Skip to content   Skip to footer navigation 

10 online scams you need to know about

And the tips and tricks to help you avoid them.

woman concerned about online scam
Last updated: 01 February 2022

Is there anyone who hasn't been on the receiving end of an attempted scam or phishing expedition aimed at getting personal and banking information in recent years?

Whether it's a Nigerian prince with accounting issues, a panicked 'friend' inexplicably stranded in some exotic locale, or a text message telling you you've won a European lottery you never entered, it seems we're constantly being barraged with offers that are actually too good to be true.

To help make sure you don't fall victim, we look at some of the ways you can avoid being scammed, and take a closer look at the 10 types of scams that caused the most financial harm in 2021, according to the Australian Competition & Consumer Commission's (ACCC) Scamwatch, so you know which warning signs to look out for and how to protect yourself.

Tips to avoid being scammed

As well as being mindful of the different types of scams to look out for, here's a checklist of the things you can do every day to protect yourself online.

10 types of scams

1. Investment scams

If a financial deal sounds too good to be true, it probably is. Low-risk, high-return opportunities won't just drop into your lap when a so-called mortgage broker randomly cold calls you and invites you to be part of a share, mortgage or real estate high-return scheme, options trading or foreign currency trading. (Bitcoin or cryptocurrency scams are also common.)

If the company inviting your investment doesn't have an AFS licence or tells you they don't need one, they're dodgy

Most of these investment scammers operate from overseas, and will not have an Australian Financial Services (AFS) licence. This means that when things go awry, you'll have no recourse to get your money back.

In 2021, Scamwatch received reports that Australians lost almost $177 million to investment scams. This is more than double the $66m reported lost in 2020.

How to protect yourself

Investment scams are often very hard to spot and can feel legitimate at the time. But you can avoid losing your hard-earned money by doing thorough research. If the company inviting your investment doesn't have an AFS licence or tells you they don't need one, they're dodgy. And if they contact you repeatedly and demand you make a quick decision or miss out, they're not the real deal. 

Even if you're given a professional-looking prospectus and other slick and convincing materials, if it's not registered with ASIC, it's best to avoid it – or you'll potentially lose a lot of money. Do your research, seek advice from a trusted financial advisor and don't feel pressured to rush your decision to invest.

laptop with heart on keyboard

In 2021, Australians lost more than $56 million to dating and romance scams.

2. Dating and romance scams (catfishing)

Falling in love can be complicated. But when it comes to falling into a scam, it can also be expensive. 

Online dating websites and social media can be littered with bad eggs pretending to be your ideal partner. In reality, they're toying with your emotions to scam you into giving them your money and personal details. 

Also called 'catfishing', these scammers gain your trust over a period of time to the point where they ask you for money for a 'family emergency' or to do them a favour such as sending something on their behalf. This type of scam can leave you in a financial hole and feeling incredibly betrayed.

In 2021 Australians lost more than $56 million to catfishing scams.

How to protect yourself

Never transfer money to anyone you've never met in person. Also, don't pay for aeroplane tickets, travel expenses, medical expenses, customs fees, gambling debts or visas if asked to do so by someone you've met online. And never, under any circumstances, send someone you've never met in person compromising photographs of yourself – these could be used to blackmail you.

Never send someone you've never met in person compromising photographs of yourself – these could be used to blackmail you

If you believe you're being scammed you must stop communicating with the person immediately, thoroughly research the person's purported job, and read up on other people's romance scam stories to see if there are any similarities with your own experience. Use Google or TinEye to reverse image search the person's profile picture – if it comes up with another name, or with details that don't match the person, it's probably a stolen photo.

Report the scammer to the social media site, website or app where they first approached you. If you've given the scammer your account details, contact your bank immediately to stop the scammer potentially withdrawing money. 

Also consider contacting your local police. Each state and territory police force has its own guidelines when it comes to reporting scams and will point you in the right direction. See Reporting Scams for more information.

3. Remote access scams

This is when a scammer calls you and impersonates someone from tech support (for your internet provider or the NBN, for example), fraud prevention or similar. 

They'll try to convince you that their device or account is compromised, and that they need to remotely access your computer or phone to find out what the 'problem' is. Once they're able to connect to your device, they can access your banking/personal information – and use that to commit identity theft or steal money.

Last year Australians reported losing $16.4 million to these scams, almost double the $8.4m lost the previous year. 

How to protect yourself

If you receive an unsolicited call asking for remote access to your computer, hang up – even if they claim to be from a reputable business such as Telstra. (Telstra doesn't ask for remote access or request credit-card details over the phone to fix computer or telephone problems.)

Never, ever give out your passwords, bank details or personal information to anyone. If you think you have given your financial details to a scammer, contact your bank immediately. 

4. False billing scams

If you receive an unexpected invoice in your inbox or a random phone call demanding payment, don't automatically assume it's legitimate. 

