Received a text message about a missed delivery of something you definitely didn’t order? Or has a new love interest you met online asked if you can lend them some money? These are just two examples of common scams that happen right here in Australia, and if you’re not careful, they can catch you out of pocket.
Scams are costing everyday Aussies billions of dollars every year, putting both individual’s livelihoods and whole businesses at risk. With new technology, they’re also getting harder to avoid and harder to spot, as scammers are finding more creative and inventive ways to swindle money or personal information. Scammers use a variety of methods to target unaware individuals – from spam calls, texts, emails, fake websites, advertisements and even new tech such as AI is being used by scammers to make fake videos and images to trick unsuspecting individuals in 2024.
Scams don’t just threaten your bank balance – some scammers might even try to steal your identity, which can cause all sorts of issues far beyond financial loss. The best way to avoid being scammed is to know what to look for, and find ways to protect your finances and data online – to make it easier, we’ve done the research and compiled a list of the most common scams here in Australia, and explain how to protect yourself – and what you can do if you’ve accidentally fallen victim to a scam.
Monthly snapshot – March 2024
The National Anti-Scam Centre has issued a warning this month around fake celebrity investment and trading scams. This type of scam is highly sophisticated, and the Australian Competition and Consumer Commission (ACCC) reports that Aussies lost over AU$8 million to online investment trading platforms in 2023.
Fake celebrity investment scams circulate online through fabricated news articles and deepfake videos that are most often shared on social media. We’ve gone into detail about these kinds of fake celebrity endorsements below, but essentially scammers will use a well-known public figure and manipulate their image to convince people to start using a fake online investment trading platform.
“We know of an Australian man who lost AU$80,000 in cryptocurrency after seeing a deepfake Elon Musk video interview on social media, clicking the link and registering his details through an online form,” says the ACCC’s Deputy Chair, Catriona Lowe.
“He was provided with an account manager and an online dashboard where he could see his investment supposedly making huge returns. But when he tried to withdraw the money – he was locked out of his account.”
Final numbers are in for 2023, and according to Scamwatch, Aussies lost over AU$476 million during 2023. Investment scams caused the biggest financial loss among Australians, accounting for just over AU$291 million in losses. Despite the huge financial loss, Scamwatch only received 8,159 reports of investment scams in 2023. Phishing scams are far more popular, with over 108,000 incidents reported to Scamwatch last year.
Current & common scams in Australia
Pig butchering
“Pig butchering” is a romance investment scam where the scammer forms a relationship with the victim, often making a connection through social media or dating apps, and hints at a lavish lifestyle earned through cryptocurrency. As the scammer earns the victim’s trust, they will direct the victim to put money into what looks like a legitimate investment site or app. These clones are convincing enough that people invest high amounts of money, but soon find out they are unable to withdraw their gains, with the scammer cashing out once the victim refuses to add any more funds into the scheme.
Scams like this have contributed up to AU$3,800 lost every hour in 2023 according to the Australian Federal Police, and it’s an ongoing issue in 2024, with the term pig butchering trending recently due to a study that found over $75 billion (around AU$115 billion) was lost globally between January 2020 and February 2024.
Booking.com phishing scams
It’s not long now until the next holiday period is here, and if you’re planning a trip over Easter, you’ll want to be careful of scams impersonating hotels listed on Booking.com. At the start of 2024, the ABC reported on the sharp increase of reported scams mentioning Booking.com in 2023, with Scamwatch noting that Aussies lost over AU$337,000 to this form of scam last year.
In the scam, travellers who had booked accommodation through Booking.com received messages through the website which appeared to be from hotels with which the travellers had legitimate bookings. In one known incidence of a Booking.com scam, the traveller targeted by the scam was later contacted by a legitimate hotel representative who said their messaging systems had been hacked by cyber criminals.
It’s important to thoroughly double check any emails or details before handing over any money, and where possible, contact the accommodation provider directly via official numbers from their website to help clarify if any emails or messages have been sent from a hacker.
Unpaid tolls
A common scam that peaks during certain times of the year has to do with unpaid tolls. In this instance, an email or text message is sent claiming that you haven’t paid your toll fees, and urging you to pay it ASAP via a suspicious link. It’s easy to spot if you don’t drive near any toll roads, but if you’re a frequent driver, the scammer is hoping you’ll panic and click through to pay your fake overdue fees before you realise what’s actually happening.
