Skip to content   Skip to footer navigation 

Online scams and how to avoid them

Avoid being taken in by online scammers. Here's how.

woman concerned about online scam
Last updated: 17 August 2020

Is there anyone who hasn't been on the receiving end of an attempted scam or phishing expedition aimed at getting personal and banking information in recent years?

Whether it's a Nigerian prince with accounting issues, a panicked 'friend' inexplicably stranded in some exotic locale, or a text message telling you you've won a European lottery you never entered, it seems we're constantly being barraged with offers that are actually too good to be true.

To help ensure you don't fall victim:

Phishing scams

Have you ever got an email, telephone or text message from someone posing as a representative of a legitimate company, asking for your information? 

This is known as 'phishing' and it works by luring people into giving out personal details such as banking, credit card numbers and passwords – which can lead to identity theft and financial loss.

Phishing is proving to be the most common of scams. Last year Scamwatch received more than 25,000 reports of phishing. This year the numbers are rising exponentially – in April alone, Scamwatch received 3153 reports, the highest monthly number ever. 

Phishing works by luring people into giving out personal details such as banking, credit card numbers and passwords

Currently, reports suggest that phishing scammers are pretending to be government agencies giving information on COVID-19 through text messages and emails. These contain malicious links and attachments designed to steal your personal and financial information. 

"We are asking the public to please check their myGov accounts to ensure scammers haven't attempted to claim benefits in their name," says Rickard.


Clicking on the closed padlock icon next to a website's URL will display some important security information about the site.

How to protect yourself

Don't click on any links or open any attachments from emails claiming to be from your bank or any other organisation, or which ask you to update or verify your personal details. Instead, type their web address into the address bar yourself.

If a website is legitimate, the URL should begin with an 'https:' instead of an 'http:'. Also, look for a closed padlock icon on the left of the address bar. 

And never, ever give out your passwords, bank details or personal information to anyone.

trust seal logos

In the world of online shopping, trust seals such as these signify that the payment and brand are legitimate. (Note: this is not a full list – use as a guide only.)

Online shopping scams

More people than ever are being fooled by scammers pretending to be legitimate online sellers with fake websites or business pages set up on social media platforms, and often advertising on other trusted sites. So far this year, almost $3.5 million has been lost to these scams and reported to Scamwatch. 

"With more people at home during the COVID-19 pandemic, online scammers have increased their activity," says Rickard.

These scamming websites often look like the real deal and offer popular branded items at extremely low prices. After you order and pay, a big tip-off is if they ask for payment by money order, preloaded money card or a wire transfer – you may receive your ordered item, but it will be fake, if you receive anything at all. 

If you've fallen for an online shopping scam, you may be able to get your money back through a bank, PayPal or a credit union. But you'll need to approach your financial institution to discuss the compensation process.

How to protect yourself

Whenever you buy an item online, make sure the website's URL starts with 'https' and has the padlock icon next to the URL address. We also recommend checking the payment options at checkout stage to see if it has a trusted seal – this symbol means the payment and brand are legitimate, and safe to do business with.

Also, beware of misspellings of popular sites, or sites using a different domain (e.g. .net rather than .com). Don't automatically trust any store ads you see online or social media – do your research beforehand by searching for user reviews of the store. And remember, if the price of the product sounds too good to be true, it probably is.

Dating and romance scams

Falling in love can be complicated. But when it comes to falling into a scam, it can also be expensive. 

Online dating websites and social media can be littered with bad eggs pretending to be your ideal partner.  In reality, they're toying with your emotions to scam you into giving them your money and personal details. 

Also called 'catfishing', these scammers gain your trust over a period of time to the point where they ask you for money for a 'family emergency' or to do them a favour such as sending something on their behalf. This type of scam can leave you in a financial hole and feeling incredibly betrayed.

In 2019 Australians lost more than $28 million to catfishing scams. As of June 2020, they've already reported having lost nearly $20 million.

