Input search
Search service error

How to avoid scams in Australia: your reference guide​

 

Introduction
Phishing scams
Investment scams
Remote access scams
Business email compromise scams
Impersonation scams
Romance baiting scams
Takeaways and toolkit

Scammers are becoming increasingly sophisticated in their attempts to part Australians from their hard-earned money, but some simple steps and habits can help keep your savings safe. This guide outlines common techniques employed by scammers and how to identify and avoid them.

Why is it important to learn more about scams?

Historically, scams have been easier to spot than they are now. Scammers are becoming more sophisticated in the ways they identify, approach, and sting their targets. They have developed ways to disguise themselves as legitimate professionals, with tactics that might not immediately appear suspicious or illegitimate.

Their strategies are working - data from Scamwatch shows both the number of people falling victim and the amount of money stolen has risen since the onset of COVID-19.1

Fortunately, you can protect yourself by being aware of common scams and implementing a few simple steps to protect yourself and your finances.

01 

Phishing attacks

‘Phishing’ is the name given to scams which try to steal personal information with fraudulent messages.

Scammers will make contact with their target pretending to be a trustworthy organisation and request personal information. Common ways they do this include asking their target to:

  • verify details for their bank
  • fill out a customer survey
  • confirm credit card details
  • prove your identity.

These messages will often look legitimate, except for a few minor details being incorrect.

Three red flags

  1. Unexpected requests for information: Financial institutions will never ask for security passcodes or passwords in an unsolicited email, SMS, or phone call.
  2. Impersonal greetings: These scams may omit key personal details and not address their target by their proper name.
  3. Suspicious contact details: If the email address, website, or phone numbers included in suspicious messaging don’t match the ones you’ve received in previous conversations, it’s likely a scam.

Phishing emails

Phishing emails often impersonate large, trustworthy organisations or government agencies. They may contain a link asking you to enter your information or to respond quickly to their request via email.

  • Be on the lookout for poor spelling, grammar, urgent requests or other errors in the email that don’t match the organisation’s presentation.
  • Be suspicious of emails with offers that seem too good to be true or that threaten you to take an action they’ve proposed.
  • If you weren’t expecting a message from a person or business, don’t click on the links or open attachments to an email. You can always reach out to the person or business via another communication channel to verify the legitimacy of the message you’ve received.
  • Before you click a link, hover over it to see the actual web address it will take you to. If you don’t recognise or trust the address, you can always search for the article or site via a search engine with relevant key terms the page might use.
  • Utilise a spam filter to block suspicious messages from reaching your inbox.
  • Remember, we’ll never ask you for your passwords, secure codes, bank account details, or card details via email or SMS.

Security tip

Before giving out any personal details, take a moment to pause and independently verify that the person you’re dealing with is legitimate. It’s extremely unlikely that your bank or a legitimate financial institution will ask for these details in a way that surprises you, so taking a brief pause before acting can help you reset and weigh up the likelihood you’re being scammed.

 

 

02

Investment scams

Between January to October 2022 Australians lost $321 million to investment scams, that's an 150% increase compared to the same period last year.2 Scammers will present their target with an opportunity to make big returns on their money, most commonly in one of the following ways:

  • Pitching an investment which does not exist.
  • Falsely saying they represent a well-known company with an investment opportunity.

In both instances, the money allegedly being ‘invested’ goes directly into an account controlled by the scammer. Scammers use numerous techniques to snare their targets, including advertising on search engines and social media, fake websites (including realistic looking news sites or trading platforms), or even making contact out-of-the-blue via phone or email.

Three red flags

  1. Unbelievable returns and safety nets: Scammers will often make claims about the above-market returns investors stand to earn, including suspiciously high projected earnings or a guaranteed minimum. They may also promise a form of insurance, should the investment fail.
  2. Missing documents or accreditations: Check to see if the company you’re dealing with is registered with ASIC, or if the individual you’re speaking to is appropriately licensed. If this information is not publicly searchable, you could be dealing with a scammer.
  3. High-pressure tactics and celebrity endorsements: Scammers will often try to force a decision, often calling regularly and warning that failure to act quickly will mean missing out. They may use fake celebrity endorsements to encourage their targets to invest.

