Requests for account information (phishing)
Phishing for your details
You get an email, text message or phone call out of the blue
from someone saying they are from your bank. They say there is a
problem with your account and ask you to give them your account
details or click on a link. If you do, the scammer can use your
information to steal money from your bank account. This is a
typical phishing scam.
Here are some tips on how to spot a phishing scam, how to avoid
falling victim, and what to do if money has been stolen from your
How phishing scams work
Phishing emails, text messages or phone calls come from scammers
pretending to be a bank, financial institution, phone company or
even a university or government agency.
If it is an email that you receive, everything on the email will
look like the 'real deal', from the web address to the logo and
The links provided will be to a fake website scammers have
created. The website will even have a similar web address to the
bank's real website.
The scammer wants you to give them your personal
details, bank account numbers, credit card numbers and most
importantly, your passwords.
The email may ask you to download their security software, which
is really a trojan virus. The virus could infect your computer and
give someone else control of it. It could also track your key
strokes to get your user names and passwords.
Warning signs of phishing
The email or text message you receive is definitely a phishing
scam if it:
- claims to be from a bank or company that you do not have an
- contains a link that leads you to a website where you are asked
to enter your bank account details
- says your details are required for security and maintenance
upgrades or to 'verify' your account
- says you are due to receive a refund for a fee that you were
A legitimate bank or financial institution will never ask you
for your personal details via email or text message.
The email or text message could also be a phishing scam if
- does not address you by your full name
- has spelling errors or grammatical mistakes
- is a survey that offers you a reward or prize for filling it
Phishing scams and threats
Scammers can also pretend to be from a well-known organisation
or government department and try to scare you into parting with
your personal information or money. They may threaten you with
fines, or say they will disconnect your internet, take you to
court, arrest or even deport you.
Don't be pressured by these threats. Instead, just hang up (if
they have called you) and check whether their story is real by
contacting the organisation using contact details you find through
an independent source, like a phone book or online search. Don't
use the contact details the caller gives you, or that they include
in their email.
Example of a phishing scam
Here is an example of the wording used in a phishing scam:
'Your account has been suspended
(reason: terms of service violation). Although your account has
been suspended your data may be available for 24 hours, after which
it will be deleted. If you think this suspension is an error
click here as soon as possible.
Your account will be
automatically activated after security details are confirmed. We
will consider terminating access to your saved fund if you fail to
verify that you are the rightful holder of this
How to protect
yourself from phishing scams
Here are some simple tips to protect yourself from phishing
If you are called by a bank or other company, there is no way
you can know they are really who they say they are unless you look
them up in the phone book and call them yourself.
- Don't click on links or open attachments in emails or texts
from people you don't know
- Never send money or give your personal, credit or banking
details to anyone over the phone unless you made the phone call and
know that the phone number is the right one.
- Do not send your personal or banking details to anyone via text
message or email.
- Always delete emails you think could be from a scammer - never
- Never call a phone number you see in a spam email or text
- Be wary of entering your personal, credit or banking details
into any website. Always make sure that the website is
- Never respond to a threatening voicemail that demands you call
someone back - especially if they claim to be from a well-known
organisation or government agency. Find the company's phone number
in the phone book or internet and call them to check if they really
For other ways to protect yourself from scams, go to our avoiding
scams and identity fraud webpages.
What to do if you have been
Here are some things you should do if you think you have been
the victim of a phishing scam or if you have received a phishing
email, text message or phone call:
- Check your bank account for any suspicious transactions.
- Call your bank (or the business the scam is pretending to
represent) to report the scam.
- Ask the bank or company to freeze your accounts if the scammer
has accessed any money
- Scan your computer for viruses.
- File a police report if the scammer has accessed any
- Get a free copy of your credit report. This will allow you to
check that no-one is using your name to borrow money or run up
- Warn your family and friends about the scam.
With one in 12 Australians falling victim
to various scams or personal fraud every year, we all need to be
vigilant about phishing scams.
Last updated: 10 May 2018