Scams on your phone, in your email inbox and on the internet seem like an unavoidable thing in 2024, with bad actors constantly posing as businesses or government organisations to try and get money out of you. At the very least, you’ve probably received a dodgy text message that reads funny while also demanding money from you – but don’t be caught off guard, as these could have a huge financial impact on you or somebody you love.
Billions of dollars are lost to scams in Australia every year. With different scam methods constantly evolving, it’s a ongoing challenge for government bodies like Scamwatch to keep up. However, that doesn’t mean all hope is lost. By being scam aware, you can keep yourself and your family safe from scammers by keeping your banking and personal information secure.
That’s why we’ve put this article together – to give you an idea of what to look for when you suspect a scammer is targeting you.
Monthly snapshot – September 2024
In the lead up to the second Amazon Prime Day sale and Black Friday, be extra vigilant of financial scams that may target your back pocket. These may take the form of malicious emails or text messages that alert you to a fake pending transaction or a nonexistent failed delivery to your address.
On August 29, Amazon warned that it had seen an uptick in impersonation scams internationally, where a scammer attempts to illicit banking information from the victim over the phone, text or email. The company noted that it would never ask for payment information outside of its official website or app and that Amazon users can check the legitimacy of a message by accessing the ‘Message Centre’ section of the Amazon website under ‘Your Account’.
“Be wary of false urgency. Scammers may try to create a sense of urgency to persuade you to do what they’re asking. Be wary any time someone tries to convince you that you must act now,” Amazon said.
On September 6, the Commonwealth Bank warned that Australian consumers were being inundated with SMS messages designed to impersonate the bank. Receivers of the scam messages would be asked to disclose sensitive information, such as NetBank IDs, CommBiz IDs and personal information like phone numbers and email addresses.
“These messages may seem legitimate, and might even show up in the same thread as real messages from us. However, they are not from CommBank. We will never ask you for your details through a link in an email or SMS message,” CommBank said.
According to the ACCC, Australians lost a total of AU$2.7 billion to scams in 2023. More than 601,000 scam reports were made, with AU$1.3 billion lost to investment scams. People over the age of 65 lost the most during the record period, with text messages being the most commonly reported point of contact for scammers.
Common scams in Australia
Below are several examples of common scams that can happen in Australia. These scams target Aussies over email, the phone, SMS, social media and through legitimate websites like Amazon and eBay, so when you receive a message or see a deal that’s too good to be true, remember to just think about it for a moment.
The ACCC recommends a three-step approach to thwarting scams:
- Stop: Don’t rush into a deal as scammers will typically create a sense of urgency to entice you into a mistake
- Think: Scammers typically impersonate businesses or government bodies that you know. Consider if what you’re being told makes sense depending on the sender, and before committing to anything, check with the business or government department directly
- Protect: If it feels wrong, act quickly to stay safe. Contact your bank immediately if you’ve shared any financial information or transferred money. Get in touch with Scamwatch to report the scam when you get a moment
Online romance scams
“Pig butchering” is a romance investment scam where the scammer forms a relationship with the victim, often making a connection through social media or dating apps, and hints at a lavish lifestyle earned through cryptocurrency. As the scammer earns the victim’s trust, they will direct the victim to put money into what looks like a legitimate investment site or app. These clones are convincing enough that people invest high amounts of money, but soon find out they are unable to withdraw their gains, with the scammer cashing out once the victim refuses to add any more funds into the scheme.
Scams like this have contributed up to AU$3,800 lost every hour in 2023 according to the Australian Federal Police, and it’s an ongoing issue in 2024.
Product and service scams
A common type of scam takes place when a scammer attempts to impersonate a legitimate website, or listings on a legitimate website, in an effort to syphon money from unsuspecting users without providing the service they think they’re paying for.
By Scamwatch’s definition, this is known as a product and service scam, and it can take place anywhere on the internet – be it a bargain deal on a website like eBay or Amazon, a dodgy listing on Airbnb or Booking.com, or a faked version of a website like Kmart. These scams prey on customers that don’t have great awareness of inauthentic behaviour on the internet, so it pays to do your research to uncover if a listing is from a reputable seller.
Phishing and impersonation scams
Phishing scams are quite common. Bad actors will send people texts or emails, or attempt to call them, to either harvest personal information from them (such as login information or addresses) or to take money from them directly. This is achieved by leading the user on and getting them to give this sensitive information willingly to the scammer, be it through a website, by texting or emailing it back to them. With this, a user’s personal information or bank account may become compromised.
These scams often overlap with impersonation scams, where a scammer will pose as an established business or government authority to seem more legitimate.
