Scams can target anyone, whether it’s online, over the phone, through the mail, or in person. Increased scam activity can happen to you if you’ve been affected by a data breach. It’s important to stay alert to scams and act quickly if something goes wrong.

Scammers are always coming up with new tricks, so we need to be extra careful and notice any signs that something is a scam.

This page has information about how to reduce your chances of being scammed, how to spot a scam and scam awareness do’s and don’ts.

It also has information on what to do if you’ve been scammed, if your information was exposed in a data breach, or if you’re dealing with debt due to identity theft, resulting from a scam or data breach.

Three ways to avoid scams

STOP

Don’t give money or personal information to anyone if you’re unsure.

• Scammers can pretend to be anyone online, on the phone, in emails, and text messages. They will usually start by offering to help you or ask you to verify who you are.
• Scammers will often pretend to be from organisations you know and trust like Telstra, your health fund, Centrelink and others. You can never be entirely sure who you’re dealing with when you’re contacted out of the blue.

THINK

Ask yourself “could the message or call be fake?”.

• Never click on a link in a message or respond to callers before you know it’s real.
• Only contact businesses or government using contact information from their official website or through their secure apps.
• If you’re not sure just say no, hang up, or delete.

PROTECT

Act quickly if something feels wrong.

• Call your bank to secure your accounts if you notice unusual activity or if a scammer gets your money or personal information.
• Seek help from IDCARE and report the scam to ReportCyber and Scamwatch.

Spot a scam

Learn to identify key signs of a scam and protect yourself. If you spot any of the following signs, stop and check whether an offer or communication is real:

• Someone you don’t know contacts you out of the blue.
• You feel pressured to act quickly.
• You are asked to provide your username, password, or personal information.
• A caller saying they’re from a government department or law enforcement, threatening you with arrest or deportation unless you make immediate payment.
• A message asking you to open or download an attachment. These can install malicious software on your computer or phone, giving the scammer access to your personal data.
• Offers that sound too good to be true such as an online shopping deal, the chance to invest in an ‘amazing’ scheme, that you’ve won a competition or that you have an unclaimed inheritance.
• A caller asking to remotely access your computer.
• Requests for payment via insecure or unusual methods such as cryptocurrency, gift cards or bank transfer.
• A business asking you to use a different bank account and BSB from the last payment you made to them.
• You are asked to transfer money to an account to ‘keep it safe’ or for ‘further investigation’.
• Requests asking you to pay for something in advance.
• Unsolicited offers of financial or investment advice.
• Offers to make fast or guaranteed money with little to no risk.

To keep up to date on scams, subscribe to Scamwatch email alerts and follow @Scamwatch_gov Twitter. Or visit the Scamwatch website for more information.

Scam awareness DO’s and DON’Ts

Be careful of links and attachments:

Don’t click on or download anything you don’t trust, especially in unexpected or suspicious texts or emails.

• If unsure, check that a communication is real by contacting the person or organisation directly using details you’ve found yourself.
• Scammers can spoof phone numbers and emails so they appear to be sent from a genuine source. Don’t automatically trust something just because it appears in a previous conversation with a trusted source.
• Make sure your antivirus software is up to date.

Protect your personal information:

Never give personal information to a stranger. Scammers will pose as a legitimate contact to get your details to hack your accounts or steal your identity.

• Anyone asking for your passwords or access to your device is likely a scammer.
• For added security enable two-factor authentication on your accounts where possible.
• Use strong password phrases for your online accounts and protect your network and devices with antivirus software.
• Regularly change your passwords.

Be careful with payments:

Use secure payment methods such as credit card.

• If a known contact claims they have a “new” bank account, phone number or other details, call the person to confirm using a trusted number you’ve used before.
• When making a large payment to a new recipient, or recipient who claims to have changed their bank account, always call to confirm their bank details using a number found on their website or that you have used before.

Verify before you buy:

If you’re buying something on a site or through a seller you haven’t used before, do your research first.

• Look for the sellers’ terms and conditions, ABN, and physical address. The company’s address should have a street name, not just a post office box.
• Search a seller or business name and details online for independent reviews.
• Don’t rely on seeing a padlock in the address bar of your browser – this doesn’t guarantee you’re buying from a real company.

Research any opportunity that’s too good to be true

Be wary of anyone that claims you can make easy, fast or guaranteed money.

• Seek professional advice from a registered financial advisor and check they’re registered on the ASIC website.
• Do your research before making any decisions and check Moneysmart and Scamwatch for information on investment scams.

What to do if you’ve been scammed

1. Contact your bank or financial institution immediately. If you have sent money or shared your banking or credit card details with the scammer, your bank may be able to stop or reverse a transaction. They can also help you put added security on your bank accounts, block the affected credit card, or issue you with new cards.
2. Check your bank statements regularly and act immediately if there’s a problem. If you’ve been a victim of fraud, there are rules which can assist you in getting your money back. Banks and other credit institutions must follow the ePayments Code which mandates refunds depending on the cause of the loss.
3. Change your online passwords. If you think your computer or device has been hacked or infected with malware or ransomware, use your security software to run a virus check. If you think one of your online accounts (e.g. bank account, email, online shopping account or social networking site) has been compromised, you should change your password immediately.
4. Make a police report. If you have been a victim of cybercrime or identity fraud you can report this to police via Reportcyber.
5. Contact IDCARE, Australia and New Zealand’s national identity and cyber support service. They provide a free and confidential support service for people impacted by scams and identity crimes. You can call them on 1800 595 160 or visit their website to find out more.
6. Report the scam to Scamwatch.
7. Warn others. Report the scam to the appropriate organisation or government agency to help warn them about the scam that’s imitating them. If the scam occurred on social media, report it to the social media platform. Warn your friends and family about these scams.
8. Speak to a free financial counsellor. If a scam is causing you financial hardship, you can speak to one of our free financial counsellors. See below for more details.
9. Reach out for emotional support. Being scammed is a horrible experience and it can happen to anyone. If you need someone to talk to, reach out to family and friends or you can contact Lifeline on 13 11 14 or Beyond Blue on 1300 224 636.

