Requests for account information (phishing)

Phishing for your details

You get an email, text message or phone call out of the blue from someone saying they are from your bank. They say there is a problem with your account and ask you to give them your account details or click on a link. If you do, the scammer can use your information to steal money from your bank account. This is a typical phishing scam.

Here are some tips on how to spot a phishing scam, how to avoid falling victim, and what to do if money has been stolen from your account.

How phishing scams work

Phishing emails, text messages or phone calls come from scammers pretending to be a bank, financial institution, phone company or even a university or government agency.

If it is an email that you receive, everything on the email will look like the 'real deal', from the web address to the logo and message format.

The links provided will be to a fake website scammers have created. The website will even have a similar web address to the bank's real website.

The scammer wants you to give them your personal details, bank account numbers, credit card numbers and most importantly, your passwords. 

The email may ask you to download their security software, which is really a trojan virus. The virus could infect your computer and give someone else control of it. It could also track your key strokes to get your user names and passwords.

Warning signs of phishing scams

The email or text message you receive is definitely a phishing scam if it:

  • claims to be from a bank or company that you do not have an account with
  • contains a link that leads you to a website where you are asked to enter your bank account details
  • says your details are required for security and maintenance upgrades or to 'verify' your account
  • says you are due to receive a refund for a fee that you were mistakenly charged.

Smart tip

A legitimate bank or financial institution will never ask you for your personal details via email or text message.

The email or text message could also be a phishing scam if it:

  • does not address you by your full name
  • has spelling errors or grammatical mistakes
  • is a survey that offers you a reward or prize for filling it in.

Phishing scams and threats

Scammers can also pretend to be from a well-known organisation or government department and try to scare you into parting with your personal information or money. They may threaten you with fines, or say they will disconnect your internet, take you to court, arrest or even deport you.

Don't be pressured by these threats. Instead, just hang up (if they have called you) and check whether their story is real by contacting the organisation using contact details you find through an independent source, like a phone book or online search. Don't use the contact details the caller gives you, or that they include in their email.

Example of a phishing scam

Here is an example of the wording used in a phishing scam:

'Your account has been suspended (reason: terms of service violation). Although your account has been suspended your data may be available for 24 hours, after which it will be deleted. If you think this suspension is an error click here as soon as possible.

Your account will be automatically activated after security details are confirmed. We will consider terminating access to your saved fund if you fail to verify that you are the rightful holder of this account.' 

How to protect yourself from phishing scams

Here are some simple tips to protect yourself from phishing scams: 

Smart tip

If you are called by a bank or other company, there is no way you can know they are really who they say they are unless you look them up in the phone book and call them yourself. 

  • Don't click on links or open attachments in emails or texts from people you don't know
  • Never send money or give your personal, credit or banking details to anyone over the phone unless you made the phone call and know that the phone number is the right one.
  • Do not send your personal or banking details to anyone via text message or email.
  • Always delete emails you think could be from a scammer - never open them.
  • Never call a phone number you see in a spam email or text message.
  • Be wary of entering your personal, credit or banking details into any website. Always make sure that the website is genuine.
  • Never respond to a threatening voicemail that demands you call someone back - especially if they claim to be from a well-known organisation or government agency. Find the company's phone number in the phone book or internet and call them to check if they really called you.

For other ways to protect yourself from scams, go to our avoiding scams and identity fraud webpages. 

What to do if you have been scammed

Here are some things you should do if you think you have been the victim of a phishing scam or if you have received a phishing email, text message or phone call:

  1. Check your bank account for any suspicious transactions.
  2. Call your bank (or the business the scam is pretending to represent) to report the scam.
  3. Ask the bank or company to freeze your accounts if the scammer has accessed any money
  4. Scan your computer for viruses.
  5. File a police report if the scammer has accessed any money.
  6. Get a free copy of your credit report. This will allow you to check that no-one is using your name to borrow money or run up debts.
  7. Warn your family and friends about the scam.

With one in 12 Australians falling victim to various scams or personal fraud every year, we all need to be vigilant about phishing scams.


Related links


Last updated: 10 May 2018