Skip to content   Skip to footer navigation 

11 online scams you need to know about

And the tips and tricks to help you avoid them.

woman concerned about online scam
Last updated: 19 November 2021

Is there anyone who hasn't been on the receiving end of an attempted scam or phishing expedition aimed at getting personal and banking information in recent years?

Whether it's a Nigerian prince with accounting issues, a panicked 'friend' inexplicably stranded in some exotic locale, or a text message telling you you've won a European lottery you never entered, it seems we're constantly being barraged with offers that are actually too good to be true.

To help make sure you don't fall victim, we look at some of the ways you can avoid being scammed, and take a closer look at the 11 types of scams that caused the most financial harm in 2020, according to the Australian Competition & Consumer Commission's (ACCC) Scamwatch, so you know which warning signs to look out for and how to protect yourself. 

Ways to avoid being scammed

As well as being mindful of the different types of scams to look out for, here's a checklist of the things you can do every day to protect yourself online.

11 different types of scams

1. Investment scams

If a financial deal sounds too good to be true, it probably is. Low-risk, high-return opportunities won't just drop into your lap when a so-called mortgage broker randomly cold calls you and invites you to be part of a share, mortgage or real estate high-return scheme, options trading or foreign currency trading. (Bitcoin or cryptocurrency scams are also common.)

If the company inviting your investment doesn't have an AFS licence or tells you they don't need one, they're dodgy

Most of these investment scammers operate from overseas, and will not have an Australian Financial Services (AFS) licence. This means that when things go awry, you'll have no recourse to get your money back.

In 2020, Scamwatch received reports that Australians lost almost $66 million to investment scams. As of September this year, they've reported being scammed for more than $115 million.

How to protect yourself

Investment scams are often very hard to spot and can feel legitimate at the time. But you can avoid losing your hard-earned money by doing thorough research. If the company inviting your investment doesn't have an AFS licence or tells you they don't need one, they're dodgy. And if they contact you repeatedly and demand you make a quick decision or miss out, they're not the real deal. 

Even if you're given a professional-looking prospectus and other slick and convincing materials, if it's not registered with ASIC, it's best to avoid it – or you'll potentially lose a lot of money. Do your research, seek advice from a trusted financial advisor and don't feel pressured to rush your decision to invest.

2. Dating and romance scams (catfishing)

Falling in love can be complicated. But when it comes to falling into a scam, it can also be expensive. 

Online dating websites and social media can be littered with bad eggs pretending to be your ideal partner. In reality, they're toying with your emotions to scam you into giving them your money and personal details. 

Also called 'catfishing', these scammers gain your trust over a period of time to the point where they ask you for money for a 'family emergency' or to do them a favour such as sending something on their behalf. This type of scam can leave you in a financial hole and feeling incredibly betrayed.

In 2020 Australians lost more than $38 million to catfishing scams. As of September 2021, they've already reported having lost more than $37 million.

How to protect yourself

Never transfer money to anyone you've never met in person. Also, don't pay for aeroplane tickets, travel expenses, medical expenses, customs fees, gambling debts or visas if asked to do so by someone you've met online. And never, under any circumstances, send someone you've never met in person compromising photographs of yourself – these could be used to blackmail you.

Never send someone you've never met in person compromising photographs of yourself – these could be used to blackmail you

If you believe you're being scammed you must stop communicating with the person immediately, thoroughly research the person's purported job, and read up on other people's romance scam stories to see if there are any similarities with your own experience. Use Google or TinEye to reverse image search the person's profile picture – if it comes up with another name, or with details that don't match the person, it's probably a stolen photo.

Report the scammer to the social media site, website or app where they first approached you. If you've given the scammer your account details, contact your bank immediately to stop the scammer potentially withdrawing money. 

Also consider contacting your local police. Each state and territory police force has its own guidelines when it comes to reporting scams and will point you in the right direction. See Reporting Scams for more information.

3. False billing scams

If you receive an unexpected invoice in your inbox or a random phone call demanding payment, don't automatically assume it's legitimate. 