Fake job scams
A type of scam that is on the rise in 2023 and 2024 is the fake job scam, where a scammer will pose as an employer of a business eager to hire you, but will require you to send them cash first. Any job that requires you to pay the business upfront before you start should be examined and considered carefully, as you’ll often be offered a position that’s too good to be true. It’s also common for scammers to pose as a recruitment agency to conduct this kind of scam.
Threats and extortion scams
Scammers may attempt to extort money out of you by threatening with a virus, a fee or an unpaid bill. While scammers that are threatening and extorting a person may fall under the impersonation scams category, there’s also space to talk about scammers leveraging world events in an attempt to get money out of your account.
A good example is the CrowdStrike outage, in which millions of computers internationally needed to be manually rebooted, as they were stuck in a constant bluescreen boot loop. Scamwatch reported in July 2024 that scammers were using the outage to request personal information or cash to ensure that their devices or businesses wouldn’t fall victim to the issue.
‘Hi Mum’ impersonation scams
Bad actors may attempt to get in touch with you by impersonating a real person that you know well, such as your son or daughter, and ask for cash directly.
In 2023, these quickly became known as ‘Hi Mum’ scams, where a scammer would attempt to leverage goodwill with somebody they were pretending to be related to in an attempt to get them to send cash. Remember: if somebody you know is asking for cash or sensitive information, get in touch with them directly outside of the communications you’re having with a supposed scammer. It’s also important to not act too hastily, lest you make a mistake.
These scams may not necessarily have any ‘Hi Mum’ identifiers and could, instead, pose you with a scenario – for example, the texter ID could read ‘Dad’ and the message could say that they left their card at home and want money for a transaction. If you don’t know them, don’t follow through with it. If you do know them, but the message isn’t from their usual number, call the number you’re used to and find out directly.
Unpaid tolls
A common scam that peaks during certain times of the year has to do with unpaid tolls. In this instance, an email or text message is sent claiming that you haven’t paid your toll fees, and urging you to pay it ASAP via a suspicious link. It’s easy to spot if you don’t drive near any toll roads, but if you’re a frequent driver, the scammer is hoping you’ll panic and click through to pay your fake overdue fees before you realise what’s actually happening.
False delivery texts
Have you received multiple unexpected SMS messages regarding undeliverable parcels? We certainly did – several members of our team provided snapshots of frequent text messages from random mobile numbers claiming that their delivery address needed to be updated. Often, these would be received around the same time, either in the morning, hoping to catch people who have just woken up, or in the evening, multiple times a week, pretending to be from companies like Australia Post. They would include suspicious links to ‘solve’ the delivery issues, which will lead the recipient to dodgy websites that can steal your information – never click on those links.
Subscription renewal/new sign up scams
There’s a subscription service for just about anything, and scammers have been known to impersonate brands, as well as create fake ones, in order to try and get your money or extract valuable personal information such as passwords. A subscription renewal or new sign up scam typically involves you being contacted unexpectedly via email, text or phone call by a scammer impersonating a brand. For example, the scammer may claim to be a representative from Amazon, and they may create a sense of urgency to renew your membership or subscription through a malicious link.
Facebook Marketplace & PayID scams
Scams on Facebook Marketplace and similar websites can target both buyers and sellers, and listings themselves can be for products that don’t exist. One particular scam on Facebook Marketplace which targets sellers involves a buyer requesting to make a payment via PayID, which means the seller will have to share their phone number or email. The seller will then receive a fake PayID email or text message, claiming that their PayID account requires a minimum amount and the scammer will offer to pay the extra so long as they get a refund right away. However, the unsuspecting seller is then left out of pocket with no successful sale if they follow through with it.
Fake celebrity endorsements
These scams tend to be found as advertisements on websites including Facebook and YouTube (but can really pop up anywhere, including on major news and entertainment websites) where the scammer has paid for a sponsored ad placement. They feature a well-known Australian individual such as a celebrity or politician, who’s being impersonated through video manipulation or photo editing, often with an outrageous claim alongside the image. The ads will often use a salacious ‘clickbait’ style heading, such as claiming to expose a shocking scandal, or tips for getting rich with cryptocurrency.
Current Prime Minister Anthony Albanese, TV personalities David Koch and Richard Wilkinson, entrepreneur Dick Smith, and many other prominent Australian figures have been impersonated online to try and con users into clicking onto sites that could have malware, or attempt to trick you into providing personal information or invest in too-good-to-be-true cryptocurrency schemes.
Unofficial ticket resellers
Unofficial or fraudulent ticket resellers is another form of a buying or selling scam. With big artists often touring Australia, many fans are desperately trying to find tickets to massive sold-out concerts. You should be very careful about buying tickets from unofficial resellers however, as this is a prime opportunity for scammers to take advantage of keen concert goers by selling fake tickets through places including Facebook Marketplace, eBay and Gumtree. We highly recommend you go through official resellers, such as Ticketek Marketplace and Tixel, for each concert, otherwise you might suffer from more than just FOMO.
