Avoiding scams and hoaxes

mScam and hoax websites and emails are designed to trick you into disclosing personal information such as bank account details, passwords or credit card numbers.

Scam emails are also often used to con you into paying money for fake get-rich-quick offers, prize or lottery wins or fraudulent or poor quality goods.

Be very suspicious of emails from people or businesses you don't know, particularly ones that promise you money, good health or a solution to all your problems. Anything that looks too good to be true usually is. Be suspicious of unexpected emails from your bank or financial institution. Remember banks don't do business via email and never ask for confidential information via email.

Scammers put a lot of time and money into making emails and websites look real. Don't be fooled. Be suspicious and stay safe!

Top tips

  • Be very suspicious of emails from people you don't know, particularly if they promise you money, good health or a solution to all your problems. The same applies for websites. Remember, anything that looks too good to be true usually is.
  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
  • Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Read more on securing you computer.
  • Don't email personal or financial information.
  • Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message or paste a link from the message into your Web browser.

On this page

  • What to look for
  • Steps to avoid online scams and hoaxes
  • Avoid being hooked by phishing (hoax) emails
  • Be careful with email attachments
  • Worried that you have been caught by a scam?

Fact sheets and resources


nThe SCAMwatch website has information for consumers on recognising scams and common scams. You can report a scam or hoax on the website or to the ACCC Infocentre on 1300 302 502.

The little black book of scams

The little black book of scams highlights a variety of popular scams that regularly target Australian consumers and small business in areas such as fake lotteries, internet shopping, mobile phones, online banking, employment and investment opportunities. It also offers consumers tips on how to protect themselves from scams, what they can do to minimise damage if they do get scammed and how they can report a scam.

This link opens a document in Portable Document File format (PDF)Little black book of scams.pdf (2.4 MB)

Take the Spam Quiz!Spam Quiz - Don't be caught out by scams. Take the quiz and make sure you know how to stay smart online.

thumb-phishingPhishing Quiz - Know a Phishing attack (hoax email) when you see one? Try the phishing quiz and make sure you don't take the bait.

What to look for

Be very suspicious of emails and websites from people or companies you don't know, specifically ones that promise you money, good health or a solution to all your problems.

Be just as wary about this type of email or website as you would about a telephone call or letter from an unknown source that makes unusual promises or asks you for personal or financial details.

Remember, anything that looks too good to be true usually is.

Steps to avoid online scams and hoaxes

Delete suspicious emails and leave websites that:

  • ask you to provide your banking details or similar requests for personal information or promise you money
  • present hard luck or exotic stories telling you that you can share in hidden millions of dollars, or
  • offer you a job where you need no qualifications, but just ask for a bank account for money transfers.

Remember:

  • Never provide personal details via emails or links from emails. If you are unsure, double check by telephone with the company or institution.
  • Never follow the links in spam emails these could lead to downloading unwanted viruses or spyware.
  • Ensure that you have up-to-date anti-virus and anti-spyware software installed on your computer. Install a firewall on your computer and make sure it is activated. You could also consider using a spam filter. For more information see Secure your computer.

Avoid being hooked by phishing (hoax) emails

Phishing emails (pronounced fishing) are fraudulent email messages used to trick you into disclosing personal data such as bank account details, passwords or credit card numbers. This information is then used to withdraw money from your account or make unauthorised purchases.

These fraudulent messages appear to come from legitimate businesses such as banks and other financial institutions, but may also appear to come from your Internet Service Provider, a government agency, your university (if you are a student), or from another web mail provider separate to your ISP.

Steps to avoid being hooked

  • Learn to recognise phishing emails. These emails give themselves away by telling you that there is some reason why you must provide personal details your internet banking log-on, password, credit card number or PIN by reply email or through a website.
  • These emails often try to create a sense of urgency by saying things like:
    • 'your account will be closed down unless you log on'
    • 'a recent security upgrade means that you have to log on to be protected', or 
    • 'a large sum has been debited to your account and you need to provide your account details to confirm that the charge is incorrect.'
  • It is common for phishing emails to contain links to a website that is a convincing replica of your financial institution's home page. Always type your financial institution's website address into your browser. Never use a link to your bank or credit union that has been sent to you in an email-it might be a phishing website.
  • Follow the guidelines for how to secure your computer especially the advice on passwords, anti-virus and anti-spyware software and firewalls. 

Be careful with email attachments

Before opening any email attachments, be sure you know the source of the attachment. It is not enough that the mail originated from an address you recognise. The Melissa virus spread precisely because it originated from a familiar address. Malicious code might be distributed in amusing or enticing programs.

  • If you must open an attachment before you can verify the source be sure your virus definitions are up-to-date. Save the file to your hard disk and scan the file using your anti-virus software before opening it.
  • For additional protection, you can disconnect your computer's network connection before opening the file.

Worried that you have been caught by a scam?

Contact your financial institution immediately.

You can also report it to the Australian Securities and Investments Commission (ASIC) on their FIDO - Financial tips and safety checks website