Requests for account information (phishing)

Phishing for your details

You get an email, text message or phone call out of the blue from someone saying they are from your bank. They say there is a problem with your account and ask you to give them your account details or click on a link. If you give them these details, the scammer can use the information to steal money from your bank account. This is a typical phishing scam.

Here are some tips on how to spot a phishing scam and what to do if money has been stolen from your account.

How phishing scams work

Phishing emails, text messages or phone calls come from scammers pretending to be a bank, financial institution, phone company or even a university or government agency.

If it is an email that you receive, everything on the email will look like the 'real deal', from the web address to the logo and message format.

The links provided will be to a fake website scammers have created. The website will even have a similar web address to the bank's real website.

The scammer wants you to give them your personal details, bank account numbers, credit card numbers and most importantly, your passwords. 

The email may ask you to download their security software which is really a trojan virus. The virus could infect your computer and give someone else control of it. It could also track your key strokes to get your user names and passwords.

Warning signs

Smart tip

A legitimate bank or financial institution will never ask you for your personal details via email or text message.

The email or text message you receive is definitely a phishing scam if it:

  • Claims to be from a bank or company that you do not have an account with
  • Contains a link that leads you to a website where you are asked to enter your bank account details
  • Says your details are required for security and maintenance upgrades or to 'verify' your account
  • Says you are due to receive a refund for a fee that you were mistakenly charged

The email or text message could also be a phishing scam if it:

  • Does not address you by your full name
  • Has spelling errors or grammatical mistakes
  • Is a survey that offers you a reward or prize for filling it in

Example of a phishing scam

Here is an example of the wording used in a phishing scam:

'Your account has been suspended (reason: terms of service violation). Although your account has been suspended your data may be available for 24 hours, after which it will be deleted. If you think this suspension is an error click here as soon as possible.

Your account will be automatically activated after security details are confirmed. We will consider terminating access to your saved fund if you fail to verify that you are the rightful holder of this account.' 

Protecting yourself

Smart tip

If you are called by a bank or other company, there is no way you can know they are really who they say they are unless you look them up in the phone book and call them yourself. 

Here are some simple tips to protect yourself from phishing scams. 

Action you can take

When accessing websites:

  • Don't use the links provided in emails or texts - type the address into your browser
  • Check the website address carefully to make sure it is correct

Things to avoid

  • Don't send money or give your personal, credit or banking details to anyone unless you made the phone call and know that the phone number is the right one
  • Don't send your personal or banking details to anyone via text message or email
  • Don't open any email that you think could be from a scammer - delete it
  • Don't click on any links in a suspicious email or open any files attached to it
  • Don't call a phone number that you see in a spam email or text message
  • Don't enter your personal, credit or banking details into a website if you are not absolutely sure the website is genuine

For other ways to protect yourself from scams, go to our avoiding scams and identity fraud webpages. 

For more information on online scam protection, see the Australian Goverment publication Protecting yourself online.

What to do if you have been scammed

If you think you have been the victim of a phishing scam or if you have received a phishing email, text message or phone call you should:

  1. Check your bank account for any suspicious transactions
  2. Call your bank (or the business the scam is pretending to represent) to report the scam
  3. Ask the bank or company to freeze your accounts if the scammer has accessed any money
  4. Do a virus scan on your computer
  5. File a police report if the scammer has accessed any money
  6. Get your credit report from one of these reporting agencies: MyCreditFile.com.au (Veda), CheckYourCredit.com.au (Dun and Bradstreet) and Tasmanian Collection Service (see credit reports). This allows you to check that no-one is using your name to borrow money or run up debts.
  7. Warn your family and friends

With one in 20 Australians falling victim to various scams or personal fraud every year, all Australians should be vigilant about phishing scams.


Related links


Last updated: 29 Apr 2016