Security tip

Always search for an investment opportunity’s prospectus online. Make sure you do this separately from your interactions with the suspected scammer – and check their credentials independently. These documents should be publicly available.

 

 

03

Remote access scams

A remote access scam involves a scammer convincing the victim to hand over control of their computer or devices remotely by installing a malicious software or enabling the scammer to remotely log in to their device.

Scammers will typically contact their targets and claim to be an IT professional or a member of a fraud and security team who has identified a possible problem. They’ll then ask for access to the victim’s device to resolve the issue. Typically, this process will also involve the victim being asked to log into their bank account, make payments, or confirm security codes.

Once they have access to the device, scammers will regularly claim to have identified a problem which they can fix for a fee. The scam rarely ends here, however. Instead, scammers will use the opportunity to install software themselves that will enable further crimes.

This scam works on intimidating the user, often using technical words and phrases to confuse the victim and employing techniques to build urgency. The scams can be initiated via a cold call, mass-messaged emails to users or via pop-up ads suggesting you’ve got a virus and to call a 1800 number for help.

Three red flags

  1. Unsolicited contact: Remote access scams typically begin with an unsolicited call or SMS to notify you of a problem either with your device or your finances (for example, claiming there’s a problem processing a credit card payment).
  2. Caller becomes pushy or agitated: Although remote access scammers often sound professional at first, they can become annoyed or even angry if their instructions aren’t followed. If the person you’re dealing with becomes noticeably frustrated or forceful, they’re likely not a legitimate IT professional.3
  3. Making unusual requests: Scammers will often make unusual requests of their targets. These commonly include asking them to log into their bank accounts, make payments or disclose security codes.  

Tips on how you can protect yourself from scams

  • always keep your computer up to date with the latest software updates, antivirus software and a good firewall
  • never disclose your personal information, financial account or online account details over the phone unless you made the call and got the number from a reliable source
  • if a stranger asks for remote access to your computer, say no, even if they claim to be from a reputable business.
  • never provide access to your device to someone contacting you out of the blue. Banks and financial services institutions will never ask for remote access to your devices.

 

 

04

Business email compromise scams

In a business email compromise scam, a scammer may send an altered payment instruction (also known as ‘invoice fraud’) via email. Often, scammers will impersonate a business and send fake invoices to customers using different bank details. The customers pay up, unaware the money is not really going to the vendor.

Instance of business email compromise can be spotted by paying close attention to the sender’s address and looking out for small inconsistencies. Other times, scammers will use stolen accounts to send their fraudulent messages from an official email or phone number.

Three red flags

  1. Uncommon requests: If the request being made seems out-of-place, the payment details are unusual or new, or the request is being made by someone unexpected, it’s likely a scam.
  2. Uncharacteristic urgency: As with many scams, business email compromise usually involves a degree of urgency in a bid to force the target to act before thinking.
  3. Uncharacteristic use of personal mail: Inconsistencies in use of email addresses, such as use of a personal email address for a business activity, can be a giveaway that something is amiss. This may be an attempt to impersonate someone in the organisation, and feed into the ‘urgency’ of a request.

Security tip

If you’ve received an order or invoice which doesn’t feel right, contact the business supposedly making the request using a phone number you’ve reliably used in the past to confirm its validity. Don’t rely on the phone number included in a suspicious email.

 

 

05

Impersonation scams

Impersonation scams involve an imposter claiming to be a friend or relative, building trust, and then asking for money or personal details. In 2022, there was a spike in scammers sending messages which began with “Hi mum” through both SMS and encrypted messaging, posing as a child who had lost their phone and was in desperate need of money to replace their broken device.4

The scam can take many forms, however, and scammers have even begun scraping social media accounts for names and profile pictures before making contact. This way a recipient will be greeted with the face of a loved one when they open the fraudulent message – and will often lower their guard.