Scammers use false billing to get you to pay fraudulent invoices for products and services, such as directory listings, advertising, domain-name renewals or office supplies you didn't order. Their efforts caused Australians to lose more than $18 million last year alone.

In particular, busy small businesses and organisations are susceptible to false billing and unsolicited invoice scams that appear to have come from an official source.

How to protect yourself

If an unexpected or suspicious bill or invoice appears in your inbox, do not open its attachment, as many email-based ransomware scams use fake bills as attachments to infect your computer. 

Another red flag is a notification from someone posing as a legitimate supplier that their banking details have changed and giving you a different bank account number. If you notice that a supplier's usual bank account details have changed, call them directly to check. 

4. Threats to life, arrest and other (threat-based) scams

Some scammers will threaten violence, death, arrest or legal action to frighten victims into paying money. 

Often targeting the community's most vulnerable citizens, these scammers call or email their threats and claim you owe money for things such as a speeding fine, tax office debt or unpaid bill. They often impersonate government officials from agencies such as the Department of Home Affairs, Centrelink and the Australian Federal Police. 

These scammers often target the community's most vulnerable citizens

Last year, Scamwatch revealed that Australians lost more than $11.8 million to these types of scam and, so far this year, have already lost another $10.1 million.

How to protect yourself

Never respond to suspicious emails or texts. If you do, it validates your number or email as being active and encourages scammers and phishers to target you even more. 

Never respond to threats either. Instead, contact the company or institution the scammer claims to be from to confirm validity – but don't use the contact details the caller gave you. And, if you are concerned for your safety, contact the police immediately.

5. Remote access scams

This is when a scammer calls you and impersonates someone from tech support (for your internet provider or the NBN, for example), fraud prevention or similar. 

They'll try to convince you that their device or account is compromised, and that they need to remotely access your computer or phone to find out what the 'problem' is. Once they're able to connect to your device, they can access your banking/personal information – and use that to commit identity theft or steal money. 

Last year Australians reported losing $8.4 million to these scams. This year, as of September, that number has risen to more than $11.5 million. 

How to protect yourself

If you receive an unsolicited call asking for remote access to your computer, hang up – even if they claim to be from a reputable business such as Telstra. (Telstra doesn't ask for remote access or request credit-card details over the phone to fix computer or telephone problems.)

Never, ever give out your passwords, bank details or personal information to anyone. If you think you have given your financial details to a scammer, contact your bank immediately. 

trust seal logos

In the world of online shopping, trust seals such as these signify that the payment and brand are legitimate. (Note: this is not a full list – use as a guide only.)

6. Online shopping scams

More people than ever are being fooled by scammers pretending to be legitimate online sellers with fake websites or business pages set up on social media platforms, and often advertising on other trusted sites. So far this year, almost $6 million has been lost to these scams and reported to Scamwatch. 

"With more people at home during the COVID-19 pandemic, online scammers have increased their activity," says Delia Rickard, deputy chair of the ACCC.

These scamming websites often look like the real deal and offer popular branded items at extremely low prices. After you order and come to pay, a big red flag is if they ask for payment by money order, preloaded money card or wire transfer – you may receive your ordered item, but it will be fake, if you receive anything at all. 

If you've fallen for an online shopping scam, you may be able to get your money back through a bank, PayPal or a credit union. But you'll need to approach your financial institution to discuss the compensation process.

How to protect yourself

Whenever you buy an item online, make sure the website's URL starts with 'https' and has the padlock icon next to the URL address. We also recommend checking the payment options at checkout stage to see if it has a trusted seal – this symbol means the payment and brand are legitimate, and safe to do business with.

Also, beware of misspellings of popular sites, or sites using a different domain (e.g. .net rather than .com). Don't automatically trust any store ads you see online or social media – do your research beforehand by searching for user reviews of the store. And remember, if the price of the product sounds too good to be true, it probably is.

puppies

Puppies and other pets are commonly used to lure people into scams involving classified ads.

7. Classified scams

Scam advertisements can be for pretty much anything – accommodation, used cars, boats, bikes, pets – and offered for a low price.

