Scams are something that you need to be constantly vigilant of in 2024, be they in your email inbox, your text messages, or through direct phone calls. Bad actors trying to syphon money from otherwise unknowing people are a prevalent threat, and it pays to be wary when an unknown number or email address contacts you or somebody you love.
Billions of dollars are lost to scams every year, and what’s worse is that methods of stealing your money online are constantly evolving, meaning there’s no guaranteed way to be safe from scammers. That doesn’t mean all hope is lost; by being scam aware, you can keep yourself and your loved ones safe online from others attempting to steal personal and financial information.
That’s the point of this article. We update this piece every month to give you an update on the current state of online scams, and to give you an idea of when something might be off.
Monthly snapshot – October 2024
Coming out of Amazon Prime Big Deal Days in early October, remain particularly vigilant as we go into the holiday season. With Black Friday sales around the corner, scammers will likely be out in force, preying on people eager to scoop up a bargain. If you believe you’re being targeted by a scam, report it to Scamwatch immediately.
The ACCC’s Scamwatch has warned this month of scams impersonating banks in messages, phone calls and text messages. On October 18, the government authority noted a rise in criminals contacting people and pretending to be financial institutions, in an attempt to get them to transfer funds or give up financial information. “They may use technology to make it look like the call is coming from the bank’s phone number. They may send a message that looks like it comes from the same conversation thread as genuine bank messages,” Scamwatch wrote.
The anti-scam body issued a four step plan for combating such scams:
- Do not use any phone numbers in a message
- Ask for a reference number and contact your bank directly through a phone number that you find and confirm yourself
- Hang up if you receive a call from someone claiming to be from your bank requesting you to transfer money
- Don’t click on any links in an email or message on your phone, even if it looks like it comes from your bank
Scamwatch also noted on October 22 that scammers were targeting people facing financial hardship. In these situations, scammers would offer fake assistance schemes to prey on people, impersonating charities and government authorities.
“Criminals pretend to offer services such as no interest loans. They also offer fake emergency relief services, rental assistance, and programs such as the Australian Emergency Rental Assistance Program,” Scamwatch wrote.
In these scams, bad actors are seeking out myGov accounts and information to do with Centrelink and NDIS payments.
“Check independently that an organisation offering financial help is legitimate. Don’t rely on social media advertisements. Don’t assume that someone contacting you is who they say they are. A real organisation will never ask for your personal information through social media,” Scamwatch wrote.
Also on October 22, ASIC warned that scammers were targeting small businesses. If you’re a small business owner, be on the lookout for fake bills and illegitimate investment offers. Scammers are also looking to remotely access business computers, claiming that the PC is affected by a virus or other issue. If you’re approached with a bill that doesn’t have a legitimate purpose or an investment offer that seems too good to be true or dodgy, don’t hand over any information. If you receive an offer to fix a computer issue remotely, don’t accept it, as it could compromise your business.
According to the ACCC, Australians lost a total of AU$2.7 billion to scams in 2023. More than 601,000 scam reports were made, with AU$1.3 billion lost to investment scams. People over the age of 65 lost the most during the record period, with text messages being the most commonly reported point of contact for scammers.
Common scams in Australia
Below are several examples of common scams that can happen in Australia. These scams target Aussies over email, the phone, SMS, social media and through legitimate websites like Amazon and eBay, so when you receive a message or see a deal that’s too good to be true, remember to just think about it for a moment.
The ACCC recommends a three-step approach to thwarting scams:
- Stop: Don’t rush into a deal as scammers will typically create a sense of urgency to entice you into a mistake
- Think: Scammers typically impersonate businesses or government bodies that you know. Consider if what you’re being told makes sense depending on the sender, and before committing to anything, check with the business or government department directly
- Protect: If it feels wrong, act quickly to stay safe. Contact your bank immediately if you’ve shared any financial information or transferred money. Get in touch with Scamwatch to report the scam when you get a moment
Online romance scams
“Pig butchering” is a romance investment scam where the scammer forms a relationship with the victim, often making a connection through social media or dating apps, and hints at a lavish lifestyle earned through cryptocurrency. As the scammer earns the victim’s trust, they will direct the victim to put money into what looks like a legitimate investment site or app. These clones are convincing enough that people invest high amounts of money, but soon find out they are unable to withdraw their gains, with the scammer cashing out once the victim refuses to add any more funds into the scheme.
