If you receive an unexpected phone call, email, text, online message, or other approach about your bank account, it could be a scam.
Types of banking scams
Scammers may target you online, on social media, by phone, text, email, or even in person. Know what to look for so you can spot a scam and protect yourself.
Here are three common types of banking scams to be aware of.
1. Phishing scams
Phishing is when a scammer tries to get your personal information so they can get access to your online accounts.
Scammers may contact you by text, email, social media or messaging apps pretending to be a trusted organisation. The message might look almost exactly like the real thing.
They may know your name and other personal details that make the message sound genuine. This is to try to convince you they are who they claim to be and gain your trust.
Examples of phishing can be:
- a phone call claiming your details with a service provider or government agency need to be updated;
- an email with a link or attachment, asking you to update or verify your details;
- an email or text purporting to be a security alert and asking you to call a number or click a link;
- a text claiming your reward points are going to expire if you don't take action straight away.
These all have the goal of persuading you to click a link, open an attachment or share personal information.
Can you spot a phishing scam? Take the Australian Cyber Security Centre quiz and see.
2. Bank impersonation scams
Scammers may pretend to be your bank through phone calls, emails, texts or other online messages. They often use urgent language to pressure you into acting quickly.
They may:
- claim there’s suspicious activity on your account;
- ask you to transfer money to a “safe” account;
- advise you to click a link to maintain access to your account;
- tell you to change your banking settings while they stay on the phone.
Their goal is simple: to get you to hand over money or information that lets them access your bank accounts by making you believe there’s an urgent problem.
Scammers can use technology to change the way their number appears when they phone or text you - it It lets them copy a real bank phone number. This is called spoofing. Scammers make use of spoofing to deceive victims into assuming that the call/text is legitimate, even though it isn’t. Then they rely on creating pressure, confusion or fear so you act quickly without checking.
Read about this bank impersonation alert.
While your bank may contact you if they suspect a suspicious transaction, they will never ask you:
- for sensitive information such as online banking passwords or codes
- to download software
- to transfer money
- to log in to online banking through a link sent via text or email.
3. Remote access scams
Remote access scams can happen when someone pretends to be from a well‑known company, such as your bank or a software provider. They may claim there’s a problem with your account or device and say they need to fix it for you. Their real aim is to get access to your device so they can access your bank account, steal personal information or install malware.
Examples include:
- a caller pretending to be from a bank asking you to visit a website and download “special software”;
- a pop up on your computer claiming your device has a virus or security issue;
- a scam website asking you to open a “live chat”, which downloads software to your device;
- a caller claiming your device has a “virus” or “issue” that they need to help you “fix”;
Once scammers gain access to your device, they can see what you type, capture passwords and move into your bank accounts.
Keep up to date with banking scams by regularly checking your bank’s website, ASIC's Investment scam alerts, and scam alerts on Scamwatch. Learn what to do if you think you may have been scammed.
Key actions to protect yourself from banking scams
Scammers are skilled at finding ways to get your details and your dollars. Follow these steps to protect yourself from scams.
check_box Strengthen your security
- Use strong, unique passwords: Create long passwords or passphrases and avoid re‑using them across accounts. Read these tips on how to create a strong password.
- Turn on multi‑factor authentication (MFA): Add an extra step - such as a code sent to your phone - when logging in to your online banking, email and important apps. This makes it much harder for scammers to get in, even if they know your password. Find out more about MFA, including how to enable it.
- Consider using a passkey: A passkey is a type of multi-factor authentication that lets you log in to your online account without entering a password. Instead, you hold one copy of a digital key and your account provider (for example, your bank) holds the other. This means there’s no password for scammers to steal.
- Keep devices up to date: Install updates for your phone, computer and apps. Use reputable antivirus software and turn on automatic updates where you can.
check_box Be careful with links and messages and calls
- Think before you click: Delete unexpected or suspicious emails and texts. Do not click on links or open attachments.
- Go direct to your bank: Type your bank’s web address into your browser or use the official bank app. Do not log in via links in messages or emails. Learn how to spot a scam website.
check_box Question the call
- Question urgency: Scammers often pressure you to act quickly. As Scamwatch advises, Stop. Check. Protect.
- Hang up and call back: If someone calls claiming to be from your bank and asks for personal or banking details, hang up. Call your bank using the number on their website or the back of your card.
Report all scams to Scamwatch
Act fast if you suspect a scam
Scamwatch, run by the National Anti-Scam Centre (NASC), collates information about all scam types. They use this information to warn and protect the public. Scamwatch also sends information to other agencies, including ASIC and ReportCyber, to help stop scammers. Report all scams, including banking scams, to Scamwatch.