"Common online attempts include upfront deposit rental accommodation scams, puppy scams, and scams involving the sale of heavy vehicles and farm machinery," says Rickard.

Scam sellers often claim to be based overseas and say that an 'associate' will deliver the goods following receipt of payment, for which you may receive a fake email receipt. But the goods won't arrive and you won't be able to contact the seller.

Scam sellers often claim to be overseas and say that an associate will deliver the goods, but the goods won't arrive

Scam buyers may make up stories such as needing your help to pay an agent or friend for delivery/shipping or insurance costs and promise reimbursement. Or, they may send a cheque for more money than was agreed, and then ask that you refund the excess amount – usually through an online banking transfer or preloaded money card – before you discover that their cheque has bounced. 

In 2020, Scamwatch received reports of losses of $5.5 million from classified scams. And it's getting worse – up until September this year, victims of classified scams had already reported losing more than 5.3 million.

How to protect yourself

Only buy from well-established and reputable online retailers, and be  wary of bank transfer payments – use secure online payment systems instead. 

Also be wary of items that appear to be bargains, and always research the website for comments and reviews about the site and the seller/buyer.

medicine

Medicines bought from scam healthcare websites may be unsafe – if they arrive at all.

8. Health and medical products scams

If you've found supercheap healthcare products, or a so-called 'cure-all' treatment or medicine online, think twice before you part with your money. 

Health and medical products scams reportedly cost Australians more than $3.9 million in 2020. The scams usually fall into one of two categories:

  • Fake online pharmacy – websites that dupe you into buying low-cost items you may never receive. Or if you do receive them, they could be medically useless or unsound and potentially  damage your health. 
  • Miracle cures – usually promoted by people with no medical qualifications, who promise a quick and simple solution for serious conditions. These dodgy products can also be dangerous to take alongside any current medications. 
How to protect yourself

Never open unsolicited emails or pop-up boxes with offers of amazing deals, and ignore anyone selling products that normally require a prescription. 

Be wary if the pharmacy's website is based overseas or doesn't have any contact information. Even if it is legitimate, check with the Therapeutic Goods Administration that the product doesn't contain ingredients that are banned in Australia. 

Don't accept a medical diagnosis from someone who isn't qualified and who hasn't seen you. Always consult your GP before switching to or starting a new medication to make sure it's safe and suitable for you.

two factor authentication

Two-factor authentication adds an extra layer of security to your online accounts.

9. Identity theft scams

Identity theft is when scammers gain access to your personal information to steal money or gain other benefits. 'Phishing' falls under this category, along with hacking, remote access scams, malware and ransomware, document theft and fake online profiles.

Cybercriminals use these scams to get hold of your personal details – such as name, date of birth, driver's licence number, address, mother's maiden name, place of birth, credit card details, tax file number, Medicare card details, passport information, bank PINs and online account username and login details. 

This information lets them create fake identity documents in your name and apply for loans and benefits, or even real identity documents in your name. 

Last year alone $3 million was lost to identity theft scams in Australia. So far this year, that number has already more than doubled to $7.7 million.

How to protect yourself

Turn on two-factor or multi-factor authentication. This is a free security feature that adds an extra layer of security to important accounts such as your email or social media. 

You can also protect your personal details by never revealing them to anyone, securely locking your letterbox at home, changing your passwords regularly, limiting the information you share on social media, and deleting suspicious texts or emails without opening them.

Has your identity been stolen?

It may take quite a long time for you to realise your identity has been stolen. Some hints may include receiving unusual bills or charges that you don't recognise on your bank statements, expected mail not arriving, calls and emails following up on products and services you've never bought or used, unusual emails in your inbox, even refusal of credit because of a poor credit history due to debts you haven't incurred.

When you realise your identity has been stolen, contact the police and your financial institutions immediately

When you realise your identity has been stolen, contact the police and your financial institutions immediately, change all your account passwords and close any unauthorised accounts. You should also approach IDCare on 1800 595 160. This is a government-funded service that will support you through the process of protecting your identity.

10. Unexpected prize and lottery scams

Many of us dream of winning the lottery, so if you get a call or email revealing that you've finally hit the jackpot, you might be too overjoyed to ask yourself – hang on, did I even enter? 