Scams like this have contributed up to AU$3,800 lost every hour in 2023 according to the Australian Federal Police, and it’s an ongoing issue in 2024.
Product and service scams
A common type of scam takes place when a scammer attempts to impersonate a legitimate website, or listings on a legitimate website, in an effort to syphon money from unsuspecting users without providing the service they think they’re paying for.
By Scamwatch’s definition, this is known as a product and service scam, and it can take place anywhere on the internet – be it a bargain deal on a website like eBay or Amazon, a dodgy listing on Airbnb or Booking.com, or a faked version of a website like Kmart. These scams prey on customers that don’t have great awareness of inauthentic behaviour on the internet, so it pays to do your research to uncover if a listing is from a reputable seller.
Phishing and impersonation scams
Phishing scams are quite common. Bad actors will send people texts or emails, or attempt to call them, to either harvest personal information from them (such as login information or addresses) or to take money from them directly. This is achieved by leading the user on and getting them to give this sensitive information willingly to the scammer, be it through a website, by texting or emailing it back to them. With this, a user’s personal information or bank account may become compromised.
These scams often overlap with impersonation scams, where a scammer will pose as an established business or government authority to seem more legitimate.
Fake job scams
A type of scam that is on the rise in 2023 and 2024 is the fake job scam, where a scammer will pose as an employer of a business eager to hire you, but will require you to send them cash first. Any job that requires you to pay the business upfront before you start should be examined and considered carefully, as you’ll often be offered a position that’s too good to be true. It’s also common for scammers to pose as a recruitment agency to conduct this kind of scam.
Threats and extortion scams
Scammers may attempt to extort money out of you by threatening with a virus, a fee or an unpaid bill. While scammers that are threatening and extorting a person may fall under the impersonation scams category, there’s also space to talk about scammers leveraging world events in an attempt to get money out of your account.
A good example is the CrowdStrike outage, in which millions of computers internationally needed to be manually rebooted, as they were stuck in a constant bluescreen boot loop. Scamwatch reported in July 2024 that scammers were using the outage to request personal information or cash to ensure that their devices or businesses wouldn’t fall victim to the issue.
‘Hi Mum’ impersonation scams
Bad actors may attempt to get in touch with you by impersonating a real person that you know well, such as your son or daughter, and ask for cash directly.
In 2023, these quickly became known as ‘Hi Mum’ scams, where a scammer would attempt to leverage goodwill with somebody they were pretending to be related to in an attempt to get them to send cash. Remember: if somebody you know is asking for cash or sensitive information, get in touch with them directly outside of the communications you’re having with a supposed scammer. It’s also important to not act too hastily, lest you make a mistake.
These scams may not necessarily have any ‘Hi Mum’ identifiers and could, instead, pose you with a scenario – for example, the texter ID could read ‘Dad’ and the message could say that they left their card at home and want money for a transaction. If you don’t know them, don’t follow through with it. If you do know them, but the message isn’t from their usual number, call the number you’re used to and find out directly.
Unpaid tolls
A common scam that peaks during certain times of the year has to do with unpaid tolls. In this instance, an email or text message is sent claiming that you haven’t paid your toll fees, and urging you to pay it ASAP via a suspicious link. It’s easy to spot if you don’t drive near any toll roads, but if you’re a frequent driver, the scammer is hoping you’ll panic and click through to pay your fake overdue fees before you realise what’s actually happening.
False delivery texts
Have you received multiple unexpected SMS messages regarding undeliverable parcels? We certainly did – several members of our team provided snapshots of frequent text messages from random mobile numbers claiming that their delivery address needed to be updated. Often, these would be received around the same time, either in the morning, hoping to catch people who have just woken up, or in the evening, multiple times a week, pretending to be from companies like Australia Post. They would include suspicious links to ‘solve’ the delivery issues, which will lead the recipient to dodgy websites that can steal your information – never click on those links.
