fit to click-date? ClickFit: Romance Scams is designed to get Australians to stop their scroll, check the warning signs of romance scams, and protect their hearts and wallets from cybercriminals. Think of ClickFit as a road-safety campaign for digital dating: every online user is being urged to slow down, swerve around romance scam tactics, and stay one step ahead of cybercrime. Why ClickFit matters?Many victims of romance scams experience feelings of embarrassment, fear and disapproval, which prevents them from coming forward. To help Australians navigate online dating safely, it's important they can recognise the warning signs of romance scams. ClickFit will make it easier for Australians to date online and click on love with caution and confidence. Get ready to click-date in six steps: If asked, don't move the chat to another platform Always verify the person online Ask to video call or meet in person Never send money or share accounts Watch out for romance scam tactics Talk to someone you trust Need help? If you believe someone has gained access to your bank account and/or personal information, even if the scam appears unrelated to your finances, you should contact your bank immediately. A timely response can be critical. If you have concerns about your account contact us immediately. You can report cybercrime directly to the Australian Cyber Security Centre (ACSC) or National Anti-Scam Centre (NASC) – Scamwatch. Find out how scams work, how to protect yourself, what to do if you’ve been scammed or report a scam to the Australian Competition and Consumer Commission (ACCC) via Scamwatch. Change your passwords and enable two-factor authentication to protect your accounts. As always, we remain committed to your security and privacy online. To understand how we help to keep you safe, please refer to our Security page. For more information on common scams and how to protect yourself, please visit the News section of our website.

Scam Awareness

Scam alert: Qantas impersonation scam

Spike in reports of scammers impersonating Qantas to steal your personal information and money. What’s happening Scammers are impersonating Qantas in emails and text messages to steal your personal information and money. They create a sense of urgency to try and get you to act quickly without checking first. Scammers will use Qantas logos and branding to make the communication look real. The email or text message will urge you to click a link to either: claim a refund claim a gift redeem points that are about to expire. If you click this link you will be directed to a scam website designed to steal any information you enter.  Qantas has been warning of these sorts of scams, which were first identified in August 2025, and encourages customers to be alert to continued scam activity. The airline does not contact customers to ask for their PINs, passwords, or one-time passwords in text messages or email. More information can be found on Qantas.com dedicated scams page. The NASC and Qantas work collaboratively to share scam intelligence and to disrupt scams. Who’s at risk Anyone could be targeted by this scam. You do not need to be an existing Qantas customer or Qantas Frequent Flyer. However, people who know or suspect they have been involved in a data breach may be at greater risk of being targeted. If you’ve been affected Don’t be embarrassed about being scammed. If you’ve had money or personal information stolen, contact us immediately. If you think your accounts have been compromised, change your passwords immediately. Monitor your bank statements and accounts for unusual activity. If you’ve been scammed or have provided personal information, call IDCARE on 1800 595 160. Help others by reporting to Scamwatch. Warning signs to look out for Suprise offers that come from unsolicited emails or messages. Sender names, email addresses or website addresses that have been changed and look different from the legitimate domain of an organisation.  Limited time offers creating urgency such as expiring loyalty points or "missing out" on a refund or gift. Communications that ask for your personal details, password, PIN, credit card or banking information. Communications that ask you to click a link and enter personal or sensitive login information.  Protect yourself from scams by: STOP. Scammers create a sense of urgency. Don’t rush to act, take your time. Never click a link, download an attachment, or enter personal or sensitive login information via a link in an email or message. CHECK. Check whether the message or email you’ve received is really from Qantas by using your official Qantas app, visiting the Qantas website, or calling Qantas directly using a number you source yourself. Qantas updates its scams awareness website with advice for customers. PROTECT. If you’ve given any personal information to someone you suspect is a scammer, act quickly. See more about what to do if you’ve been scammed and what steps you can follow. Need help? If you believe someone has gained access to your bank account and/or personal information, even if the scam appears unrelated to your finances, you should contact your bank immediately. A timely response can be critical. If you have concerns about your account contact us immediately. You can report cybercrime directly to the Australian Cyber Security Centre (ACSC). Find out how scams work, how to protect yourself, what to do if you’ve been scammed or report a scam to the Australian Competition and Consumer Commission (ACCC) via Scamwatch. Change your passwords and enable two-factor authentication to protect your accounts. As always, we remain committed to your security and privacy online. To understand how we help to keep you safe, please refer to our Security page. For more information on common scams and how to protect yourself, please visit the News section of our website. Source: Scamwatch

Scam Awareness

Scam Alert: Increased scam activity following Bondi Beach Attack

Following the recent terrorist attack at Bondi Beach, there is an increased risk of scam and financial crime activity. Scammers are known to exploit major public events by impersonating trusted organisations, creating fake donation appeals, or pressuring people into making urgent payments. This article outlines common scam types, safe payment practices, and practical tips to help you stay protected. Common scams to be aware of After major incidents, scam activity often increases. Watch out for: Fake charities and donation requests: Scammers may impersonate legitimate charities or emergency relief funds, requesting donations via text messages, emails, social media posts, or fake websites. Fake government or compensation messages: You may receive contact from someone claiming to represent a government agency or authority, offering compensation, refunds, or financial support. These messages often ask for personal details or immediate payment. Urgent or emotionally charged payment requests: Scammers frequently use urgency to pressure people into acting quickly without verifying the request.   Use secure payment methods Before making a payment or donation, consider whether the payment method being requested is appropriate for the situation. Legitimate organisations do not require urgent or unusual payment methods. Scammers often request payment methods that are hard to recover, including PayID or real-time bank transfers, international transfers, cryptocurrency, or gift cards. Stick to trusted and secure payment methods, which often have built-in buyer protection and fraud prevention features to help safeguard your purchases. If you are being pressured to pay quickly or in a specific way, stop and verify the request before proceeding.   How to protect yourself Here are 4 practical tips to help you stay protected: Verify the organisation or recipient using official websites or trusted contact details. Do not click links in unsolicited emails, text messages, or social media posts. Donate only through official charity channels. Take time to check the request. Scammers often use urgency to pressure people into paying.   Need help? If you believe someone has gained access to your bank account and/or personal information, even if the scam appears unrelated to your finances, you should contact your bank immediately. A timely response can be critical. If you have concerns about your account contact us immediately. You can report cybercrime directly to the Australian Cyber Security Centre (ACSC) or National Anti-Scam Centre (NASC) – Scamwatch. Find out how scams work, how to protect yourself, what to do if you’ve been scammed or report a scam to the Australian Competition and Consumer Commission (ACCC) via Scamwatch. Change your passwords and enable two-factor authentication to protect your accounts. As always, we remain committed to your security and privacy online. To understand how we help to keep you safe, please refer to our Security page. For more information on common scams and how to protect yourself, please visit the News section of our website.