Phishing scams

Protect your identity from phishing scams, and get help if cyber criminals get your personal information.

On this page

A phishing scam is when scammers trick you into sharing your personal information. They will steal your information, money or identity and use them to commit crime.

The scammers will contact you via email or text messages and pretend to be from a legitimate business (such as a bank or service provider).

About email scams and phishing

The scammers will try to get you to click on links in their emails and texts. This allows them to steal your personal or financial details, such as:

  • online banking details
  • passwords and logins
  • credit card numbers.

Cyber criminals sometimes make their emails and texts highly targeted to the victim. This is called spear-phishing.

Advice to protect yourself from phishing scams

Phishing scams can be tricky to recognise. Make sure that the sender and the contents of the email are genuine before you click on any links:

  • check the email is addressed to you
  • look up the company online or call them to confirm they contacted you
  • check that hyperlinks go to a genuine, safe website by hovering your mouse over it
  • if you don't recognise the website when you hover on the link in your message, don't click on it
  • check for any spelling mistakes
  • notice faded or blurry images or company logos.

If you think you have been affected by a phishing scam

If you think you have clicked on a suspicious link from a phishing text or email, you should act fast.

Protect your personal information

Ensure your personal accounts are safe:

  • contact your bank or financial institution immediately to let them know about the scam.
  • change your banking passwords on any compromised accounts.
  • contact other services where your personal information could be used to access your accounts (such as the Australian Taxation Office or Services Australia)

Report a phishing scam to your service providers

Let your online service providers know about your phishing experience.

  • report the scam to your email or telecom provider
  • report the scam to the platform if you received the message on social media.

If your device has been hacked as a result of a phishing scam

If you have clicked on a suspicious link and accidentally installed malicious software on your device, you should:

  • find out what to do by using the ACSC’s ‘Have you been hacked?’(opens in a new window) application
  • visit IDCARE or call them on 1800 595 160. They will help you with free, confidential advice on how to minimise the effects of identity theft and keep your online accounts safe.
  • consider saving important files to external data storage and performing a factory reset on the affected device
  • block the sender
  • delete the message or email.

Report a phishing scam

If you have been affected by a phishing scam or a related incident, you should report it to police at ReportCyber.

In an emergency, always call Triple Zero (000)(opens in a new window).

To help disrupt and follow scam trends, warn others about new scams, and receive advice and support, report your experience to Scamwatch.

To find out more about reporting cybercrime visit Report online abuse, cybercrimes, fraud and scams.

Updated

Back to top