[iframe src="https://www.googletagmanager.com/ns.html?id=GTM-MX6JG9W" height="0" width="0" style="display:none;visibility:hidden"][/iframe]
Think first then dial

Scams and cybercrime


Report a cybercrime to police at ReportCyber (cyber.gov.au/report)


What are scams

Scams are a common method used by cybercriminals to compromise your online accounts or trick you into handing over your money or personal information. Scammers use emails, text messages, phone calls, websites and social media to make contact and often pretend to be a person or organisation you trust.

By being smarter with your data, verifying the source or knowing how to spot scams you can help protect yourself from losing your identity, your reputation or your life savings.


Scam red flags (warning signs)

Knowing common scam red flags can help you identify if something is a scam. Red flags can include:

  • Opportunities to make or save money, often with little or no risk.
  • Links and attachments on a webpage or that are sent via text message or email.
  • Requests to pay in unusual or very specific ways, such a cryptocurrency or gift cards.
  • Requests to set up new accounts, such as cryptocurrency wallets or PayID.
  • Pressure to act quickly.
  • Sad stories or cries for help.

Know the scam

Impersonation scams

What are impersonation scams?

Scammers will often impersonate people and trusted organisations to gain your compliance to pay them money, cryptocurrency or gift cards. They usually make contact via phone calls, text messages or emails. Scammers may “spoof” their phone number, meaning that the phone number showing on your phone, is not the number they are actually calling from.

Impersonation scams will often evolve into other common scams, such as remote access, romance, business email compromise, threat of arrest, sextortion and online shopping scams.

Scammers will often impersonate:

  • Family - “Hi Mum, I lost my phone and this is my new number…”
  • Banks - “I am… from the fraud department of your bank...”
  • Telecommunication companies - “I am ringing about a problem with your internet / NBN…”
  • Consulates or Immigration - “I am from … consulate and there is a problem with your VISA…”
  • Government agencies “I’m from the Australian Tax Office (ATO) / Government / Police / Centrelink …”
  • Celebrities or their entourage.
  • A potential romantic interest.

Red flags

  • Requests may be general, “there is an outage in your area”, without the caller knowing what area you are in
  • There is pressure from the scammer to act quickly.
  • The contact is unsolicited.
  • They ask you to send or transfer money, cryptocurrency or gift cards.
  • They request private and identifying information from you.
  • They request you keep their communication with you private.
  • Scammers impersonating well known government agencies, may threaten arrest or deportation if you don’t pay money to “fix the issue.”

Protect yourself

  • Do not trust caller ID.
  • Do not engage.
  • Do not provide personal information.
  • Do not provide bank details or send money or gift cards.
  • Never click on links provided within emails or text messages.
  • Always log directly into accounts to view official correspondence, never via link sent to you.
  • If you are unsure, call the person / organisation they are claiming to be a publicly known number.

Report

  • If you have lost money or believe your bank account details have been compromised, contact your bank immediately.
  • Report to police via ReportCyber or attend your local police station.

Support and resources

Seek support if this happens to you.

Watch our video on family impersonation scams.

Online shopping / online marketplace scams

What are online shopping and online marketplace scams?

Scammers are constantly adapting their methodologies to exploit online shoppers through fake social media ads and websites that look like genuine online stores. This type of scam usually involves the victim purchasing items at low prices through an online marketplace, but after making payment the victim will either receive a fake item or nothing at all.

Another common methodology is when the victim is the seller of merchandise and the scammer purports to be a potential buyer. The scammer will try to convince the seller that they had transferred too much money by sending a fake screenshot of a money transfer. The scammer will then request the alleged extra funds to be transferred back to them.

Scammers are also known to setup fake websites or clone the website of known retail outlets. They then offer products or services at prices that are too good to be true. They also post fake ads and fake reviews. They may use stolen logos, domain names and stolen Australian Business Numbers (ABN) making these scams extremely hard to spot.

Red flags

  • Luxury items or popular brands being offered at unusually low prices.
  • 'Limited offers' - scammers will try to create a sense of urgency.
  • Requesting unusual or non-secure payment methods including wire or bank transfers, money orders, preloaded gift cards or cryptocurrency.
  • The name of the account you are being asked to transfer money to, doesn't match the person or business you are paying.
  • An online seller doesn't have any terms and conditions, ABN or policies on their website.
  • Website links and the back button is broken or disabled.
  • An online marketplace platform buyer doesn't want to inspect an expensive item and insists a courier, or third party will collect the item.