Subscription renewal/new sign up scams
There’s a subscription service for just about anything, and scammers have been known to impersonate brands, as well as create fake ones, in order to try and get your money or extract valuable personal information such as passwords. A subscription renewal or new sign up scam typically involves you being contacted unexpectedly via email, text or phone call by a scammer impersonating a brand. For example, the scammer may claim to be a representative from Amazon, and they may create a sense of urgency to renew your membership or subscription through a malicious link.
Facebook Marketplace & PayID scams
Scams on Facebook Marketplace and similar websites can target both buyers and sellers, and listings themselves can be for products that don’t exist. One particular scam on Facebook Marketplace which targets sellers involves a buyer requesting to make a payment via PayID, which means the seller will have to share their phone number or email. The seller will then receive a fake PayID email or text message, claiming that their PayID account requires a minimum amount and the scammer will offer to pay the extra so long as they get a refund right away. However, the unsuspecting seller is then left out of pocket with no successful sale if they follow through with it.
Fake celebrity endorsements
These scams tend to be found as advertisements on websites including Facebook and YouTube (but can really pop up anywhere, including on major news and entertainment websites) where the scammer has paid for a sponsored ad placement. They feature a well-known Australian individual such as a celebrity or politician, who’s being impersonated through video manipulation or photo editing, often with an outrageous claim alongside the image. The ads will often use a salacious ‘clickbait’ style heading, such as claiming to expose a shocking scandal, or tips for getting rich with cryptocurrency.
Current Prime Minister Anthony Albanese, TV personalities David Koch and Richard Wilkinson, entrepreneur Dick Smith, and many other prominent Australian figures have been impersonated online to try and con users into clicking onto sites that could have malware, or attempt to trick you into providing personal information or invest in too-good-to-be-true cryptocurrency schemes.
Unofficial ticket resellers
Unofficial or fraudulent ticket resellers is another form of a buying or selling scam. With big artists often touring Australia, many fans are desperately trying to find tickets to massive sold-out concerts. You should be very careful about buying tickets from unofficial resellers however, as this is a prime opportunity for scammers to take advantage of keen concert goers by selling fake tickets through places including Facebook Marketplace, eBay and Gumtree. We highly recommend you go through official resellers, such as Ticketek Marketplace and Tixel, for each concert, otherwise you might suffer from more than just FOMO.
Fake products
Since the early days of online shopping, consumers have been reporting scams involving false advertising. This is an ongoing issue to this day, with scammers often copying the details from a legitimate product listing and posting it on a fake website or under a fake profile on a genuine one. The scammer poses as a real online seller by promising products they don’t actually have, and instead sending unaware buyers junk knock-offs or nothing at all. Places such as Temu and Wish have been known to have product listings like this, but it’s an issue found far and wide across the web.
Scams in Australia: key information
What is a scam?
A scam is a scheme that attempts to steal either money or personal information from an unsuspecting party (either an individual or a business) through lies, manipulation and false pretences. Scammers are able to reach more people now than ever due to evolving communication technologies – you can be scammed in person, on the phone, through text messages or emails, across social media or simply by visiting a fake website. Each and every year there are new scams popping up, though these typically fall under one of seven major categories.
What are the different types of scams?
According to the ACCC’s Scamwatch, there are seven main types of scams:
Romance scams
These scams involve convincing someone into, or promising some kind of relationship, including both romantic and platonic, so the scammer can take advantage of the unsuspecting party’s finances.
Investment scams
In this case, the scammer will try to get you to invest in some scheme – it could involve something like cryptocurrency, NFTs, or some other get-rich-quick opportunity that involves an initial monetary investment from you to get started. Investment scams typically involve the loss of large sums of money, and can be devastating to both individuals and businesses.
Product and service scams
Product scams have been rife since the early days of the internet – we’ve likely all heard the horror story of someone buying a product only for it to be something completely different on arriva, or never show up at all. These scams still exist, and can even take the form of a service rather than a physical object. Basically, with this type of scam, you don’t get what you pay for, and can even put your sensitive information such as payment and contact details at risk.
Threat and extortion scams
Some scammers will threaten to cause some form of harm to you or someone you know if you don’t go along with a request. These types of scams might suggest they have compromising photos, or claim to hijack your PC among other scary situations in order to take advantage of your fear and urgency.