Fake products
Since the early days of online shopping, consumers have been reporting scams involving false advertising. This is an ongoing issue to this day, with scammers often copying the details from a legitimate product listing and posting it on a fake website or under a fake profile on a genuine one. The scammer poses as a real online seller by promising products they don’t actually have, and instead sending unaware buyers junk knock-offs or nothing at all. Places such as Temu and Wish have been known to have product listings like this, but it’s an issue found far and wide across the web.
Scams in Australia: key information
What is a scam?
A scam is a scheme that attempts to steal either money or personal information from an unsuspecting party (either an individual or a business) through lies, manipulation and false pretences. Scammers are able to reach more people now than ever due to evolving communication technologies – you can be scammed in person, on the phone, through text messages or emails, across social media or simply by visiting a fake website. Each and every year there are new scams popping up, though these typically fall under one of seven major categories.
What are the different types of scams?
According to the ACCC’s Scamwatch, there are seven main types of scams:
Romance scams
These scams involve convincing someone into, or promising some kind of relationship, including both romantic and platonic, so the scammer can take advantage of the unsuspecting party’s finances.
Investment scams
In this case, the scammer will try to get you to invest in some scheme – it could involve something like cryptocurrency, NFTs, or some other get-rich-quick opportunity that involves an initial monetary investment from you to get started. Investment scams typically involve the loss of large sums of money, and can be devastating to both individuals and businesses.
Product and service scams
Product scams have been rife since the early days of the internet – we’ve likely all heard the horror story of someone buying a product only for it to be something completely different on arriva, or never show up at all. These scams still exist, and can even take the form of a service rather than a physical object. Basically, with this type of scam, you don’t get what you pay for, and can even put your sensitive information such as payment and contact details at risk.
Threat and extortion scams
Some scammers will threaten to cause some form of harm to you or someone you know if you don’t go along with a request. These types of scams might suggest they have compromising photos, or claim to hijack your PC among other scary situations in order to take advantage of your fear and urgency.
Jobs and employment scams
It can already be a challenge to find a job, and scammers have found ways to use this to their advantage. A job or employment scam might involve some monetary contribution to hold a promised position offered to someone, or it could involve false job advertisements where your information is stolen on application.
Unexpected money
If it’s too good to be true, it likely is. While we’d all like to win the lotto, you need to play it safe if you get a sudden message saying you’ve won a large sum of cash, whether you’ve bought a ticket or not. Scammers will often try to coax you into giving away important information or money before you can claim your winnings in these types of scams.
Impersonation scams
Impersonation takes many forms – you might find someone catfishing on a dating website, or receive an email from someone pretending to be your boss. These scams will attempt to be someone else to get you to do something, like clicking a link or transferring money, that puts your funds or data at risk. This can also involve impersonating well-known figures like celebrities or politicians, or even hit an emotional point by pretending to be a family member in need.
Scams in Australia: how to stay safe
How to protect yourself
Scams can target anyone, but there are some measures you can take to minimise the risk of falling for one.
- Update your privacy settings for any online accounts, including social media
This can stop scammers from getting access to personal contact information such as emails or phone numbers. Additionally, it can help to prevent bad actors from using your information to scam others, as some scammers will create entire false profiles using information they’ve stolen off social media in an attempt to trick others who might know you.
- Examine links before you click
Be critical of any suspicious links in emails and texts, or unknown phone numbers which attempt to contact you, especially when the contact is unexpected. In a phishing attempt, scammers will often include malicious links to get you to hand over personal data. Check spelling in the URL, and look out for any out-of-place characters. See if links you’ve been sent match what appears when you Google the organisation’s name.
- Keep your devices up-to-date
Keeping your device’s softwares up-to-date can help to filter out unwanted calls, texts or emails thanks to spam filters that can stop potentially harmful communications from coming through. Brands like Microsoft, Apple and Google are constantly adding in new security features, while also reducing support for older software, meaning that an outdated web browser, for example, might be more prone to viruses and malware. Having one of the best antivirus software installed, or one of the best VPNs can also help to secure your PC on the chance that someone clicks a scam link.
- Have strong and secure passwords
Make sure your passwords are strong and secure, and enable two-factor authentication (2FA) when you can. This will help stop scammers, especially if they’re attempting to access any of your accounts remotely. Best practice is to make sure you have a separate password for each and every account, and there’s password managers available to help stop you from forgetting them. Passphrases are more difficult to guess than passwords, and the Australian Signals Directorate (ASD) has a helpful guide for creating passphrases.
