• skip to content
• how to complain
• about us
• contact us

Search

• 
  Home
• 
  Money tips
  • Managing your money
  • Financial survival guide
  • Investing
  • Getting advice
  • Risk & returns
  • Financial turning points
  • Transacting online
• About
  financial products
  • Superannuation
  • Retirement income
  • Loans & credit
  • Insurance
  • Deposit accounts
  • Cash & fixed interest
  • Unlisted investments
  • Shares
  • Managed funds
  • Complex investments
• 
  About you
  • Your stories
  • Young adults
  • Retirees
  • Indigenous
  • Women and money
  • Westpoint investors
  • Other languages
  • How to complain
  • Personal support
• Scams &
  warnings
  • Overview
  • Typical scams and our warnings
  • Protect yourself
  • Reporting a scam
  • Cold calling blacklist
  • Pie in the sky
• Publications
  & resources
  • Brochures & booklets
  • News releases
  • FIDO News
  • Calculators
  • Check our lists
  • Teacher resources
  • Reports
  • Glossary
  • Useful links
  • Audio
  • Other resources

• Overview
• Typical scams and our warnings
  • Common scams
  • Get rich quick schemes
• Protect yourself
• Reporting a scam
• Cold calling blacklist
• Pie in the sky

Fraudulent emails

(especially fake bank emails or 'phishing')

Watch out - some emails look surprisingly genuine How the scam works Why these frauds look genuine Spyware and trojans Finding the fraudsters International and local examples How to report the scam

Watch out - some emails look surprisingly genuine

The more you use the internet, the more you appreciate its convenience and access to services like banking and shopping. Unfortunately, the internet is exploited for frauds that sometimes look surprisingly genuine. Here are some of the tell tale signs of typical frauds, and some safety checks you can use to avoid them.

New scams - would you fall for them?

How the scam works

You get an email out of the blue with some story about why you have to reply. The email claims to be from your bank, credit card company or some other service you use. It usually asks you to send your account details, and sometimes your PIN, either by return email or through a website.

Various tricks are used to lower your guard, such as 'security and maintenance upgrades', 'investigation of irregularities' or 'bills or charges due'. Here are some real life examples.

Fake surveys

• 'You are invited to take part in the annual showdown between St. George and Commonwealth Bank. The showdown consists in an online survey. The information gathered will be used for service improvements. If you choose to participate you will be credited with $50 just for your time! No matter who wins, YOU win anyway!'
• 'From the desk of the CEO of your bank - I am very pleased to introduce the online survey for our fellow customers. You have a chance to win one of 25 laptops for participation. The purpose of this survey is to obtain your opinions about the way your bank operates. We are entering a new phase in our company history and I feel it would be appropriate to understand your perceptions of our company at this time. The survey measures opinions and perceptions.' (names removed)

Fake security and maintenance upgrades

• 'Your account has been randomly selected for maintenance and placed on 'Limited Access' status, please enter your account details to re-activate your service.'
• 'Please provide your account details to re-activate your account following the introduction of a new security system which will help you avoid fraudulent transactions and keep your investment safe.'
• 'Urgent, system problems. Please go to <web address> and re-enter your details'

Phoney investigations

• 'Your credit card has been cancelled in accordance with Article 205 of Chapter 210 of the international fraud department. We suspect that your card was involved in some criminal activity. A violation of the law is a serious criminal offence and could bring you before the courts. You bank will not be able to assist you until the investigation is over. For further information visit our website at <web address>'
• 'You are subject to a tax e-audit and must complete the following questionnaire within 48 hours to avoid assessment of penalties and interest. Please provide social security, bank account information.'

False bills and charges

• 'According to our records your payment for your Internet access account is late. Perhaps you overlooked it? Please contact us at <web address> to update your details.'
• 'Your domain name registration is due for renewal, please enter the following information exactly as it appears on your credit card statement. This will be compared to the information your bank has on file for your card to verify your payment.'
• 'You have won a free gift (or prize), simply complete your credit card details for postage and handling costs and we'll send it out to you.'

Money has been withdrawn from your account

• '$9,000 was withdrawn from your account last Friday.'

Why these frauds look genuine

Fraudsters scan the internet for email addresses or generate them at random. They don't need an online service provider's mailing lists. They may send just a few dozen emails or thousands. Even if only a few unsuspecting people bite, it can be worth the effort. These emails can look genuine by using:

• the names of real people
• the right logos and branding
• links to pages from the real website
• official-looking fine print
• a site that mimics the real thing. Technically, it's quite easy to copy and paste genuine pages to a new fake address.

Spyware and trojans

Some computer programs conceal hidden programming to spy on you and send your secret passwords and PINs back to criminals. Your computer can get infected with these dangerous bugs, if you don't keep your computer security up to date. For example, your computer could be attacked while downloading games, music or videos, even if you always delete suspect emails. The risk is probably greatest from websites that don't have an established business reputation to protect.

Finding the fraudsters

Finding fraudsters can often be difficult because their mimic sites often are up and gone in just a few hours, but still long enough to rip-off unsuspecting users.

International and local examples

Some of the biggest names on the internet have been targeted.

• eBay – this scam involved a series of fake emails used to steal users' credit card numbers and to commandeer eBay customers' accounts and then defraud buyers using the eBay service.
• PayPal – users received e-mails masquerading as official PayPal alerts that asked recipients to submit bank and credit card details after the user's account has been randomly selected for maintenance and placed on "Limited Access" status. Yahoo – users were encouraged to divulge their personal information in response to an email posing as being from Yahoo! employees.
• Melbourne IT – deceptive emails lured Melbourne IT customers to a mimic site where they were advised to input their financial details – including credit card numbers to – renew their domain name registrations. The mimic site had a similar URL to the official Melbourne IT URL address.
• Westpac Banking Corporation - customers were sent emails inviting them to complete an online survey for a chance to win attractive prizes. Although the URL displayed was similar to the Westpac address, in fact it directed users to a non-Westpac site, Customers needed to log in their account details to participate in the survey.

Safety checks to protect yourself

How to report the scam

Contact your legitimate financial institution or company directly. Do not respond to any contact details in the email itself. You can also report it to the Australian Communications and Media Authority or on the SCAMwatch site.

More information

Your rights and responsibilities under the Electronic Funds Transfer Code of Conduct for internet and electronic transactions.
Return to Common scams homepage

• using this site
• site map
• copyright
• privacy
• feedback
• translated documents
• asic website
• Last updated: 09/30/2009