Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

What is Phishing?

Phishing is a way scammers trick you into revealing your personal information such as passwords, account, identification details or credit card numbers.

Scammers often impersonate well known businesses that you are likely to deal with such as financial institutions, utility companies, telecommunications companies and government agencies. They may also take the form of fake vouchers or competitions, surveys, postal notifications, bills, account alerts etc.

How they contact you*

You are most likely to receive a phishing scam via email, text message or phone.

How they contact you* % How they contact you* %



Mobile applications


Text message


Not applicable








In person


Social networking




What they're after

Scammers can use your personal information to steal your identity for personal and financial gain.

What could a scammer do with your personal information?

  • Access and drain your bank accounts
  • Open new bank accounts in your name and apply for loans or lines of credit
  • Take out phone plans and other contracts in your name
  • Purchase expensive goods in your name
  • Steal your superannuation
  • Gain access to your government online services
  • Access your email to find more sensitive information
  • Access your social media accounts and impersonate you to scam your family and friends

Signs this may be a phishing scam

You are asked for your personal information.
Do not give it to them. Ask for a reference number, then contact the business yourself separately on a trusted number to verify the call was genuine.

You receive an email or SMS asking you to click on a link.
Do not click on the link. To sign in to an account, type the address into the browser yourself. E.g. type

A caller is threatening, applies time pressure, asks you to download software, or complete something in secret.
Hang up. Do not act on their requests or download any software that they may ask you to.

It just does not sound or feel right.
Trust your gut instinct and separately verify the person, business or information given to you.


Financial institutions, government agencies and most organisations will never contact you requesting access to your device, share your passwords, security codes or other personal information via a pop up or a phone call. Never share these with anyone, regardless of the claims being made. Always call organisations back on trusted numbers found on their website or phone directory to validate any of these types of requests.

Who should I contact and examples of scams.

Ronan received an SMS on his phone, that looked to have come from his bank, advising that suspicious activity had been detected on his credit card and that the card had been suspended. The message contained a link for him to click on, to restore the card access.

Ronan clicked on the link and was taken to a webpage (that looked just like his banks) which asked him to enter a number of personal details as part of the security validation, including full name, date of birth, address, phone number and credit card details, which he completed and submitted.

Over the next few days, Ronan noticed some transactions on his credit card that he did not recognise. The scammers had enough information to use his credit card.

Please note, all your information is securely held at Westpac and we would not ask you to validate it via a link in an email or SMS.

Armaan lost his job in a local restaurant when they were shut down due to the pandemic. His boss had advised he had applied to get the JobKeeper allowance for his staff.

Not long after, Armaan saw he had an ‘Subsidy Benefit Allowance’ email in his inbox, that looked to be from the Australian Government. The email indicated that Armaan was required to provide some more information before they could make any payments to him. As Armaan was waiting to hear back about benefits, he thought it was legitimate.

The email advised that for Armaan to confirm his eligibility, he needed to reply with his name, address, date of birth and Tax File Number, as well as attaching a copy of his drivers licence or passport, and a copy of his medicare card. He attached the requested information and sent the email back.

The email was a phishing email and Armaan had sent his personal details through to a scammer. With the information they had, the scammers were able to impersonate Armaan and apply for phone services and other accounts in his name.

Iris received a call from someone claiming to be from a local postal/courier service, saying they were unsuccessful in delivering a parcel, as full postage costs had not been covered by the sender. She had recently made some online purchases, so assumed it related to one of the packages she was waiting on.

The caller asked Iris to provide her name and address details to confirm she was the owner of the package they had. They advised they could arrange redelivery if Iris covered the outstanding postal costs as well as a redelivery fee.

Iris provided her credit card number, expiry date and 3-digit CVV code to them to arrange this.

Iris became suspicious, when she received all the packages she was waiting on by standard mail and started seeing transactions on her credit card that she had not made. It was not long after when Iris’ bank contacted her about some overseas transactions that had come through on her credit card.  She had been scammed.

Anja was scrolling through her social media feed and noticed that some of her friends had posted a fun quiz that generated the ‘type of person’ they were, so she decided to give it a go.

Anja clicked on the quiz link and had to complete a number of random questions such as the place where she was born, the first street she lived on, the name of her first pet, favourite colour etc to generate the response, which Anja then posted for her friends to see, and try for themselves.

What Anja didn’t realise is that the questions and answers she had just input are quite often the same questions that you might be asked, when opening new accounts or validating your identity on secure sites.

With the information collected, as well as other details sourced from her social media profile, the scammers were able to impersonate Anja and apply for credit cards in her name.

Latest Scams

To stay in the loop, and stay protected, check out our list of the latest phishing scams impersonating Westpac.

Report a scam

If you receive any suspicious calls, emails or SMS messages, or notice unusual activity on your account, it’s important that you let us know.

Security Wellbeing Check

To help keep you up to date with the latest security features, we’ve introduced the Security Wellbeing Check. Found in the Westpac App, it checks your Westpac settings and suggests how you can improve the security of your banking facilities.

Things you should know

* Delivery method percentages are based on the number of reports from 1 January 2020 to 31 August 2020. The data is sourced from the Australian Competition & Consumer Commission (ACCC) scam watch website and is based on reports provided to the ACCC by web form and over the phone.

** Examples are based on one or more real scam reports received by Westpac. For privacy purposes real names have not been used.