Scams and data breaches

Download PDF

Scams target everyone.  You can be scammed online, by phone, by post, and in person.  Increased scam activity can happen to you if you have been affected by a data breach.  It is important to stay vigilant for scams and act quickly should something go wrong.

With scammers continually developing new ways to catch people out, we need to increase our vigilance in checking for those little clues that can alert us that something is a scam.

This page has information about things you can do to reduce your chances of being scammed, how to spot a scam and scam awareness do’s and don’ts. It also has information about what to do if you have been scammed, what to do if your information was exposed in a data breach, and what to do if you have debt due to fraud (or identity theft).

Three ways to avoid scams


Don’t give money or personal information to anyone if you are unsure.

  • Scammers can pretend to be anyone online, on the phone, in emails, and text messages. They will usually start by offering to help you or ask you to verify who you are.
  • Often, scammers will pretend to be from organisations you know and trust like Telstra, Optus, your health fund, Centrelink, police, a bank, government, a fraud service and others. You can never be entirely sure who you are dealing with when you are contacted out of the blue.


Don’t click on links or respond to callers before you know it is real.

  • Ask yourself “could the message or call be fake?”
  • Never click on a link in a message.
  • Only contact businesses or government using contact information from their official website or through their secure apps.
  • If you are not sure just say no, hang up, or delete.


Act quickly.  Call your bank to secure your accounts.  Seek help and report scams.

  • Act quickly if something feels wrong.
  • Contact your bank if you notice some unusual activity or if a scammer gets your money or information.
  • Seek help from IDCARE and report to ReportCyber and Scamwatch.

Spot a scam

Learn to identify key signs of a scam and protect yourself. If you spot any of the following signs—stop and check whether an offer or communication is real:

  • Someone you don’t know contacts you out of the blue.
  • Something urging you to act quickly.
  • A caller threatening you for immediate payment.
  • Messages and emails asking you to click on links or open attachments.
  • Someone asking for your passwords, or personal and financial details.
  • Offers that sound too good to be true. such as an online shopping deal, the chance to invest in an ‘amazing’ scheme, that you’ve won a competition or that you have an unclaimed inheritance
  • A caller asking to remotely access your computer.
  • Requests for payment via unsecure or unusual methods such as cryptocurrency, gift cards or bank transfer.
  • Requests asking for payment to a new bank account.
  • Requests asking you to pay for something in advance.
  • Unsolicited offers of financial or investment advice.
  • Offers to make fast or guaranteed money with little to no risk.

To keep up to date on scams, subscribe to Scamwatch email alerts and follow @Scamwatch_gov Twitter. Or visit the Scamwatch website for more information.

Scam awareness DO’s and DON’Ts

Be careful of links and attachments:

Don’t click on or download anything you don’t trust, especially in unexpected or suspicious texts or emails.

  • If unsure, check that a communication is real by contacting the person or organisation directly using details you’ve found yourself.
  • Scammers can spoof phone numbers and emails so they appear to be sent from a genuine source. Don’t automatically trust something just because it appears in a previous conversation with a trusted source.
  • Make sure your antivirus software is up to date.

Protect your personal information:

Never give personal information to a stranger. Scammers will pose as a legitimate contact to get your details to hack your accounts or steal your identity.

  • Anyone asking for your passwords or access to your device is likely a scammer.
  • For added security enable two-factor authentication on your accounts where possible.
  • Use strong password phrases for your online accounts and protect your network and devices with antivirus software.
  • Regularly change your passwords.

Be careful with payments:

Use secure payment methods such as credit card.

  • If a known contact claims they have a “new” bank account, phone number or other details, call the person to confirm using a trusted number you’ve used before.
  • When making a large payment to a new recipient, or recipient who claims to have changed their bank account, always call to confirm their bank details using a number found on their website or that you have used before.

Verify before you buy:

If you’re buying something on a site or through a seller you haven’t used before, do your research first.

  • Look for the sellers’ terms and conditions, ABN, and physical address. The company’s address should have a street name, not just a post office box.
  • Search a seller or business name and details online for independent reviews.
  • Don’t rely on seeing a padlock in the address bar of your browser – this doesn’t guarantee you’re buying from a real company.

Research any opportunity that’s too good to be true

Be wary of anyone that claims you can make easy, fast or guaranteed money.

  • Seek professional advice from a registered financial advisor and check they’re registered on the ASIC website.
  • Do your research before making any decisions and check Moneysmart and Scamwatch for information on investment scams.

What to do if you have been scammed

  1. Contact your bank or financial institution immediately.  If you have sent money or shared your banking or credit card details, with the scammer, they may be able to stop or reverse a transaction.  They can also help you put added security on your bank accounts, block the affected credit card, or issue you with new cards.
  2. Check your bank statements regularly and act immediately if there is a problem. If you have been the victim of fraud, then there are rules which can assist you in getting your money back. Banks and other credit institutions must follow the ePayments Code which mandates refunds depending on the cause of the loss.
  3. Change your online passwords.  If you think your computer or device has been hacked or infected with malware or ransomware, use your security software to run a virus check.  If you think one of your online accounts (e.g. your bank account, email, online shopping account or social networking site) has been compromised, you should change your password immediately.
  4. Make a police report. If you have been a victim of cybercrime or identity fraud you can report this to police via Reportcyber.
  5. You can contact IDCARE. This is a free service which can help people recover from a cybercrime or stolen identity,
  6. You can contact IDCARE on 1800 595 160. IDCARE is Australia and New Zealand’s national identity and cyber support service. They provide a free and confidential support service for people impacted by scams and identity crimes.
  7. Report the scam to Scamwatch
  8. Help by warning others. Report the scam to the appropriate organisation or government agency to help warn them about the scam that is imitating them. If the scam occurred on social media report it to the social media platform. Warn your friends and family about these scams.

