Phishing

Report a scam Report a scam Latest Scams Latest Scams

What is Phishing?

Phishing is a way scammers trick you into unknowingly sharing your personal information such as passwords, account information, identification details or credit card numbers, with the intention to steal your identity for personal and financial gain.

Scammers often impersonate well-known businesses that you are likely to deal with such as financial institutions, utility providers, telecommunications companies and government agencies. They may also take the form of fake vouchers or competitions, surveys, postal notifications, bills, account alerts etc.

SMS scam example

Ronan received an SMS on his phone, that looked to have come from his bank, advising that suspicious activity had been detected on his credit card and that the card had been suspended. The message contained a link for him to click on, to restore the card access.

Ronan clicked on the link and was taken to a webpage (that looked just like his banks) which asked him to enter a number of personal details as part of the security validation, including full name, date of birth, address, phone number and credit card details, which he completed and submitted.

Over the next few days, Ronan noticed some transactions on his credit card that he did not recognise. The scammers had enough information to use his credit card.

Please note, all your information is securely held at Westpac and we would not ask you to validate it via a link in an email or SMS.

Email scam example

Armaan lost his job in a local restaurant when they were shut down due to the pandemic. His boss had advised he had applied to get the JobKeeper allowance for his staff.

Not long after, Armaan saw he had an ‘Subsidy Benefit Allowance’ email in his inbox, that looked to be from the Australian Government. The email indicated that Armaan was required to provide some more information before they could make any payments to him. As Armaan was waiting to hear back about benefits, he thought it was legitimate.

The email advised that for Armaan to confirm his eligibility, he needed to reply with his name, address, date of birth and Tax File Number, as well as attaching a copy of his drivers licence or passport, and a copy of his medicare card. He attached the requested information and sent the email back.

The email was a phishing email and Armaan had sent his personal details through to a scammer. With the information they had, the scammers were able to impersonate Armaan and apply for phone services and other accounts in his name.

Phone scam example

Iris received a call from someone claiming to be from a local postal/courier service, saying they were unsuccessful in delivering a parcel, as full postage costs had not been covered by the sender. She had recently made some online purchases, so assumed it related to one of the packages she was waiting on.

The caller asked Iris to provide her name and address details to confirm she was the owner of the package they had. They advised they could arrange redelivery if Iris covered the outstanding postal costs as well as a redelivery fee.

Iris provided her credit card number, expiry date and 3-digit CVC code to them to arrange this.

Iris became suspicious, when she received all the packages she was waiting on by standard mail and started seeing transactions on her credit card that she had not made. It was not long after when Iris’ bank contacted her about some overseas transactions that had come through on her credit card. She had been scammed.

Social Media scam example

Anja was scrolling through her social media feed and noticed that some of her friends had posted a fun quiz that generated the ‘type of person’ they were, so she decided to give it a go.

Anja clicked on the quiz link and had to complete a number of random questions such as the place where she was born, the first street she lived on, the name of her first pet, favourite colour etc to generate the response, which Anja then posted for her friends to see, and try for themselves.

What Anja didn’t realise is that the questions and answers she had just input are quite often the same questions that you might be asked, when opening new accounts or validating your identity on secure sites.

With the information collected, as well as other details sourced from her social media profile, the scammers were able to impersonate Anja and apply for credit cards in her name.

Signs this may be a scam

You're asked for your personal information.

Do not give it to them. Ask for a reference number, then contact the business yourself separately on a trusted number to verify if the request was genuine.

You receive an email or SMS asking you to click on a link.

Do not click on the link. To sign in to your banking, type the address into the browser yourself (e.g. type in westpac.com.au).

A caller is threatening and applies time pressure.

They may also ask you to download software, or complete something in secret. Hang up. Do not act on their requests or download anything.

It just doesn't sound or feel right.

Trust your gut instinct and separately verify the person, business or information given to you.

Important:

Financial institutions, government agencies and most organisations will never contact you requesting access to your device, share your passwords, security codes, PIN’s or other personal information via a pop up or a phone call. Never share these with anyone, regardless of the claims being made. Always call organisations back on trusted numbers found on their website or phone directory to validate any of these types of requests.

What a scammer could do with your personal information

Access and drain your bank accounts
Open new bank accounts in your name and apply for loans or lines of credit
Take out phone plans and other contracts in your name
Purchase expensive goods in your name
Steal your superannuation
Gain access to your government online services
Access your email to find more sensitive information
Access your social media accounts and impersonate you to scam your family and friends

What you can do if you
come across a scam

Let us know

Please report scams or suspicious activity immediately to Westpac at 132 032 or +61 2 9155 7700 (if calling from overseas).
Forward suspicious emails to hoax@westpac.com.au or SMS/text messages to 0497 132 032 then delete the email or message.
You can also report all suspicious activity to the Australian Cyber Security Centre at cyber.gov.au/report.

Get support and stay in the know

IDCARE provides free, confidential support and guidance to those impacted by fraud, scams, identity theft or compromise. Call them toll-free on 1800 595 160 or visit idcare.org.
Keep up to date on scams by subscribing to the government's scam email alerts from scamwatch.gov.au/subscribe.
Check out our latest scams, for copies of recently reported scams at westpac.com.au/scams.

ScamSpot: a series of 2-minute bites to help spot the latest scams

Things you should know

* Examples are based on one or more real scam reports received by Westpac. For privacy purposes real names have not been used.