Protect yourself

  • Shop on trusted websites. Check the website reviews.
  • Navigate directly to websites via your web browser, not via a link provided in a text message, email or social media ad.
  • Check you are purchasing from a real store and not a fake website. Look for the ABN and check it on ABN Lookup (business.gov.au).
  • Use secure forms of payment such as PayPal, BPay or credit card. Dispute resolutions processes exist for these methods if things go wrong. Do not send credit card details via email.
  • Keep communication and purchases with the buyer / seller on the platform.
  • For local online marketplace purchases, meet in a public location and consider taking someone else with you.
  • Cash is the preferred payment for local online marketplace purchases. Be aware that internet banking records can be created. Do not hand over goods, until the money is in your account or hands.
  • If you are buying or selling something expensive, consider using a reputable third-party escrow service.
  • Report immediately if you believe you may be a victim.

Report

  • If you have lost money or believe your bank account details have been compromised, contact your bank immediately.
  • Report to police via ReportCyber or attend your local police station.

Support and resources

Seek support if this happens to you.

Watch our latest video for tips on how to stay safe when shopping on online market platforms.

Threat of arrest scams

What is a threat of arrest scam?

Scammers will impersonate government agencies or organisations, claiming people owe money or need to make a payment. They often use threats of arrest, deportation or harm if they do not agree to pay.

Variations of this scam include:

  • The scammer claims to be from an international law enforcement agency or the Department of Immigration claiming that there is an issue with your visa.
  • Scammers pretend to be from the Australian Tax Office (ATO) and inform the person they have a tax debt that needs to be paid immediately.
  • Automated telephone calls claiming a person’s tax file number has been suspended due to money laundering or criminal activity and there is a legal case against their name.

Contact from the scammer is usually initiated through text message, email or by phone. The caller ID of a phone call is often manipulated to appear as it is coming from a legitimate source.

Red flags

  • The caller ID displays the name of the organisation and not an ‘unknown’ or ‘private’ number.
  • In order to ‘fix’ the issue, the scammer may use threats, demands or requests for money.
  • Scammers often ask for payments through unusual methods such as cryptocurrencies, international money transfers and gift cards.
  • Scammers will attempt to manipulate or coerce their victims into complying with their demands.
  • The scammer will often want you to stay on the phone while you follow their instructions.
  • The scammer may ask for personal information to assist with visa issues, such as passport number, date of birth etc.

Protect yourself

  • Do not trust caller ID.
  • Hang up and do not engage with the caller.
  • Do not provide bank details or send money or gift cards.
  • Never click on links provided within emails or text messages.
  • Don’t be pressured by the scammer, hang up and don’t respond.
  • Verify the identity and story of the caller by calling the relevant organisation using a publicly known phone number. Don’t use any contact details provided by the caller.
  • If you are concerned for your safety, contact the police.
  • If the scam is sent by email, don’t open any attachments, click on links or download files.

Report

  • If you have lost money or believe your bank account details have been compromised, contact your bank immediately.
  • Report to police via ReportCyber or attend your local police station.
  • If the scam is impersonating an existing business or organisation, advise the organisation.
  • If you provided information that you believe compromises your ATO details, advise the ATO immediately.

Support and resources

Seek help if this happens to you. It’s not your fault and you are not alone.

Listen to a threat of arrest scam here

Romance and relationship scams

What is a romance or relationship scam?

Scammers create phony profiles on dating websites and other online applications with the intention of building fake relationships with people. The scammers often continue the communication over an extended period of time and go to great lengths to build trust and convince them the relationship or connection is genuine. As people become more emotionally invested in the relationship, the scammer creates reasons as to why they need money. These monetary requests often initially start small and increase with time.

Red flags

  • Professes strong feelings or love quickly.
  • Request to move communications off platform.
  • They make excuses for not being able to meet or video call.
  • Attempt to isolate people from family and friends, so as to avoid being detected.
  • Requests for money increase and the person can become more aggressive and demanding.
  • Unrealistic stories and explanations.
  • Their profile has little personal information or few friends.