How to protect yourself

Never transfer money to anyone you've never met in person. Also, don't pay for plane tickets, travel expenses, medical expenses, customs fees, gambling debts or visas if asked to do so by someone you've met online. And never, under any circumstances, send someone you've never met in person compromising photographs of yourself – these could be used to blackmail you.

Never send someone you've never met in person compromising photographs of yourself – these could be used to blackmail you

If you believe you're being scammed you must stop communicating with the person immediately, thoroughly research the person's purported job, and read up on other people's romance scam stories to see if there are any similarities with your own experience. Use Google or TinEye to reverse image search the person's profile picture – if it comes up with another name or with details that don't match the person, it's probably a stolen photo.

Report the scammer to the social media site, website or app where they first approached you. If you've given the scammer your account details, contact your bank immediately. 

Also consider contacting your local police. Each state and territory police force has its own guidelines when it comes to reporting scams and will point you in the right direction. See Reporting Scams for more information.

two factor authentication

Two-factor authentication adds an extra layer of security to your online accounts.

Identity theft scams

Identity theft is when scammers gain access to your personal information to steal money or gain other benefits. Phishing falls under this category, along with hacking, remote access scams, malware and ransomware, document theft and fake online profiles.

Cybercriminals use these scams to access your personal details – such as name, date of birth, driver's licence number, address, mother's maiden name, place of birth, credit card details, tax file number, Medicare card details, passport information, bank PINs and online account username and login details. 

This information lets them create fake identity documents in your name and apply for loans and benefits, or even real identity documents in your name. 

Last year a massive $4.3 million was lost to identity theft scams.

How to protect yourself

Turn on two-factor or multi-factor authentication. This is a free security feature that adds an extra layer of security to important accounts such as your email or social media. 

You can also protect your personal details by never revealing them to anyone, securely locking your letterbox at home, changing your passwords regularly, limiting the information you share on social media, and deleting suspicious texts or emails without opening them.

Has your identity been stolen?

It may take quite a long time for you to realise your identity has been stolen. Some hints may include receiving unusual bills or charges that you don't recognise on your bank statements, expected mail not arriving, calls and emails following up on products and services you've never bought or used, unusual emails in your inbox, even refusal of credit because of a poor credit history due to debts you haven't incurred.

When you realise your identity has been stolen, contact the police and your financial institutions immediately

When you realise your identity has been stolen, contact the police and your financial institutions immediately, change all your account passwords and close any unauthorised accounts. You should also approach IDCare on 1800 595 160. This is a government-funded service that will support you through the process of protecting your identity.

False billing scams

If you receive an unexpected invoice in your inbox or a random phone call demanding payment, don't automatically assume it's legitimate. 

Scammers use false billing to get you to pay fraudulent invoices for products and services, such as directory listings, advertising, domain-name renewals or office supplies you didn't order. Their efforts caused Australians to lose over $10 million last year alone.

In particular, busy small businesses and organisations are susceptible to false billing and unsolicited invoice scams that have the appearance of coming from an official source.

How to protect yourself

If an unexpected or suspicious bill or invoice appears in your inbox, do not open its attachment, as many email-based ransomware scams use fake bills as attachments to infect your computer. 

Another red flag is a notification from someone posing as a legitimate supplier that their banking details have changed and giving you a different bank account number. If you notice that a supplier's usual bank account details have changed, call them directly to chec

Hacking scams

Hacking is when a scammer gains remote, unauthorised access to your personal information by breaking into your computer device or network. Scammers do this by seeking out vulnerabilities in a device or network's security to get around passwords, passcodes or fingerprint recognition. 

Cybercriminals use hacking as a tool to extort, exploit or gain access to your personal data. They can change your passwords, restrict your own access and use your information to steal your identity or get direct access to your banking and credit card details.

Hacking drained the nation's pockets of more than $5 million last year, as reported to Scamwatch. So far this year, it has reportedly cost victims more than $1 million. 

How to protect yourself

You can avoid being hacked by not using public or unsecured WiFi, changing your passwords and pins frequently, not sharing your personal information with anyone, and being careful about the websites you visit, and the apps, email attachments and software you download.