Jobs and employment scams
It can already be a challenge to find a job, and scammers have found ways to use this to their advantage. A job or employment scam might involve some monetary contribution to hold a promised position offered to someone, or it could involve false job advertisements where your information is stolen on application.
Unexpected money
If it’s too good to be true, it likely is. While we’d all like to win the lotto, you need to play it safe if you get a sudden message saying you’ve won a large sum of cash, whether you’ve bought a ticket or not. Scammers will often try to coax you into giving away important information or money before you can claim your winnings in these types of scams.
Impersonation scams
Impersonation takes many forms – you might find someone catfishing on a dating website, or receive an email from someone pretending to be your boss. These scams will attempt to be someone else to get you to do something, like clicking a link or transferring money, that puts your funds or data at risk. This can also involve impersonating well-known figures like celebrities or politicians, or even hit an emotional point by pretending to be a family member in need.
Scams in Australia: how to stay safe
How to protect yourself
Scams can target anyone, but there are some measures you can take to minimise the risk of falling for one.
- Update your privacy settings for any online accounts, including social media
This can stop scammers from getting access to personal contact information such as emails or phone numbers. Additionally, it can help to prevent bad actors from using your information to scam others, as some scammers will create entire false profiles using information they’ve stolen off social media in an attempt to trick others who might know you.
- Examine links before you click
Be critical of any suspicious links in emails and texts, or unknown phone numbers which attempt to contact you, especially when the contact is unexpected. In a phishing attempt, scammers will often include malicious links to get you to hand over personal data. Check spelling in the URL, and look out for any out-of-place characters. See if links you’ve been sent match what appears when you Google the organisation's name.
- Keep your devices up-to-date
Keeping your device's softwares up-to-date can help to filter out unwanted calls, texts or emails thanks to spam filters that can stop potentially harmful communications from coming through. Brands like Microsoft, Apple and Google are constantly adding in new security features, while also reducing support for older software, meaning that an outdated web browser, for example, might be more prone to viruses and malware. Having one of the best antivirus software installed, or one of the best VPNs can also help to secure your PC on the chance that someone clicks a scam link.
- Have strong and secure passwords
Make sure your passwords are strong and secure, and enable two-factor authentication (2FA) when you can. This will help stop scammers, especially if they’re attempting to access any of your accounts remotely. Best practice is to make sure you have a separate password for each and every account, and there’s password managers available to help stop you from forgetting them. Passphrases are more difficult to guess than passwords, and the Australian Signals Directorate (ASD) has a helpful guide for creating passphrases.
- Be cautious when shopping online
When making purchases online, you can prevent scams from taking your money by using payment methods with inbuilt security measures. Some methods include using a credit card, or PayPal, which has a buyer protection policy, plus some online marketplaces also have safeguards like eBay’s Money Back Guarantee or Amazon’s A-to-Z Guarantee.
- Stay in the know
Keeping informed about scams is the best way to stay protected. It’s unlikely that you’ll be able to filter out all possible scams and you’d basically have to go off grid to avoid most of them. Even then, old-fashioned scammers can still target people in person. If you know what to look for, you’ll be ahead of any scammer and also able keep your family and friends aware of any happening right now – they might be in a more vulnerable position to fall for a scam, particularly if they’re not tech-savvy, and scammers prey on vulnerabilities to get what they want.
How to spot a scam
While scammers are constantly finding new ways to mislead someone, there’s a few ways to spot a scam:
- Look for suspicious URLs that contain spelling errors or incorrect domains. You can use ICANN Lookup to verify if a web address is legitimate or not.
- Double check any email addresses – phishing emails will often have an error with the email address, such as the domain not matching the sender’s company.
- Random numbers are often spoofed for scam calls and texts – you can search numbers on the internet to see if they've been used in scams previously.
- Photos or videos of celebrities and politicians used out of context with some outrageous claim are often scams, and you can use reverse image search engines like TinEye to find the original source.
- Deepfakes can also be spotted by looking at the details – a video might be really low quality to hide imperfections, or an image might have strange shadows or unrealistic features.