False delivery texts
Have you received multiple unexpected SMS messages throughout January 2024 regarding undeliverable parcels? We certainly did – several members of our team provided snapshots of frequent text messages from random mobile numbers claiming that their delivery address needed to be updated. Often, these would be received around the same time, either in the morning, hoping to catch people who have just woken up, or in the evening, multiple times a week, pretending to be from companies like Australia Post. They would include suspicious links to ‘solve’ the delivery issues, which will lead the recipient to dodgy websites that can steal your information – never click on those links.
Subscription renewal/new sign up scams
There’s a subscription service for just about anything, and scammers have been known to impersonate brands, as well as create fake ones, in order to try and get your money or extract valuable personal information such as passwords. A subscription renewal or new sign up scam typically involves you being contacted unexpectedly via email, text or phone call by a scammer impersonating a brand. For example, the scammer may claim to be a representative from Amazon, and they may create a sense of urgency to renew your membership or subscription through a malicious link.
Government/tax-refund failure scams
Phishing scams typically involve scammers impersonating a well-known or trusted organisation, and scammers routinely pose as government institutions such as the Australian Taxation Office (ATO) or Centrelink. People are particularly vulnerable to tax-refund failure scams around tax time, but you can find instances of scammers impersonating government authorities all year round.
One of our colleagues at TechRadar was sent a message claiming to be from “Service Australia” in October 2023, trying to convince him to click on a suspicious link to update Centrelink payments details. This was quickly spotted as a fake, it’s Services Australia for one, and two, the link included in the text did not match that of the official website of Services Australia.
Facebook Marketplace & PayID scams
Scams on Facebook Marketplace and similar websites can target both buyers and sellers, and listings themselves can be for products that don’t exist. One particular scam on Facebook Marketplace which targets sellers involves a buyer requesting to make a payment via PayID, which means the seller will have to share their phone number or email. The seller will then receive a fake PayID email or text message, claiming that their PayID account requires a minimum amount and the scammer will offer to pay the extra so long as they get a refund right away. However, the unsuspecting seller is then left out of pocket with no successful sale if they follow through with it.
Fake celebrity endorsements
These scams tend to be found as advertisements on websites including Facebook and YouTube (but can really pop up anywhere, including on major news and entertainment websites) where the scammer has paid for a sponsored ad placement. They feature a well-known Australian individual such as a celebrity or politician, who’s being impersonated through video manipulation or photo editing, often with an outrageous claim alongside the image. The ads will often use a salacious ‘clickbait’ style heading, such as claiming to expose a shocking scandal, or tips for getting rich with cryptocurrency.
Current Prime Minister Anthony Albanese, TV personalities David Koch and Richard Wilkinson, entrepreneur Dick Smith, and many other prominent Australian figures have been impersonated online to try and con users into clicking onto sites that could have malware, or attempt to trick you into providing personal information or invest in too-good-to-be-true cryptocurrency schemes.
Unofficial ticket resellers
Unofficial or fraudulent ticket resellers is another form of a buying or selling scam. With big artists such as Taylor Swift, Blink-182, Coldplay and Pink all touring in Australia in 2024, many fans are desperately trying to find tickets to massive sold-out concerts. You should be very careful about buying tickets from unofficial resellers however, as this is a prime opportunity for scammers to take advantage of keen concert goers by selling fake tickets through places including Facebook Marketplace, eBay and Gumtree. We highly recommend you go through official resellers, such as Ticketek Marketplace and Tixel, for each concert, otherwise you might suffer from more than just FOMO (fear of missing out).
Fake products
Since the early days of online shopping, consumers have been reporting scams involving false advertising. This is an ongoing issue to this day, with scammers often copying the details from a legitimate product listing and posting it on a fake website or under a fake profile on a genuine one. The scammer poses as a real online seller by promising products they don’t actually have, and instead sending unaware buyers junk knock-offs or nothing at all. Places such as Temu and Wish have been known to have product listings like this, but it’s an issue found far and wide across the web.
Scams in Australia: key information
What is a scam?
A scam is a scheme that attempts to steal either money or personal information from an unsuspecting party (either an individual or a business) through lies, manipulation and false pretences. Scammers are able to reach more people now than ever due to evolving communication technologies – you can be scammed in person, on the phone, through text messages or emails, across social media or simply by visiting a fake website. Each and every year there are new scams popping up, though these typically fall under one of seven major categories.
What are the different types of scams?
According to the ACCC’s Scamwatch, there are seven main types of scams:
Romance scams
These scams involve convincing someone into, or promising some kind of relationship, including both romantic and platonic, so the scammer can take advantage of the unsuspecting party’s finances.