Visit the Australian Cyber Security Centre for more information on cybercrime. 

Threats to life, arrest and other scams

Some scammers will threaten violence, death, arrest or legal action to frighten victims into paying money. 

Often targeting the community's most vulnerable citizens, these scammers call or email their threats and claim you owe money for things such as a speeding fine, tax office debt or unpaid bill. They often impersonate government officials from agencies such as the Department of Home Affairs, Centrelink and the Australian Federal Police. 

These scammers often target the community's most vulnerable citizens

Last year, Scamwatch revealed that Australians lost more than$4.26 million to these types of scam and, so far this year, have already lost another $6.5 million.

How to protect yourself

Never respond to suspicious emails or texts. If you do, it validates your number or email as being active and encourages scammers and phishers to target you even more. 

Never respond to threats either. Instead, contact the company or institution the scammer is purporting to be from to confirm validity – but don't use the contact details the caller gave you. And, if you are concerned for your safety, contact the police immediately.

Classified scams

Scam advertisements can be for pretty much anything – accommodation, used cars, boats, bikes, pets – and offered for a low price.

"Common online attempts include upfront deposit rental accommodation scams, puppy scams, and scams involving the sale of heavy vehicles and farm machinery," says Rickard.

Scam sellers often claim to be overseas and say that an associate will deliver the goods following receipt of payment, for which you may receive a fake email receipt. However, the goods won't arrive and you won't be able to contact the seller.

Scam sellers often claim to be overseas and say that an associate will deliver the goods, but the goods won't arrive

Scam buyers may make up stories such as needing your help to pay an agent or friend for transportation or insurance costs and promise reimbursement. Or, they may send a cheque for more money than was agreed, and then ask that you refund the excess amount – usually through an online banking transfer or preloaded money card – before you discover that their cheque has bounced. 

In 2019, Scamwatch received reports of losses of $2.8 million from classified scams. And it's only getting worse – up until June this year, victims of classified scams have already reported losing more than $2.4 million.

How to protect yourself

Only buy from well-established and reputable online retailers, be  wary of bank transfer payments and instead use secure online payment systems. 

Also be wary of items that appear to be bargains, and always research the website for comments and reviews about the site and the seller/buyer.

Investment scams

If a financial deal sounds too good to be true, it probably is. Low-risk, high-return opportunities won't just drop into your lap when a so-called mortgage broker randomly cold calls you and invites you to be part of a share, mortgage or real estate high-return scheme, options trading or foreign currency trading. (Bitcoin or cryptocurrency scams are also common.)

Most of these investment scammers operate from overseas, and will not have an Australian Financial Services (AFS) licence. This means that when things go awry, you'll have no recourse to get your money back.

In 2019, Scamwatch received reports that Australians lost almost $62 million to investment scams. As of June this year, they've reported being scammed for more than $30 million.

How to protect yourself

Investment scams are often very hard to spot and can feel legitimate at the time. But you can avoid losing your hard-earned money by doing thorough  research. If the company inviting your investment doesn't have an AFS licence or tells you they don't need one, they're dodgy. And if they contact you repeatedly and demand you make a quick decision or miss out, they're not the real deal. 

Even if you're given a professional-looking prospectus and other slick and convincing materials, if it's not registered with ASIC, it's best to avoid it – or you'll potentially lose a lot of money. Do your research, seek advice from a trusted financial advisor and don't feel pressured to rush your decision to invest.

Ransomware and malware scams

These two nasty pieces of software can leave a devastating path of destruction in their wake. Malware (malicious software) is hidden inside other software that is downloaded into your computer and then gives scammers access to your files. Ransomware locks your computer and files and demands you pay a ransom to unlock it.

Malware scammers trick users into clicking on links in emails and social media that they might find interesting. These links take you to fake yet legitimate-looking websites and, if you want to view a video, may ask  you to install new software, such as a 'codec' – this is what infects your computer with malicious software.