What to do if you get scammed
It’s easy to fall victim to a scam – it’s pretty likely that most of us will at least come close to it at some point in our lives. If you find yourself in this position, there are some things you can do to minimise financial loss and harm:
- Secure your data and finances
If you’ve lost money in a scam, or the scammer has gained access to any bank accounts (or you just suspect they have), you’ll want to contact your financial institution as soon as possible. If you’ve made a payment through a credit card or via PayPal, there’s safeguards in place to help get your money back. Other methods such as PayID and bank transfers might have a few more hoops to jump through with no guaranteed success, but you should be able to at least lock any accounts to prevent further loss.
You’ll also want to look into securing any compromised accounts. This can be as simple as changing your passwords, and you can check Have I Been Pwned? to see if any emails or passwords have been leaked. You also might want to consider setting up two-factor authentication to prevent any further unwanted sign-ins.
- Contact the authorities
Immediately after contacting your bank or financial institution, you should get in touch with a governing body that specialises in scams. These places will have resources to help you minimise any potential loss and report it.
If you’ve been targeted by a scammer but you haven’t handed over any money or personal details, report it to Scamwatch. If you’ve lost money or had your personal details stolen by a scammer, report it to ReportCyber. More details for reporting and recovering from scams are available on the Australian Signals Directorate (ASD) website.
Here’s a list of websites with contacts and resources to help support you if you’ve been scammed:
- Australian Cyber Security Centre (ACSC)
- Australian Competition and Consumer Commission (ACCC) - Scams
- Crime Stoppers
- Money Smart: what to do if you've been scammed
- Scamwatch
Reporting a scam can also help these institutions to spread awareness about scams, hopefully preventing others from falling victim in the future.
If you’re concerned about your identity being compromised due to a scam, IDCARE is a support service that has resources and the ability to help you make your identity secure again after being scammed.
Additionally, you might want to contact any companies where your accounts have been compromised. Big telcos such as Telstra and Optus have resources to help customers in the event of a scam, including dedicated spaces to keep track of current scams and how to report them. Additionally, Optus also has a dedicated resource for current customers in Optus ScamWise, which offers more in-depth information, such as how many scam texts and calls Optus is blocking on a weekly basis.
If you’ve fallen for a scam at work, such as a phishing email, you’ll want to let your workplace’s IT department know as soon as possible.
- Seek support from family, friends and professionals
Being scammed can do a number on your wellbeing, so it’s important to lean into your support group while you navigate this situation. If you can, talk to someone you feel comfortable with, and reach out to professionals such as therapists and counsellors who can help you navigate any emotions or feelings you have during this time.
Anti-scam resource kit
Here’s some resources to help spot and prevent scams, as well as places to report any that you might come across. We’ve also tracked down some resources to help reduce any losses if you have fallen for a scam, plus some further reading on scams from trusted sources.
Prevention
- ABN Lookup: check business numbers against the ABN database
- Australian Securities and Investments Commission: check if a someone is registered to give financial advice
- Australian Signals Directorate: tips on creating secure passphrases
- Avast: antivirus software suites and free ransomware decryptor
- eSafety Commissioner: advice for securing emails, social media and other online interactions
- ICANN Lookup: verify URLs and website domains
- Kaspersky: antivirus and free ransomware decryptor
- PayPal: alternative online payment method with buyer protection
- TinEye: reverse image search
- Whois lookup: check website domains for legitimacy
Reporting
If there is immediate danger regarding a scam, you can call 000. Otherwise, report directly to the police on your local non-emergency line, and/or through the following resources:
- Australian Cyber Security Hotline: 1300 292 371
- Australian Federal Police: report a crime online directly to the Federal Police
- Australian Signals Directorate: ways to report cybercrime for businesses, organisations and individuals
- Crime Stoppers: report directly on the website or call 1800 333 000
- Scamwatch: report suspicious activity to help prevent others from being scammed
Mitigation
- Beyond Blue: emotional support online or call 1300 22 4636
- Have I Been Pwned: check passwords and emails for data breaches
- IDCare: assistance to help secure your identity
- Lifeline: online or call 13 11 14 for counselling if you’re feeling distressed
- Money Smart: tips to help prevent further financial loss
Further information
- Australian Competition and Consumer Commission: scam data, reports and resources available through Scamwatch
