Content written for

Individuals & families
Small & medium business

What are scams?

Online scams cost Australians millions of dollars each year and anyone can be targeted.

Scams are a common way that cybercriminals compromise your online accounts. Scammers’ goal is to trick you into paying money or giving away your personal information. They will use email, text messages, phone calls or social media, and often pretend to be a person or organisation you trust.

Knowing what the common types of scams are, and what to look out for could save you from becoming a victim.

There are various types of scams, and cybercriminals always create new ones. It is important to be aware of these scams and their consequences, and take the necessary precautions to stay secure in the digital world.

Identity theft is one of the most serious consequence of scams. It occurs when someone uses your identity to steal money or gain other benefits. Once your identity is stolen, scammers can do serious damage such as opening new bank accounts and taking out loans in your name, signing contracts such as opening new phone plans, gaining access to your government online services, stealing your superannuation and more.

Scammers are very creative and always come up with new ideas to take advantage of you. For example, they may impersonate government departments (e.g. the Australian Taxation Office, asking for payment), set up fake dating or social media profiles, or tell you that one of your accounts was compromised and prompt you to take action – usually by clicking on links or give them personal information to ‘solve the problem’.

Scammers will attempt to gain access to your devices, accounts, or personal information through various methods.


When scammers trick you into giving away your personal details, for example by luring you to click on malicious links or attachments that look legitimate. Scammers may impersonate your bank or a government department, and ask you to give out information such as your account number, password, or credit card numbers.


When you are tricked into installing software that gives scammers access to your files and track your activity.


When cybercriminals demand payment for you to regain access to your files.

Spear phishing

These messages are a class of phishing messages that target specific people and organisations, and may contain information that is true to make them appear more authentic. These messages can be extremely difficult to detect.

Remote access

When scammers falsely claim to be from a known company, such as your bank or your internet provider, and trick you into giving them remote access to your computer.


When cybercriminals break into your devices by exploiting security weaknesses on your devices or network, and gain access to your personal data.

Scams are becoming more sophisticated and harder to spot. If you have any doubts about whether a message is genuine, first check if it is a scam by following these steps.

Go directly to a source you can trust

If you have any doubts about a message or call, contact the organisation directly: Visit the official website to find their phone number or to log in to your account via the official website: do not use the links or contact details given to you in the message.

Check what the official source says about what details they might request from you

Often companies or government agencies will say what they will and will not ask you online or over the phone. For example, the bank may tell you that they will never ask for your password. If someone claiming to be from the bank then asks you for your password, you know it is likely a scam.

What to look out for

There are common indicators of scams, such as phishing.

  • Suspicious sender’s address: Scammers may use an email address that closely resembles one from a legitimate business, by changing a few characters.
  • Generic greetings and signature: Scammers may use generic greeting such as “Dear valued customer” or “Sir/Ma’am”, or limited contact information in the signature block. These are strong indicators of a phishing email.
  • Spoofed hyperlinks and websites: Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain: for example .com instead of .net.
  • Spelling and layout: Misspellings, bad grammar and punctuation, and inconsistent formatting are all indications of scams.
  • Suspicious attachments: Unsolicited requests to open or download attachments are red flags: don’t do it.

Common things scammers do to trick you

In addition to exploiting security weaknesses, scammers prey on our human nature through various techniques, to prompt us to do certain things.

  • Authority: Is the message claiming to be from someone official, such as your bank, a government department, a utility company, your doctor or a solicitor? Criminals pretend to be important people or organisations to trick you into doing what they want.
  • Urgency: Are you told that you have a limited time to respond, for example, ‘within 24 hours’ or ‘immediately’? Scammers often threaten you with fines or other negative consequences.
  • Emotion: Does the message make you panic, fearful, hopeful or curious? Scammers use threatening language, make false claims of support, or tease you into wanting to find out more.
  • Scarcity: Is the message offering something that seems too good to be true, such as money or a ‘good deal’? Fear of missing out on an opportunity can make you respond quickly.
  • Current events: Are you expecting to see a message like this? Scammers will exploit current news stories and events to make their claims seem more real (e.g. COVID-19).

Professor David Lacey, Chair of Cyber Security at the University of the Sunshine Coast, and Professor Monica Whitty, cyber psychologist at the University of Melbourne, give some insights into how scammers can trick us.

National Anti-Scam Centre

For more examples of common scams in Australia, or to report a scam, visit National Anti-Scam Centre - Scamwatch.

How to avoid being a victim: security tips

The best way to protect yourself from scams such as phishing attempts is to:

  • stay aware of current threats
  • be very cautious online
  • take steps to block malicious or unwanted messages from reaching you in the first place.

Reduce your exposure to scams

  • Never open links or attachments you didn’t expect to receive, or that came from people or organisations you don’t know.
  • Scammers may pose as someone you know, or even gain access to their social media accounts to send out scams. Think twice if you receive a weird message that contains a link or attachment, or unusual requests (e.g. asking for money). It can be hard to know if it is legitimate, but the best way to know if your friend or a scammer is behind the message is to check with your friends offline.
  • Use a spam filter on your email account to block deceptive messages from even reaching you.
  • Update all computers, phones, tablets and smart devices and turn on automatic updates.
  • Stay informed on the latest threats by signing up for the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC) Alert Service. You can also visit National Anti-Scam Centre - Scamwatch to find information about the latest scams.

Protect your accounts

  • Use multi-factor authentication and strong, unique passphrases on your accounts. If you fall for a phishing scam, this will help limit the damage.
  • Never share your log-in details, multi-factor authentication or verification codes with anyone. Scammers will attempt to build trust with you, hoping to get these codes to access your account.

Check that requests are legitimate

  • If you are transferring money or sensitive data, verify the request and payment details face-to-face or using a phone number you know to be correct. Do not use the details you have been sent because these could be fraudulent. Cybercriminals may intercept email communications, so confirming bank account details over the phone with the person you are transacting with for large payments adds an extra layer of protection.
  • Understand that your financial institution and other large organisations (such as Amazon, Apple, Facebook, Google, PayPal and others) would never send you a link and ask you to enter your personal or financial details.
  • Similarly, government agencies such as the Australian Taxation Office (ATO) will never ask you to pay money over the phone, and law enforcement agencies such as the Australian Federal Police (AFP) will not call you to issue an arrest warrant. All of these threats are scams.
  • If you do not recognise or trust an email address or URL, open a search engine and search for it along with the word ‘review’. This way, you can find the information without directly clicking on the suspicious link.

Learn more and get help 

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it