Investment scams
In this case, the scammer will try to get you to invest in some scheme – it could involve something like cryptocurrency, NFTs, or some other get-rich-quick opportunity that involves an initial monetary investment from you to get started. Investment scams typically involve the loss of large sums of money, and can be devastating to both individuals and businesses.
Product and service scams
Product scams have been rife since the early days of the internet – we’ve likely all heard the horror story of someone buying a product only for it to be something completely different on arriva, or never show up at all. These scams still exist, and can even take the form of a service rather than a physical object. Basically, with this type of scam, you don’t get what you pay for, and can even put your sensitive information such as payment and contact details at risk.
Threat and extortion scams
Some scammers will threaten to cause some form of harm to you or someone you know if you don’t go along with a request. These types of scams might suggest they have compromising photos, or claim to hijack your PC among other scary situations in order to take advantage of your fear and urgency.
Jobs and employment scams
It can already be a challenge to find a job, and scammers have found ways to use this to their advantage. A job or employment scam might involve some monetary contribution to hold a promised position offered to someone, or it could involve false job advertisements where your information is stolen on application.
Unexpected money
If it’s too good to be true, it likely is. While we’d all like to win the lotto, you need to play it safe if you get a sudden message saying you’ve won a large sum of cash, whether you’ve bought a ticket or not. Scammers will often try to coax you into giving away important information or money before you can claim your winnings in these types of scams.
Impersonation scams
Impersonation takes many forms – you might find someone catfishing on a dating website, or receive an email from someone pretending to be your boss. These scams will attempt to be someone else to get you to do something, like clicking a link or transferring money, that puts your funds or data at risk. This can also involve impersonating well-known figures like celebrities or politicians, or even hit an emotional point by pretending to be a family member in need.
Scams in Australia: how to stay safe
How to protect yourself
Scams can target anyone, but there are some measures you can take to minimise the risk of falling for one.
- Update your privacy settings for any online accounts, including social media
This can stop scammers from getting access to personal contact information such as emails or phone numbers. Additionally, it can help to prevent bad actors from using your information to scam others, as some scammers will create entire false profiles using information they’ve stolen off social media in an attempt to trick others who might know you.
- Examine links before you click
Be critical of any suspicious links in emails and texts, or unknown phone numbers which attempt to contact you, especially when the contact is unexpected. In a phishing attempt, scammers will often include malicious links to get you to hand over personal data. Check spelling in the URL, and look out for any out-of-place characters. See if links you’ve been sent match what appears when you Google the organisation's name.
- Keep your devices up-to-date
Keeping your device's softwares up-to-date can help to filter out unwanted calls, texts or emails thanks to spam filters that can stop potentially harmful communications from coming through. Brands like Microsoft, Apple and Google are constantly adding in new security features, while also reducing support for older software, meaning that an outdated web browser, for example, might be more prone to viruses and malware. Having one of the best antivirus software installed, or one of the best VPNs can also help to secure your PC on the chance that someone clicks a scam link.
- Have strong and secure passwords
Make sure your passwords are strong and secure, and enable two-factor authentication (2FA) when you can. This will help stop scammers, especially if they’re attempting to access any of your accounts remotely. Best practice is to make sure you have a separate password for each and every account, and there’s password managers available to help stop you from forgetting them. Passphrases are more difficult to guess than passwords, and the Australian Signals Directorate (ASD) has a helpful guide for creating passphrases.
- Be cautious when shopping online
When making purchases online, you can prevent scams from taking your money by using payment methods with inbuilt security measures. Some methods include using a credit card, or PayPal, which has a buyer protection policy, plus some online marketplaces also have safeguards like eBay’s Money Back Guarantee or Amazon’s A-to-Z Guarantee.
- Stay in the know
Keeping informed about scams is the best way to stay protected. It’s unlikely that you’ll be able to filter out all possible scams and you’d basically have to go off grid to avoid most of them. Even then, old-fashioned scammers can still target people in person. If you know what to look for, you’ll be ahead of any scammer and also able keep your family and friends aware of any happening right now – they might be in a more vulnerable position to fall for a scam, particularly if they’re not tech-savvy, and scammers prey on vulnerabilities to get what they want.
How to spot a scam
While scammers are constantly finding new ways to mislead someone, there’s a few ways to spot a scam:
- Look for suspicious URLs that contain spelling errors or incorrect domains. You can use ICANN Lookup to verify if a web address is legitimate or not.
- Double check any email addresses – phishing emails will often have an error with the email address, such as the domain not matching the sender’s company.
- Random numbers are often spoofed for scam calls and texts – you can search numbers on the internet to see if they've been used in scams previously.