While they're not yet as common as some other scams, malware and ransomware are currently gaining serious traction – last year Australians lost at least $157,000 to such scams. 

How to protect yourself 

Don't open attachments or click on email links or social media messages from strangers. And watch news footage only on reputable news sites. 

Be suspicious of free downloads of games, movies, music and adult content, and always keep your computer security up to date with anti-virus, anti-spyware software. Make sure you have a good firewall in place, too.

You could also enable encryption features such as BitLocker (Windows 10) or FileVault2 (macOS), which are particularly useful if your device is lost or stolen, as they stop thieves accessing your data. 

If you think your computer's security has been compromised, run a virus check with up-to-date anti-virus software and ensure all your networks are secure.

Bushfires and COVID-19: scammers cashing in on uncertainty

Online scams aren't a new phenomenon, but Australians are reportedly losing more money to them than ever. In the first six months of 2019, losses reported to the ACCC's Scamwatch topped $58 million – over the same period in 2020, the losses were more than $77 million.

"Scam losses so far this year are significantly higher than last year," says ACCC deputy chair, Delia Rickard. 

Scammers seem to be ramping up their efforts to take advantage of people during the uncertainty resulting from the 2019–20 bushfires and the ongoing impact of the COVID-19 pandemic.

"It's very disappointing that some took advantage of the bushfires through 'fake charity scams' and played on Australians' generosity by impersonating charities and even actual victims who had lost their homes or family members," says Rickard.

Scammers are also trying to take advantage of financial relief schemes put in place to help Australians during the COVID-19 crisis. 

"We've seen an increase in phishing attempts – many impersonating government departments – that request people's personal details in an attempt to access superannuation, tax refunds or JobSeeker benefits," says Rickard.

Who's vulnerable to being scammed?

According to Rickard, everyone is vulnerable to scams, but some more than others.

"Our latest Targeting Scams report showed younger people were particularly vulnerable to online shopping and classified scams," she says. 

Men of all ages lost money to investment scams, and women reported over 75% of dating and romance scam losses

Delia Rickard, ACCC deputy chair

Older Australians are disproportionately affected by remote access scams. "These scams are particularly damaging as they often result in high losses to the people who can least afford it," she says. 

"We remain particularly concerned by scams targeting people with English as a second language. An ongoing example involves calls made to Mandarin speakers alleging a package in their name had been seized at the border, with threats of arrest or deportation unless a significant sum of money was paid immediately."

How to avoid being scammed

  • Turn on two-factor authentication on your accounts.
  • Be wary of offers that sound too good to be true and check independent reviews of sellers or the site you're using.
  • When buying online, make sure the website's URL starts with 'https', that it has the padlock icon in the address bar, and that it has a trust seal. 
  • Think carefully before clicking on a link in an email or SMS as it may contain malware or be a phishing link to gather your personal information. Even if the SMS pops up in the same thread as other texts from a legitimate organisation, it may still be a scam. 
  • Be suspicious of any out-of-the blue phone calls from people claiming to be a service provider, such as your telephone or internet provider. You can always hang up the phone and ring the business back on a phone number you have for them. 
  • Keep your passwords secure and don't share them, banking pins, or SMS verification codes with anyone.
  • Be extremely suspicious if you're asked for money for transport costs, communication, marriage processing or medical fees for an online boyfriend or girlfriend.
  • Look out for common spelling, grammatical or language errors in emails, texts or website addresses – they could well suggest a scam.
  • Never make your tax file number publicly available, such as on your CV/resumé.
  • If you're not sure that the person on the other end of the phone is legitimate, hang up and call the organisation on its official contact number.

How to report a scam

If you've been scammed, you can help warn others by reporting it to the ACCC's Report a Scam webpage.

There are other authorities you may also need to contact, such as your local police, the Office of the eSafety Commissioner or ReportCyber

Scamwatch has a detailed guide that lists the relevant authority to contact for different types of scam. 

We care about accuracy. See something that's not quite right in this article? Let us know or read more about fact-checking at CHOICE