page top

Scam alert! Four sneaky schemes you need to watch out for right now

Attention: open in a new window. Print


It’s estimated that scams cost Australian consumers at least half a billion dollars each year, although the total could be significantly higher as many scams aren’t reported.

1. Phishing

One of the oldest types of cyberattacks, phishing (pronounced ‘fishing’) dates all the way back to the 1990s and is still one of the most widespread online scams.

Why the name? Online scammers throw out a baited hook in the form of a fake email and hope to catch an unsuspecting victim. Victims aren’t necessarily just those who may be considered vulnerable - Hillary Clinton’s email woes began with a phishing attack on a member of her campaign team, who was tricked into giving up his Gmail password.

Most phishing attacks aim to either get the victim to hand over sensitive information e.g. the log-in details to their online bank account, or to open an attachment which will download malware to the victim’s computer.

Whatever the objective is, the method used is usually the same - an email that seems to be from a trusted organisation asking the recipient to take action. Often these emails look indistinguishable from legitimate communications, which can make them difficult to detect.

How to prevent yourself falling victim:

  • Know that organisations such as Qudos Bank or the Australia Taxation Office will never ask for you to click a link and provide personal information.
  • Don’t open suspicious emails – delete them. If you’re unsure, call them on the phone number provided on their official website to verify legitimacy.
  • Always check the email address of emails you receive. If they don’t match the usual website address of that organisation, it’s likely they’re fake.
  • Read all emails carefully. Phishing emails are often sent by people who don’t speak English as their first language. Spelling mistakes or unusual grammar can be giveaways that the email isn’t legitimate.

2. BEC (Business Email Compromise)

Scams aren’t just something you need to be wary of in your personal life – they’re also something to watch out for in your place of work. An emerging example is Business Email Compromise (BEC) attacks, where scammers try to trick people into transferring company money into their own accounts.

Scammers will either impersonate email accounts of senior staff within an organisation, or obtain access through phishing attacks. These email accounts are then used to trick a victim into thinking they received an email from a high ranking executive e.g. CEO or CFO asking them to transfer money out of the company or to give the scammer access to confidential data that can then be used in a future attack.

BEC emails often make requests that bypass an organisation’s normal finance procedures and frequently ask the recipient to keep the request confidential and only communicate via email. These attacks rely heavily on social engineering tactics to trick unsuspecting employees and are often timed when the ‘sender’ is travelling and difficult to contact, so the recipient may have difficulty verifying that the request is real.

How to prevent yourself falling victim:

  • If you receive a BEC attempt, notify the impersonated sender so they can prevent further BEC attempts.
  • Don’t forward the malicious email. Instead, take a screenshot and send to your IT team so that they can secure the email account.

3. Remote Access Scams

Remote access scams try to convince you that you have a computer or internet problem and that you need to buy or install new software to fix the problem.

The scammer will call you, pretending to be a staff member from a large software or telecoms company, and tell you that your computer has been sending error messages or has a virus. After highlighting the fake issue, the scammer will then request remote access to your computer to ‘find out what the problem is.’ They may then try to talk you into buying unnecessary software or a service to ‘fix’ the computer, or they may ask you for your personal details and your bank or credit card details.

How to prevent yourself falling victim:

  • Never give an unsolicited caller remote access to your computer.
  • Never give your personal, credit card or online account details over the phone unless you made the call and the phone number came from a trusted source.
  • Immediately hang up if you receive a phone call about your computer and remote access is requested, even if they mention a reputable company like Microsoft or Telstra.

4. Identity Theft / Takeover

Identity theft scams happen when criminals hijack a person’s identity to apply for a credit card, obtain a loan or do anything else they aren’t authorised to do.

The most common way identity theft occurs is that a scammer gains access to private information, such as utility bills or healthcare records, through an unlocked mailbox. These details are then used to impersonate the victim.

It can be difficult to know that you have been a victim of identity theft until some time has passed after the initial crime. However, indicators to watch for include items appearing on your bank or credit card statements that you don’t recognise, refusal of a financial service despite having a good credit history, or receiving letters from solicitors or debt collectors for debts that you didn’t incur.

How to prevent yourself falling victim:

  • Minimise the risk of mail theft by securing your mailbox (e.g. with a padlock).
  • Cancel unused bank/utility/phone accounts.
  • Securely dispose of any documents that may contain personal details (such as bank and credit card statements, bills, etc).
  • Obtain a copy of your personal credit file to make sure there is no unusual activity. You can request this once a year from credit reporting agencies such as Equifax for free.
  • Promptly report to the police any loss or theft of personal documents and contact all merchants that may have sold goods to the fraudster.
  • Limit social media exposure - check your privacy settings and think twice about what you share publicly.

What to do if you have fallen victim to a scam

Reporting scams is important as it allows us to investigate and minimise the chance of others being affected.

If you believe your security has been compromised or notice a transaction you did not authorise, contact us immediately on 1300 747 747 (Mon-Fri 7am-7pm and Sat 9am-5pm).

Learn more about how Qudos Bank protects its customers and how you can protect yourself.



Qudos Mutual Limited trading as Qudos Bank ABN 53 087 650 557 AFSL/Australian Credit Licence 238 305. The information in this article is of a general nature and has been prepared without considering your objectives, financial situation or needs. Before acting on the information, consider its appropriateness to your circumstances.


Article published August 2019