What to do if your information has been exposed in a data breach

Serious damage can occur when your information winds up in the wrong hands because of a data breach, but there are steps you can take to protect yourself.

1. Contact the organisation that has experienced the data breach. They should be able to tell you if your data was stolen and what information of yours the criminals took. Their responsibility and priority to you, as their customer, is to provide important information, advice and support that meets your needs.
2. Look out for scams. Scammers will use the data breach and target people exposed by it in any way they can. Practice the steps we explained in earlier sections of this page.
3. Secure your bank accounts. Tell all your banks or credit providers you’ve been a victim of a data breach and work with them to put measures in place to protect your finances. These measures could include setting transaction limits, enabling multi-factor authentication, additional security questions, and using other forms of ID to verify your identity.
4. Place a ban on your credit files. You can apply to the three credit reporting agencies in Australia for a ban to be placed on your credit files.  This will stop people fraudulently getting credit or loans in your name.  This is a free service. See the IDCARE credit ban factsheet or go to our page on Credit Reports for more information.
5. Contact your superannuation fund. Tell your super fund you have been a victim of a data breach and work with them to put measures in place to protect your money (e.g. an alert to be placed on your account, additional security question, placing a hold on any activity).
6. Check if you need to replace your driver’s licence. Most states and territories will allow you to replace either or both your driver’s licence number and card number. Changing either of these will make it harder for criminals to take out loans in your name. For more information about whether you need to replace your driver’s licence, contact your state or territory road transport authority.
7. Check if you need to replace your passport. If your passport has been exposed in a data breach it will usually be blocked through the Document Verification Service and you won’t be able to use it for online verification. For more information about whether you can or need to replace your passport, contact the Australian Passport Office.
8. Check if you need to replace your Medicare Card. Many people use their Medicare card details as a source of identification. If your Medicare number has been exposed in a data breach, you can get a new card and number for free. For more information, contact Services Australia.
9. Contact your telecommunications and internet providers and other online services. Contact your telco and internet providers, tell them about the data breach and request additional security on your accounts. If you have online services accounts (like buy now pay later, Uber, eBay, and other online accounts) be sure to place extra security on these. Criminals often use these accounts to make fraudulent purchases.
10. Change your passwords. Change your online banking and email account passwords, using different passwords for each account. The stronger the password, the better the security it will provide for your accounts. For more information, see the Australian Cyber Security Centre.
11. Change the email address you use for important accounts. Your email address may now be in the hands of a criminal. If possible, you may want to stop using that email account for important things (e.g. bank accounts, telco accounts, Apple ID or Google recovery email, MyGov account or other government services).
12. Contact IDCARE for more help. IDCARE is Australia and New Zealand’s national identity and cyber support service. They provide a free and confidential support service for those impacted by scams, data breaches and identity theft. You can contact IDCARE on 1800 595 160.

What to do if you have debt due to fraud (or identity theft)

If you believe there’s a debt in your name that has been fraudulently created because of identity theft, due to a scam or data breach, then act quickly.

In addition to the actions detailed above:

• Contact the alleged creditor immediately.
• Request details about the alleged debt, including when and how it was incurred, and make it clear it’s not yours.
• Tell them you’ve been the subject of a scam or data breach.
• If asked for proof of your identity, such as a driver’s licence to assist in resolving the situation, it will be up to you whether to provide it.
• Report the fraudulent debt to either your local police by calling 131 444 or ReportCyber.
• In case a debt collector contacts you about the fraudulent debt, tell them the debt is not yours, you’re the subject of fraud, and ask them to stop all actions while you try to resolve the matter with the creditor.
• If your efforts with the creditor or debt collector aren’t successful, consider disputing the debt in a free external dispute resolution service.

These situations can become complex, so if you’re unsure or you’re not being listened to by the creditor or debt collector, call us on 1800 007 007 to speak with one of our free financial counsellors.

While our free financial counsellors can’t give you legal advice, if your situation requires it, they can refer you to a free community legal service that can advise you.

Speak to one of our financial counsellors

If you have been the victim of a scam or data breach or fraud, and you are experiencing financial hardship or you just don’t know where to start, you can speak with one of our financial counsellors.

Financial counsellors aren’t judgmental about your circumstances – they’re here to offer you free, confidential and independent advice and assistance.

To speak to a financial counsellor you can:

• Call the National Debt Helpline on 1800 007 007 – open Weekdays from 9:30 am to 4:30 pm.
• Use our live chat service by clicking the chat icon in the bottom right corner of your screen. Live chat is available 9:00am-8.00pm weekdays. If you send a message outside these hours a financial counsellor will get back to you.
• Make an appointment to see a financial counsellor in your local area. Find a local financial counsellor on this map.