Scammers use false billing to get you to pay fraudulent invoices for products and services, such as directory listings, advertising, domain-name renewals or office supplies you didn't order. Their efforts caused Australians to lose more than $17 million last year alone.

In particular, busy small businesses and organisations are susceptible to false billing and unsolicited invoice scams that appear to have come from an official source.

How to protect yourself

If an unexpected or suspicious bill or invoice appears in your inbox, do not open its attachment, as many email-based ransomware scams use fake bills as attachments to infect your computer. 

Another red flag is a notification from someone posing as a legitimate supplier that their banking details have changed and giving you a different bank account number. If you notice that a supplier's usual bank account details have changed, call them directly to check. 

5. Threats to life, arrest and other (threat-based) scams

Some scammers will threaten violence, death, arrest or legal action to frighten victims into paying money. 

Often targeting the community's most vulnerable citizens, these scammers call or email their threats and claim you owe money for things such as a speeding fine, tax office debt or unpaid bill. They often impersonate government officials from agencies such as the Department of Home Affairs, Centrelink and the Australian Federal Police. 

Last year, Scamwatch revealed that Australians lost $11 million to these types of scam.

How to protect yourself

Never respond to suspicious emails or texts. If you do, it validates your number or email as being active and encourages scammers and phishers to target you even more. 

Never respond to threats either. Instead, contact the company or institution the scammer claims to be from to confirm validity – but don't use the contact details the caller gave you. And, if you are concerned for your safety, contact the police immediately.

two factor authentication

Two-factor authentication adds an extra layer of security to your online accounts.

6. Identity theft scams

Identity theft is when scammers gain access to your personal information to steal money or gain other benefits. 'Phishing' falls under this category, along with hacking, remote access scams, malware and ransomware, document theft and fake online profiles.

Cybercriminals use these scams to get hold of your personal details – such as name, date of birth, driver's licence number, address, mother's maiden name, place of birth, credit card details, tax file number, Medicare card details, passport information, bank PINs and online account username and login details. 

This information lets them create fake identity documents in your name and apply for loans and benefits, or even real identity documents in your name. 

Last year alone more than $10 million was lost to identity theft scams in Australia. 

How to protect yourself

Turn on two-factor or multi-factor authentication. This is a free security feature that adds an extra layer of security to important accounts such as your email or social media. 

You can also protect your personal details by never revealing them to anyone, securely locking your letterbox at home, changing your passwords regularly, limiting the information you share on social media, and deleting suspicious texts or emails without opening them.

Has your identity been stolen?

It may take quite a long time for you to realise your identity has been stolen. Some hints may include receiving unusual bills or charges that you don't recognise on your bank statements, expected mail not arriving, calls and emails following up on products and services you've never bought or used, unusual emails in your inbox, even refusal of credit because of a poor credit history due to debts you haven't incurred.

When you realise your identity has been stolen, contact the police and your financial institutions immediately

When you realise your identity has been stolen, contact the police and your financial institutions immediately, change all your account passwords and close any unauthorised accounts. You should also approach IDCare on 1800 595 160. This is a government-funded service that will support you through the process of protecting your identity.

7. Online shopping scams

More people than ever are being fooled by scammers pretending to be legitimate online sellers with fake websites or business pages set up on social media platforms, and often advertising on other trusted sites. In 2021, $8 million was reported as lost to these scams.

"With more people at home during the COVID-19 pandemic, online scammers have increased their activity," says Delia Rickard, deputy chair of the ACCC.

These scamming websites often look like the real deal and offer popular branded items at extremely low prices. After you order and come to pay, a big red flag is if they ask for payment by money order, preloaded money card or wire transfer – you may receive your ordered item, but it will be fake, if you receive anything at all. 

If you've fallen for an online shopping scam, you may be able to get your money back through a bank, PayPal or a credit union. But you'll need to approach your financial institution to discuss the compensation process.

How to protect yourself

Whenever you buy an item online, make sure the website's URL starts with 'https' and has the padlock icon next to the URL address. We also recommend checking the payment options at checkout stage to see if it has a trusted seal – this symbol means the payment and brand are legitimate, and safe to do business with.

Also, beware of misspellings of popular sites, or sites using a different domain (e.g. .net rather than .com). Don't automatically trust any store ads you see online or social media – do your research beforehand by searching for user reviews of the store. And remember, if the price of the product sounds too good to be true, it probably is.

trust seal logos

In the world of online shopping, trust seals such as these signify that the payment and brand are legitimate. (Note: this is not a full list – use as a guide only.)

8. Classified scams

Scam advertisements can be for pretty much anything – accommodation, used cars, boats, bikes, pets – and offered for a low price.

"Common online attempts include upfront deposit rental accommodation scams, puppy scams, and scams involving the sale of heavy vehicles and farm machinery," says Rickard.

Scam sellers often claim to be based overseas and say that an 'associate' will deliver the goods following receipt of payment, for which you may receive a fake email receipt. But the goods won't arrive and you won't be able to contact the seller.