Protect yourself

  • Be careful what information you share with others online as scammers may use this information to target you.
  • Never send money, bank details or identity documents to anyone you have only met online.
  • Don’t be pressured into making decisions or sending information quickly. Scammers will often try to make it appear urgent.
  • Search the scammer’s name online to see if the results are included in any previous scams.
  • Conduct a reverse image search on pictures provided by the person, to see if they have been stolen from other sources online.
  • Act quickly and report if you believe you're a victim.
  • See our information sheet for more tips on avoiding romance scams.

Report

  • If you have lost money or believe your bank account details have been compromised, contact your bank immediately.
  • Report to police at ReportCyber or attend your local police station.
  • Offences against victims under 18 years can also be reported to the Australian Centre to Counter Child Exploitation.
  • If the scammer has shared any intimate images online without your consent, report this to the online platform to have them removed.
  • Contact the eSafety Commissioner to assist in having images removed if the platform failed to take down the content.

Support and resources

Seek help if this happens to you. It’s not your fault and you're not alone.

Sextortion

What is sextortion?

A form of online blackmail where an offender manipulates or coerces someone into sending intimate images or videos and then threatens to disseminate them unless a payment is made.

Other variations of sextortion include:

  • The scammer records the victim when they are on a live stream.
  • The victim’s face is super imposed onto a body in an explicit image.
  • The scammer claims they have found intimate images or hacked your device or web cam to obtain images.

As contact from the scammer is usually initiated through social media, the scammer often has access to images and the person's contact list, making it easier for them to perpetrate the scam.

Red flags

  • Unsolicited contact often on social media or dating websites.
  • It happens quickly. The person quickly becomes overly friendly or affectionate.
  • Request for explicit content. This often happens after the scammer has sent intimate photos of “themselves” first.
  • Reluctant to video chat or meet in person.
  • Threats, demands or request for money.
  • Pressure and manipulation. Scammers will attempt to manipulate or coerce people into complying with their demands.

Protect yourself

  • Be cautious when communicating with unknown people online.
  • Do not send intimate images or videos.
  • Do not pay money to the scammer.
  • Cease communication and collect evidence – photos, screenshots, times and dates, phone numbers, account handles and URLs.
  • Act quickly and report if you believe you are a victim.
  • See our information sheet for more tips on avoiding sextortion scams.

Report

  • If you have lost money or believe your bank account details have been compromised, contact your bank immediately.
  • Report to police via ReportCyber or attend your local police station.
  • Offences against victims under 18 years can also be reported to the Australian Centre to Counter Child Exploitation.
  • If the scammer has shared any intimate images online without your consent, report this to the online platform to have them removed.
  • Contact the eSafety Commissioner to assist in having images removed if the platform failed to take down the content.

Support and resources

Seek help if this happens to you. It’s not your fault and you are not alone.

Watch our video to learn more about sextortion.

Remote access scams

What is a remote access scam?

Scammers make unsolicited calls impersonating well known businesses such as telecommunication companies and banks. They will try to convince people that there are technical or security problems with their device, internet or bank account and they can “help”. They will ask the person to install an application or software onto their device, which will allow them remote access to "fix the problem".

Once the software is installed, the scammer can:

  • Install malicious software that will lock up your system, then demand money for payment to remove the malware (see ransomware).
  • Install key logging software, then get you to check all your bank accounts obtaining your log in and password credentials.
  • Steal private information and credentials.

Red flags

  • Unexpected contact from a person claiming to be from a large telecommunication company or a technical support service provider.
  • Request for you to install a program to prove to you something is wrong with your device or to assist them in fixing the problem for you.
  • Pressure you to install a program. Scammers will attempt to manipulate you into complying with their demands.
  • The caller is very persistent and may become abusive.
  • See our information sheet for more tips on avoiding tech support scams.

Protect yourself

  • Hang up from the scammer.
  • Never install anything at the request of an unsolicited caller.
  • Never give an unsolicited caller remote access to your computer.
  • Protect your computer or device with regularly updated anti-virus and anti-spyware software, and a good firewall. Research first and only purchase software from a source that you know and trust.
  • Act quickly, remove any installed software and run a scan of your device.
  • Report if you believe you may be a victim.

Report

  • If you have lost money or believe your bank account details have been compromised, contact your bank immediately.
  • Report to police immediately via ReportCyber or attend your local police station.