What to do if your information has been exposed in a data breach

Serious damage can occur when your information winds up in the wrong hands because of a data breach, but there are steps you can take to protect yourself.

  1. Contact the organisation that has experienced the data breach. They should be able to tell you if your data was stolen and what information of yours the criminals took. Their responsibility and priority to you, as their customer, is to provide you with important information, advice and support that meets your personal needs.
  2. Look out for scams. Scammers will use the data breach and target people exposed by it in any way they can. Practice the ‘Three ways to avoid scams’ and ‘Scam awareness Do’s and Don’ts’ we have detailed above.
  3. Secure your bank accounts. Tell all your banks or credit providers that you have been a victim of a data breach and work with them to put measures in place to protect your finances e.g. setting transaction limits, enabling multi-factor authentication, additional security questions, using other forms of ID to verify your identity.
  4. Place a ban on your credit files. You can apply to the three credit reporting agencies in Australia for a ban to be placed on your credit files.  This will stop people fraudulently getting credit or loans in your name.  This is a free service.  See the IDCARE credit ban factsheet or go to our page on Credit Reports for more information.
  5. Contact your Superannuation Fund. Tell your Superannuation Fund that you have been a victim of a data breach and work with them to put measures in place to protect your money e.g. an alert to be placed on your account, additional security question, placing a hold on any activity.
  6. Check if you need to replace your driver’s licence. Most states and territories will allow you to replace either or both your driver licence number and card number.  By changing either of these it will make it harder for criminals to take out loans in your name. For more information about whether you need to replace your driver licence, please contact your state or territory road transport authority
  7. Check if you need to replace your passport. If your passport has been exposed in a data breach it will usually be blocked through the Document Verification Service and you won’t be able to use it for online verification. For more information about whether you can or need to replace your passport, please contact the Australian Passport Office.
  8. Check if you need to replace your Medicare Card. Many people use their Medicare card details as a source of identification. If your Medicare number has been exposed in a data breach, you can get a new card and number for free. For more information, please contact Services Australia.
  9. Contact your telecommunications and internet providers and other online services. Contact your telco and internet providers, tell them about the data breach and request additional security on your accounts.  If you have online services accounts (like Buy Now Pay Later, Uber, eBay, and other online accounts) be sure to place extra security on these.  Criminals commonly use these accounts to make fraudulent purchases.
  10. Change your passwords. Change your online banking and email account passwords.  Use different passwords for each account.  The stronger the password, the better the security it will provide for your accounts. For more information, see the Australian Cyber Security Centre.
  11. Change the email address you use for important accounts. Your email address may now be in the hands of a criminal.  If it is possible, you may want to stop using that email account for important things e.g. bank accounts, telco accounts, Apple ID or Google recovery email, MyGov account or other government services.
  12. Contact IDCARE for more help. IDCARE is Australia and New Zealand’s national identity and cyber support service. They provide a free and confidential support service for those impacted by scams, data breaches and identity theft.  You can contact IDCARE on 1800 595 160.

What to do if you have debt due to fraud (or identity theft)

If you believe there is a debt in your name that has been fraudulently created because of identity theft, due to a scam or data breach, then act quickly.

  • In addition to the above actions, contact the alleged creditor immediately.
  • Ask for details of the alleged debt, when and how it was made and make clear that it is not yours.
  • Tell them that you have been the subject of a scam or data breach.
  • You may be asked proof of your identity e.g., driver’s licence to assist in resolving the situation. It will be up to you whether to provide it.
  • The fraudulent debt should also be reported to either your local police — call 131 444 or ReportCyber.
  • If you are contacted by a debt collector about the fraudulent debt then advise them that the debt is not yours, you are the subject of fraud, that they must put a stop to all action while you try and resolve this with the creditor.
  • If you are not getting a successful outcome, with either the creditor or debt collector, you may be able to dispute the debt in a free external dispute resolution service.

These situations can become complex so if you are in anyway unsure, or you are not being listened to by the creditor or the debt collector, then call us on 1800 007 007 to speak with one of our free financial counsellors. While our free financial counsellors can’t give you legal advice, if your situation requires it, they can refer you to a free community legal service that can advise you.

Speak to one of our financial counsellors

If you have been the victim of a scam or data breach or fraud, and you are experiencing financial hardship or you just don’t know where to start, you can speak with one of our financial counsellors.

Financial counsellors aren’t judgmental about your circumstances – they’re here to offer you free, confidential and independent advice and assistance.

To speak to a financial counsellor you can:

  • Call the National Debt Helpline on 1800 007 007 – open Weekdays from 9:30 am to 4:30 pm.
  • Use our live chat service by clicking the chat icon in the bottom right corner of your screen. Live chat is available 9:00am-8.00pm weekdays. If you send a message outside these hours a financial counsellor will get back to you.
  • Make an appointment to see a financial counsellor in your local area. Find a local financial counsellor on this map.