Go to top of page

SMS Phishing targets customers of Australian banks

Priority Level: 
11 July 2017

Stay Smart Online has recently received several reports of SMS phishing scams targeting customers of Australian banks. Scammers have been reported impersonating the Commonwealth Bank, National Australia Bank (NAB) and the Bendigo bank and it is possible that other banks have also been impersonated.

What to do now

If you received an SMS message from an Australian bank asking you to click on a link and enter personal details, do not click on the link. Forward the message to your bank and then delete it.

If you have clicked on a link or responded to one of these messages, contact your bank or financial institution immediately.

If you believe you have been the victim of a crime, such as fraud in this case, report it to your local police. We also encourage you to report the scam to SCAMWatch and ACORN (Australian Cybercrime Online Reporting Network).


Phishing occurs when criminals send deceptive messages to try to steal confidential information, such as online banking or credit card details, or other sensitive information that can be used for identity theft or fraud.

They will often impersonate familiar and trusted businesses to increase their chance of success, as in this case where they have impersonated Australian banks.

These deceptive messages can be sent via email, SMS, instant messaging or even social media platforms.

Several different forms of these deceptive messages are in circulation. In the NAB and Bendigo bank examples, users received an SMS message stating that their account was locked and provided a link to a site where they could verify their details,

In the Commonwealth bank example, users were asked to verify their login details and personal verification questions for an update.

It’s important to note that these are only examples and other malicious messages are likely to be in circulation. For examples of different types of SMS phishing messages reported by banking customers, see the Commonwealth bank website.

Staying safe

Your bank or financial institution will never send you a message with a link asking you to confirm or verify your personal banking information.

Be wary of any unexpected message you receive that contains a link for verifying confidential information and don’t click the link.

To protect your accounts when banking online, consider using two-factor authentication whenever available. Learn more about two-factor authentication.

More information

Stay Smart Online has more information on steps you can take to protect yourself from phishing and what to do if you’ve been the victim of an online scam.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.