Support and resources

Investment scams

What is an investment scam?

Scammers contact people offering “investment opportunities” that promise high returns with little or no risk. The investment opportunities often involve investing money or buying cryptocurrency. Scammers use convincing marketing techniques via fake websites, social media, email and phone calls to appear legitimate and convince people to act fast and invest. In some cases, people may receive some returns after their initial investment, which entices them to invest more. When the investor attempts to gain access to their money or cryptocurrency, they will realise their investment is gone or they’re unable to access it. The scammer will usually cease all communication with the investor.

Investment scams can present in a variety of forms. To read more about common investment scam types, please see the National Anti-Scam Centre – Scamwatch website.

Red flags

  • Celebrity endorsements via social media for the investment.
  • Testimonials with unrealistic promises of big returns.
  • Online only contacts start talking to you about investing.
  • There is a pressure to act quickly or miss out.
  • Being asked to promote the scheme to friends or family.
  • Offers to assist in setting up a cryptocurrency wallet.
  • Newly registered domain for existing companies.
  • An offer to buy shares or cryptocurrency well below market value.
  • If it sounds too good to be true, it probably is!

Protect yourself

  • Don’t be pressured into making decisions or sending information quickly. Scammers will often try to make it appear urgent.
  • It’s important to seek legal or financial advice from a financial advisor registered with ASIC.
  • Check the International Organisation of Securities Commission’s investor alerts, to ensure the company or website is not named.
  • Check the contact details provided to you are the same as the company’s publicly listed contact.
  • Check the website URL for established companies, ensure they match. Scammers will often have only a slight variation in the URL, so fake websites are less likely to be identified.
  • Check the date the domain was registered. Newer websites for established companies is a red flag.
  • See our information sheet for more tips on avoiding investment scams.

Report

  • If you have lost money or believe your bank account details have been compromised, contact your bank immediately.
  • Report to police via ReportCyber or attend your local police station.
  • If the scam is impersonating an existing business or organisation, advise the organisation.

Support and resources

Seek help if this happens to you. It’s not your fault and you are not alone.

Watch our video on investment scams here.

Employment scams

What are employment scams?

Scammers will advertise and offer jobs via text or emails, asking people to contact them if they are interested. The jobs appear high paying, with not a lot of effort involved. The scammer will pretend to be from a recruitment agency or other high-profile company, and often ask for money so those interested can start their job, or so they can receive their earnings.

Scammers will trick “employees” by paying small amounts at first for tasks or jobs completed.  The tasks become larger and require the victim to pay money to release funds owed.

Scammers launder money, often from other victims and get the victim of the employment scam act as a “money mule”, laundering money, by sending and receiving funds for the scammers, making it harder to track the funds.

Red flags:

  • Receiving a job offer over SMS, or other apps.
  • Sounds too good to be true.
  • You're required to send them copies of your ID.
  • There is no interview.
  • You are told you need to pay money so you can earn money.
  • The job may involve tasks such as, receiving and transferring money, receiving or sending packages for someone else, completing small jobs or tasks as proof, buying/selling cryptocurrency.

Protect yourself:

  • Do not reply to unsolicited messages offering jobs.
  • Do your research prior to accepting any job offer, if it sounds too good to be true it probably is.
  • No legitimate job will make you pay money so you can get your earnings.
  • Act quickly and report if you believe you're a victim.
  • Never send any identity documents. Employment agencies typically want to see the original, not copies or photos of your ID.

Report

  • If you have lost money or believe your bank account details have been compromised, contact your bank immediately.
  • Report to police via ReportCyber or attend your local police station.
  • If the scam is impersonating an existing business or organisation, advise the organisation.

Support and resources

Seek help if this happens to you. It’s not your fault and you are not alone.

Find out more about how this scam works from the National Anti-Scam Centre - Scamwatch.

Business email compromise

What is business email compromise (BEC)?

BEC scams occur when cybercriminals compromise legitimate business or personal email accounts through social engineering or computer intrusion, to manipulate people into transferring them money or private information. These types of scams affect both businesses and customers.

Intrusions occur often when a user/employee clicks on a suspicious link containing malware that can lead to unauthorised access or installation of unauthorised software.