- Photos or videos of celebrities and politicians used out of context with some outrageous claim are often scams, and you can use reverse image search engines like TinEye to find the original source.
- Deepfakes can also be spotted by looking at the details – a video might be really low quality to hide imperfections, or an image might have strange shadows or unrealistic features.
What to do if you get scammed
It’s easy to fall victim to a scam – it’s pretty likely that most of us will at least come close to it at some point in our lives. If you find yourself in this position, there are some things you can do to minimise financial loss and harm:
- Secure your data and finances
If you’ve lost money in a scam, or the scammer has gained access to any bank accounts (or you just suspect they have), you’ll want to contact your financial institution as soon as possible. If you’ve made a payment through a credit card or via PayPal, there’s safeguards in place to help get your money back. Other methods such as PayID and bank transfers might have a few more hoops to jump through with no guaranteed success, but you should be able to at least lock any accounts to prevent further loss.
You’ll also want to look into securing any compromised accounts. This can be as simple as changing your passwords, and you can check Have I Been Pwned? to see if any emails or passwords have been leaked. You also might want to consider setting up two-factor authentication to prevent any further unwanted sign-ins.
- Contact the authorities
Immediately after contacting your bank or financial institution, you should get in touch with a governing body that specialises in scams. These places will have resources to help you minimise any potential loss and report it.
If you’ve been targeted by a scammer but you haven’t handed over any money or personal details, report it to Scamwatch. If you’ve lost money or had your personal details stolen by a scammer, report it to ReportCyber. More details for reporting and recovering from scams are available on the Australian Signals Directorate (ASD) website.
Here’s a list of websites with contacts and resources to help support you if you’ve been scammed:
- Australian Cyber Security Centre (ACSC)
- Australian Competition and Consumer Commission (ACCC) - Scams
- Crime Stoppers
- Money Smart: what to do if you've been scammed
- Scamwatch
Reporting a scam can also help these institutions to spread awareness about scams, hopefully preventing others from falling victim in the future.
If you’re concerned about your identity being compromised due to a scam, IDCARE is a support service that has resources and the ability to help you make your identity secure again after being scammed.
Additionally, you might want to contact any companies where your accounts have been compromised. Big telcos such as Telstra and Optus have resources to help customers in the event of a scam, including dedicated spaces to keep track of current scams and how to report them. Additionally, Optus also has a dedicated resource for current customers in Optus ScamWise, which offers more in-depth information, such as how many scam texts and calls Optus is blocking on a weekly basis.
If you’ve fallen for a scam at work, such as a phishing email, you’ll want to let your workplace’s IT department know as soon as possible.
- Seek support from family, friends and professionals
Being scammed can do a number on your wellbeing, so it’s important to lean into your support group while you navigate this situation. If you can, talk to someone you feel comfortable with, and reach out to professionals such as therapists and counsellors who can help you navigate any emotions or feelings you have during this time.
Anti-scam resource kit
Here’s some resources to help spot and prevent scams, as well as places to report any that you might come across. We’ve also tracked down some resources to help reduce any losses if you have fallen for a scam, plus some further reading on scams from trusted sources.
Prevention
- ABN Lookup: check business numbers against the ABN database
- Australian Securities and Investments Commission: check if a someone is registered to give financial advice
- Australian Signals Directorate: tips on creating secure passphrases
- Avast: antivirus software suites and free ransomware decryptor
- eSafety Commissioner: advice for securing emails, social media and other online interactions
- ICANN Lookup: verify URLs and website domains
- Kaspersky: antivirus and free ransomware decryptor
- PayPal: alternative online payment method with buyer protection
- TinEye: reverse image search
- Whois lookup: check website domains for legitimacy
Reporting
If there is immediate danger regarding a scam, you can call 000. Otherwise, report directly to the police on your local non-emergency line, and/or through the following resources:
- Australian Cyber Security Hotline: 1300 292 371
- Australian Federal Police: report a crime online directly to the Federal Police
- Australian Signals Directorate: ways to report cybercrime for businesses, organisations and individuals
- Crime Stoppers: report directly on the website or call 1800 333 000
- Scamwatch: report suspicious activity to help prevent others from being scammed
Mitigation
- Beyond Blue: emotional support online or call 1300 22 4636
- Have I Been Pwned: check passwords and emails for data breaches
- IDCare: assistance to help secure your identity
- Lifeline: online or call 13 11 14 for counselling if you’re feeling distressed
- Money Smart: tips to help prevent further financial loss
Further information
- Australian Competition and Consumer Commission: scam data, reports and resources available through Scamwatch