The scammers will then explain that to access your winnings, you'll need to pay a one-off amount or an international transfer fee so that the funds can be paid into your bank account. But of course the funds never arrive. 

In 2020, scammers swindled Aussies out of $1.7 million by tricking them into thinking they'd won a prize or money from a lottery or competition they hadn't actually entered.

How to protect yourself

Be suspicious of unsolicited messages claiming you've won a big prize – even if it's from friends and family, as their accounts may have been hacked. Check that the offer is legitimate and if you do enter a competition or the lottery, make a note of it so you have a reference. 

Never, ever send any money, or share your personal or financial details, to claim a prize or lottery winnings. 

11. Phishing scams

Have you ever got an email, telephone or text message from someone posing as a representative of a legitimate company, asking for your information? 

This is known as 'phishing'. It works by luring people into giving out personal details such as banking, credit card numbers and passwords, which can lead to identity theft and financial loss.

Phishing is one of the most common scams. Last year Scamwatch received more than 44,000 reports of phishing, costing Australians $1.6 million. 

The number of reports was attributed to a rise in scammers pretending to be government agencies giving information on COVID-19 through text messages and emails. These contain malicious links and attachments designed to steal your personal and financial information. 

HTTPS SecureLock CHOICE

Clicking on the closed padlock icon next to a website's URL will display some important security information about the site.

How to protect yourself

Don't click on any links or open any attachments from emails claiming to be from your bank or any other organisation, or which ask you to update or verify your personal details. Instead, type the web address they link to into the address bar yourself.

If a website is legitimate, the URL should begin with an 'https:' instead of an 'http:' – a small difference that's easy to miss, but a crucial one. Also, look for a closed padlock icon on the left of the address bar. 

And never, ever give out your passwords, bank details or personal information to anyone.

COVID-19: Scammers cashing in on uncertainty

Scams aren't a new phenomenon, but Australians are reportedly losing more money to them than ever. As of October 2021, losses reported to the ACCC's Scamwatch topped $243 million – an 88.4% rise compared with the same period in 2020. "Scam losses so far this year are significantly higher than last year," says Delia Rickard. 

Scammers have also been ramping up their efforts to take advantage of financial relief schemes put in place to help Australians

Scammers have also been ramping up their efforts to take advantage of financial relief schemes put in place to help Australians during the COVID-19 crisis. 

In 2020, there was a 75% rise in the number of reports of phishing scams compared with 2019. As of ​​October 2021, the number of reports has already surpassed those for the whole of 2020.

"We've seen an increase in phishing attempts – many impersonating government departments – that request people's personal details in an attempt to access superannuation, tax refunds or JobSeeker benefits," says Rickard.

Who is vulnerable to being scammed?

Everyone is vulnerable to scams, but the evidence shows that some are more vulnerable than others. 

According to the ACCC's latest Targeting Scams report, younger people (18–24 year-olds) are particularly vulnerable to threats of life, arrest and other (threat-based) scams, as well as online shopping and classified scams. 

Men of all ages reportedly lost the most amount of money to investment scams ($44.7 million). Women reported losing $28.1 million to dating and romance scams.

We remain particularly concerned by scams targeting people with English as a second language

Delia Rickard, deputy chair, ACCC

Older Australians are disproportionately affected by remote access scams. "These scams are particularly damaging as they often result in high losses to the people who can least afford it," says Rickard. 

"We remain particularly concerned by scams targeting people with English as a second language. An ongoing example involves calls made to Mandarin [Chinese] speakers alleging a package in their name had been seized at the border, with threats of arrest or deportation unless a significant sum of money was paid immediately."

How to report a scam

If you've been scammed, you can help warn others by reporting it to the ACCC's Report a Scam webpage.

There are other authorities you may also need to contact, such as your local police, the Office of the eSafety Commissioner or ReportCyber

Scamwatch has a detailed guide that lists the relevant authority to contact for different types of scam. 

We care about accuracy. See something that's not quite right in this article? Let us know or read more about fact-checking at CHOICE