Social engineering occurs when someone is manipulated by a scammer into doing what they want. They use pressure tactics such as making it appear urgent and/or pretending to be another employee within the company.

The most common example of BEC is false billing, Cybercriminals gain access to email accounts and alter legitimate invoices, substituting the payee’s account details with their own.

Malicious software can infiltrate an email system and detect keywords to automatically change invoices almost instantly after being sent.

Red flags

  • Notification that the account details have changed.
  • Invoices have different reference or payment numbers.
  • Unusual email requests for payment or private information from another person within the business or organisation.

Prevention advice

  • Double check payment details with an organisation before making any significant payments.
  • Be suspicious. Contact the business on a known, reputable number to clarify the change in their bank details.
  • Asking for clarification, forwarding an email to your IT department, or checking with a colleague is better than transferring thousands of dollars to the wrong person.
  • If something doesn't feel right, it probably isn't. Encourage employees to trust their instincts and ask “Would my CEO or manager actually tell me to do this?” or “Why isn't this supplier submitting an invoice through our portal?”
  • Slow down. Scammers often time their attacks around the busiest periods of the day for good reason. If an employee is quickly going through emails, they are less likely to pause and consider whether a particular request is suspicious.
  • Protect your computer or device with regularly updated anti-virus and anti-spyware software, and a good firewall. Research first and only purchase software from a source that you know and trust.
  • See our information sheet for more tips on avoiding business email compromise scams.

Report

  • If you have lost money or believe your bank account details have been compromised, contact your bank immediately.
  • Report to police via ReportCyber or attend your local police station.
  • Ensure all parties involved are aware as they may require a qualified IT professional to check the security of their accounts and devices.

Support and resources

Seek help if this happens to you. It’s not your fault and you are not alone.

Ransomware

What is ransomware?

Ransomware is malicious software (malware) that allows scammers access to your device or computer. Once installed, scammers have access to lock up your device and encrypt your data, holding it to ransom. Scammers will demand money, gift cards or cryptocurrency in return for unlocking your device or unencrypting your data.

Malware can automatically be installed on your device after the user has;

  • Opened emails from people they don’t know.
  • Clicked on suspicious links.
  • Visited suspicious websites.
  • Allowed remote access into their device to a scammer.

Red flags

  • A popup screen tells you that you have been hacked and requests payment.
  • There is often a timer to put pressure on you to pay quickly.
  • Your device appears locked and you are unable to use it normally.
  • Files look different and may have different names.
  • Files may require a password.

Protect yourself

  • Do not pay scammers. Payment does not guarantee they will unlock your device.
  • Never click on unknown links or open unknown documents.
  • Do not visit unsafe or suspicious websites.
  • Do not download from unsafe or suspicious websites.
  • Do not open suspicious emails.
  • Other scammers will often advertise on the internet an ability to help by calling a number or installing another program, however they are also scammers.
  • If affected take your device to a reputable IT professional.
  • Regularly back up important data.
  • Protect your computer or device with regularly updated anti-virus and anti-spyware software, and a good firewall. Research first and only purchase software from a source that you know and trust.
  • Act quickly and report if you believe you are a victim.

Report

  • If you have lost money or believe your bank account details have been compromised, contact your bank immediately.
  • Report to police via ReportCyber or attend your local police station.

Support and resources

Find out more about how this scam works from the Australian Cyber Security Centre.

Tax time scams

What are tax time scams?

Every year South Australia Police and the Australian Tax Office (ATO) see an increase in ATO related scams around tax time.

Scammers impersonate the ATO and their employees over the phone, via text message, email and even with fake social media accounts, in an attempt to steal personal information and/or money. Scammers can manipulate the caller ID of phone calls and text messages, to appear as the ATO, police stations or tax agents, making their contact seem legitimate.

Red flags

  • Payment must be made in order to receive your tax refund.
  • A link supplied within the text message or email to log directly into your MyGov or ATO account. Legitimate ATO text messages will NOT contain any hyperlinks.
  • Attachments in emails claiming to be statements or personal tax information.
  • Unsolicited contact from the 'ATO' or a tax agent.
  • Contact from unverified social media account.

Protect yourself

  • Do not trust caller ID.
  • Do not engage.
  • Do not provide bank details or send money or gift cards.
  • Never click on links provided within emails or text messages.
  • Always log directly into your MyGov account to view official correspondence.
  • If you're unsure, always call the ATO or go on the ATO website to verify.