- Be cautious when shopping online
When making purchases online, you can prevent scams from taking your money by using payment methods with inbuilt security measures. Some methods include using a credit card, or PayPal, which has a buyer protection policy, plus some online marketplaces also have safeguards like eBay’s Money Back Guarantee or Amazon’s A-to-Z Guarantee.
Keeping informed about scams is the best way to stay protected. It’s unlikely that you’ll be able to filter out all possible scams and you’d basically have to go off grid to avoid most of them. Even then, old-fashioned scammers can still target people in person. If you know what to look for, you’ll be ahead of any scammer and also able keep your family and friends aware of any happening right now – they might be in a more vulnerable position to fall for a scam, particularly if they’re not tech-savvy, and scammers prey on vulnerabilities to get what they want.
How to spot a scam
While scammers are constantly finding new ways to mislead someone, there’s a few ways to spot a scam:
- Look for suspicious URLs that contain spelling errors or incorrect domains. You can use ICANN Lookup to verify if a web address is legitimate or not.
- Double check any email addresses – phishing emails will often have an error with the email address, such as the domain not matching the sender’s company.
- Random numbers are often spoofed for scam calls and texts – you can search numbers on the internet to see if they’ve been used in scams previously.
- Photos or videos of celebrities and politicians used out of context with some outrageous claim are often scams, and you can use reverse image search engines like TinEye to find the original source.
- Deepfakes can also be spotted by looking at the details – a video might be really low quality to hide imperfections, or an image might have strange shadows or unrealistic features.
What to do if you get scammed
It’s easy to fall victim to a scam – it’s pretty likely that most of us will at least come close to it at some point in our lives. If you find yourself in this position, there are some things you can do to minimise financial loss and harm:
- Secure your data and finances
If you’ve lost money in a scam, or the scammer has gained access to any bank accounts (or you just suspect they have), you’ll want to contact your financial institution as soon as possible. If you’ve made a payment through a credit card or via PayPal, there’s safeguards in place to help get your money back. Other methods such as PayID and bank transfers might have a few more hoops to jump through with no guaranteed success, but you should be able to at least lock any accounts to prevent further loss.
You’ll also want to look into securing any compromised accounts. This can be as simple as changing your passwords, and you can check Have I Been Pwned? to see if any emails or passwords have been leaked. You also might want to consider setting up two-factor authentication to prevent any further unwanted sign-ins.
Immediately after contacting your bank or financial institution, you should get in touch with a governing body that specialises in scams. These places will have resources to help you minimise any potential loss and report it.
If you’ve been targeted by a scammer but you haven’t handed over any money or personal details, report it to Scamwatch. If you’ve lost money or had your personal details stolen by a scammer, report it to ReportCyber. More details for reporting and recovering from scams are available on the Australian Signals Directorate (ASD) website.
Here’s a list of websites with contacts and resources to help support you if you’ve been scammed:
Reporting a scam can also help these institutions to spread awareness about scams, hopefully preventing others from falling victim in the future.
If you’re concerned about your identity being compromised due to a scam, IDCARE is a support service that has resources and the ability to help you make your identity secure again after being scammed.
Additionally, you might want to contact any companies where your accounts have been compromised. Big telcos such as Telstra and Optus have resources to help customers in the event of a scam, including dedicated spaces to keep track of current scams and how to report them. Additionally, Optus also has a dedicated resource for current customers in Optus ScamWise, which offers more in-depth information, such as how many scam texts and calls Optus is blocking on a weekly basis.
If you’ve fallen for a scam at work, such as a phishing email, you’ll want to let your workplace’s IT department know as soon as possible.
- Seek support from family, friends and professionals
Being scammed can do a number on your wellbeing, so it’s important to lean into your support group while you navigate this situation. If you can, talk to someone you feel comfortable with, and reach out to professionals such as therapists and counsellors who can help you navigate any emotions or feelings you have during this time.
Anti-scam resource kit
Here’s some resources to help spot and prevent scams, as well as places to report any that you might come across. We’ve also tracked down some resources to help reduce any losses if you have fallen for a scam, plus some further reading on scams from trusted sources.
Prevention
Reporting
If there is immediate danger regarding a scam, you can call 000. Otherwise, report directly to the police on your local non-emergency line, and/or through the following resources:
Mitigation
- Beyond Blue: emotional support online or call 1300 22 4636
- Have I Been Pwned: check passwords and emails for data breaches
- IDCare: assistance to help secure your identity
- Lifeline: online or call 13 11 14 for counselling if you’re feeling distressed
- Money Smart: tips to help prevent further financial loss