Scam sellers often claim to be overseas and say that an associate will deliver the goods, but the goods won't arrive

Scam buyers may make up stories such as needing your help to pay an agent or friend for delivery/shipping or insurance costs and promise reimbursement. Or, they may send a cheque for more money than was agreed, and then ask that you refund the excess amount – usually through an online banking transfer or preloaded money card – before you discover that their cheque has bounced. 

In 2021, Scamwatch received reports of losses of more than $7 million from classified scams.

How to protect yourself

Only buy from well-established and reputable online retailers, and be  wary of bank transfer payments – use secure online payment systems instead. 

Also be wary of items that appear to be bargains, and always research the website for comments and reviews about the site and the seller/buyer.

puppies

Puppies and other pets are commonly used to lure people into scams involving classified ads.

9. Phishing scams

Have you ever got an email, telephone or text message from someone posing as a representative of a legitimate company, asking for your information? 

This is known as 'phishing'. It works by luring people into giving out personal details such as banking, credit card numbers and passwords, which can lead to identity theft and financial loss.

Phishing is the most common scam. Last year Scamwatch received more than 71,000 reports of phishing, costing Australians $4.3 million.

The number of reports was attributed to a rise in scammers pretending to be government agencies giving information on COVID-19 through text messages and emails. These contain malicious links and attachments designed to steal your personal and financial information. 

HTTPS SecureLock CHOICE

Clicking on the closed padlock icon next to a website's URL will display some important security information about the site.

How to protect yourself

Don't click on any links or open any attachments from emails claiming to be from your bank or any other organisation, or which ask you to update or verify your personal details. Instead, type the web address they link to into the address bar yourself.

If a website is legitimate, the URL should begin with an 'https:' instead of an 'http:' – a small difference that's easy to miss, but a crucial one. Also, look for a closed padlock icon on the left of the address bar. 

And never, ever give out your passwords, bank details or personal information to anyone.

10. Hacking

Hacking is when a scammer gains remote, unauthorised access to your personal information by breaking into your computer device or network. Scammers do this by seeking out vulnerabilities in a device or network's security to get around passwords, passcodes or fingerprint recognition. 

Cybercriminals use hacking as a tool to extort, exploit or gain access to your personal data. They can change your passwords, restrict your own access, and use your information to steal your identity or access your banking and credit card details.

Hacking drained the nation's pockets of $3 million last year, as reported to Scamwatch. This was more than double the $1.4 million reported for the previous year. 

How to protect yourself

You can avoid being hacked by not using public or unsecured Wi-Fi, changing your passwords and pins frequently, not sharing your personal information with anyone, and being careful about the websites you visit, and the apps, email attachments and software you download. Visit cyber.gov.au for more information on cybercrime.

COVID-19: Scammers cashing in on uncertainty

Scams aren't a new phenomenon,but Australians are reportedly losing more money to them than ever. 

In 2021, losses reported to the ACCC's Scamwatch topped $323.7 million – this was an 84% rise on the reported losses for 2020. 

Scammers have also been ramping up their efforts to take advantage of financial relief schemes put in place to help Australians during the COVID-19 crisis. In 2021, there was a 61.7% rise in the number of reports of phishing scams compared with the previous year. 

"We've seen an increase in phishing attempts – many impersonating government departments – that request people's personal details in an attempt to access superannuation, tax refunds or JobSeeker benefits," says Rickard.

Who is most at risk of being scammed?

Everyone can be scammed, but the evidence shows that some are more at risk than others. According to the ACCC's 2020 Targeting Scams report:

  • Of all the scams reported on, younger people (18–24 year olds) are particularly vulnerable to threats of life, arrest and other (threat-based) scams; online shopping; and classified scams. 
  • Men of all ages reportedly lost the most amount of money to investment scams ($44.7m in 2020, more than twice that lost by women). 
  • Women reported losing $28.1m to dating and romance scams, while men reported losing $10.7m.
  • Older Australians are disproportionately affected by remote access scams, where a scammer calls and impersonates someone from tech support or fraud prevention, wanting access to your computer. "These scams are particularly damaging as they often result in high losses to the people who can least afford it," says Rickard. 

Rickard says the ACCC remains particularly concerned by scams targeting people with English as a second language: "An ongoing example involves calls made to Mandarin [Chinese] speakers alleging a package in their name had been seized at the border, with threats of arrest or deportation unless a significant sum of money was paid immediately."

How to report a scam

If you've been scammed, you can help warn others by reporting it to the ACCC's Report a Scam webpage.

There are other authorities you may also need to contact, such as your local police, the Office of the eSafety Commissioner or ReportCyber

Scamwatch has a detailed guide that lists the relevant authority to contact for different types of scam. 

We care about accuracy. See something that's not quite right in this article? Let us know or read more about fact-checking at CHOICE.

Stock images: Getty unless otherwise stated.