Three red flags

  1. Not properly identifying themselves: In some instances, scammers might not know who they’re contacting and will only identify themselves with vague phrases like ‘it’s me’. Unfortunately, savvier imposters may use publicly available information to masquerade as specific people.
  2. Urgent requests for money: These scams often include an abrupt but urgent need for money to be transferred. Scammers will claim they need the funds to cover an unavoidable expense, such as replacing a stolen phone, paying a bill, or covering a contractor’s fees.
  3. Unusual contact method or tone: Scammers will often use an unknown number or email address to make contact when impersonating a loved one, and may not have the same style, tone or vocabulary.

Security tip

If you’re unsure about a message you’ve received, always try to contact the person allegedly reaching out through other channels to confirm they are who they claim, and never send money unless you’re certain it’s going to the right person.

 

 

06

Romance baiting scams

By now, many Australians are familiar with romance scams. Scammers use dating sites to build relationships with their targets before fleecing them of their money, claiming they need the cash to purchase flights to come and visit their victim, or cover urgent expenses.

These scams often target older Australians. In recent years, however, a new form of romance scam has emerged which focuses on younger people. Romance baiting still involves scammers developing intimate online relationships with their victims, but rather than make a request for money directly the scammer will instead present an investment opportunity.

Using the rapport they’ve built through messages, the scammer will encourage their target to invest a small amount at first, and gradually encourage them to pump more funds in before breaking off all contact and stealing the cash.

Three red flags

  1. Migrating to encrypted messaging apps: Romance baiters will encourage their targets to start messaging them through an encrypted app, rather than the dating app or site.
  2. ‘Love bombing’: Scammers will try to build their victim’s trust using a technique called ‘love bombing’. This involves the scammer admitting to deep romantic feelings in regular messages (sometimes sending multiple daily). The target will sometimes begin to develop feelings themselves, making them easier to manipulate.
  3. Suggesting starting small: Romance baiters often encourage their targets to start small and invest a manageable sum into their account. Over time, they will push for more to be invested, claiming it will increase the target’s returns.

Security tip

Never transfer money to, or take financial advice from, someone you haven’t independently sourced and verified through publicly available, legitimate sources.

 

 

Takeaways

Three simple steps to protect yourself:

Pause

Look for red flags:

  • Unexpected requests for information. 
  • Grammar and spelling errors. 
  • Unusual contact details. 
  • Urgent requests or threats. 

 

Process

  • Always think twice. 
  • Were you expecting this call, email or SMS?
  • Take a second, breathe, and think. 

 

Proceed

  • If you're unsure, ask someone you trust. 
  • Always navigate to the organisation's website yourself to log in. 
  • Never give out your online banking password or security passcode to anyone or to any organisations. 

 

Toolkit

Macquarie’s Scams Hub

Learn more about how to detect and avoid scams, and ways to keep your bank accounts, personal information and savings safe.

Visit Scams Hub
 

Scamwatch

Ongoing updates, data and information about scams in Australia.

Visit Scamwatch
 

ASIC

Information on the people and companies you’re dealing with, and for information on what to do if you’ve been scammed.

Visit ASIC
 

 

 

Additional Information

Footnotes

1 D Rickard et al, ‘Targeting scams: Report of the ACCC on scams activity in 2021’ Australian Competition and Consumer Commission, July 2022, accessed 5 October 2022

2 Scamwatch, ‘Scams statistics’, ACCC, N.D, accessed 21 November 2022

3 Scamwatch, ‘Remote access scams’, ACCC, N.D, accessed 10 October 2022

4 Australian Competition and Consumer Commission, ‘ACCC warning of suspicious messages as “Hi Mum” scams spike’, 23 August 2022, accessed 11 October 2022

Other sources include ASIC, Scamwatch and MoneySmart.

Disclaimer

This information has been prepared by Macquarie Bank Limited ABN 46 008 583 542 AFSL and Australian Credit Licence 237502 and does not take into account your objectives, financial situation or needs. Before making any financial investment decision or a decision about whether to acquire a product, a person should obtain and review the offer documents relating to that product and also seek independent financial, legal and taxation advice. Lending criteria, fees and T&Cs apply. We make no guarantee concerning the accuracy of data and information contained on third party websites.