Report

  • If you have lost money or believe your bank account details have been compromised, contact your bank immediately.
  • Report to police via ReportCyber or attend your local police station.
  • Report to the ATO via the ATO website.

Support and resources


Protect yourself

STOP and THINK - Could it be a scam? Don't provide money or personal information to unknown people.

CHECK - Contact the business or individual using a publicly known phone number. Don't click on links provided.

ACT QUICKLY - If you think you've been scammed, contact your bank and report to cyber.gov.au/report.

Use strong passwords / passphrases

Strong passwords or passphrases are one of the strongest measures you can use to secure online accounts.

Tips

  • Where possible, use a passphrase. Passphrases are a mix of random words, usually 4 or more. They are long, unpredictable and harder to be cracked.
  • Consider adding numbers, capital letters and symbols.
  • Do not use identifying or easily obtainable information within your password or passphrase - eg. children or pet's names, year of birth and names.
  • Do not use the same password across multiple online accounts.
  • Use a trusted password manager to help keep track of your passwords.

For further information on creating secure passphrases, visit the Australian Cyber Security Centre.

Use multi-factor authentication (MFA)

Multi-factor authentication (MFA) is a security measure that requires two or more proofs of identity to grant you access, such as a password followed by a code sent to your mobile phone.

MFA helps to protect you against cybercriminals who use previously stolen passwords from one website and try to reuse them to gain access to more online accounts.

To learn more about multi-factor authentication, visit the Australian Cyber Security Centre.

Update your devices regularly

Ensure your device's software is always up to date as cybercriminals, malicious programs and computer viruses can exploit weaknesses in software.

Software developers release regular updates for their products to fix any security concerns and improve functionality. Turning on automatic software updates ensures your software is updated as soon as they become available.

To learn how to update your device, visit the Australian Cyber Security Centre.

Back up important files

Our devices contain lots of personal and important data. This data can be lost through hardware or software failures, theft or viruses. Regularly creating a backup of this important information will help you to recover it in the event that it is damaged, lost or destroyed.

To learn more about backing up data on your device, visit the Australian Cyber Security Centre.

Don't always believe caller ID

Caller ID spoofing allows scammers and cybercriminals to deliberately hide their phone number and display a different phone number on the receiver's phone.

Scammers will often use this tactic to trick people into answering calls they might otherwise not answer. For example, scammers may alter their details to appear as if 'Adelaide Police Station' is calling your mobile phone.

If you are unsure, hang up and call the person or organisation back on a publicly known phone number to check.

To learn more about caller ID spoofing, visit IDCare.


Reporting a cybercrime or scam

Police - Report a cybercrime to police via ReportCyber or attend your local police station.

Financial Institution - If you have lost money or believe your bank account may have been compromised, contact your bank immediately.

National Anti-Scam Centre - Scamwatch - If you receive a scam message, email or phone call, ignore it and report it to the National Anti-Scam Centre - Scamwatch. *If you have been affected by a scam, please report it to ReportCyber.

Australian Centre to Counter Child Exploitation (ACCCE) - For abuse against children (including online grooming, inappropriate contact and coercing and blackmailing children for sexual purposes, including sexual extortion), a report can be made to the Australian Centre to Counter Child Exploitation.


Support and resources

Seek help if this happens to you. It’s not your fault and you are not alone.

Australian Cyber Security Centre - www.cyber.gov.au

National Anti-Scam Centre - Scamwatch - www.scamwatch.gov.au

eSafety Commissioner – www.esafety.gov.au

Victims of Crime SA – www.voc.sa.gov.au

Lifeline – 13 11 14 or www.lifeline.org.au

Kids Helpline – 1800 55 1800 or https://kidshelpline.com.au

IDCare – 1800 595 160 or www.idcare.org


Fact sheets and printable resources

Avoiding Tech Support Scams

Avoiding Romance Scams

Avoiding Investment Scams

Avoiding Sextortion Scams

Avoiding Business Email Compromise Scams

Know the scam

Little Book of Scams

How to protect yourself from scams

How to avoid scams after a data breach

Sextortion

Impersonation and courier scams

Tax time scams

Gift card scams