Need to know
- Impersonation scams are one of the most common types of scams targeting Australians
- Scammers are posing as trusted businesses, government services and even loved ones in order to get your money and personal information
- For Scams Awareness Week 2023, we're sharing advice on how to spot and report impersonation scams
Impersonation scams are one of the most common types of scams targeting Australians and the chances are you've come across this type of scam yourself recently.
When we surveyed consumers in June, 52% told us they believe they're being targeted by some form of scam every week and the latest ACCC data suggests phishing impersonation scams are the most reported type of scam so far this year.
The focus of this year's Scams Awareness Week is on preventing these types of impersonation scams.
Here, we're sharing advice on how to spot impersonation scams and what to do if you encounter or lose money or personal information to one.
On this page:
- What are impersonation scams?
- How to spot an impersonation scam
- How to minimise your risk
- How to report an impersonation scam
A text message seeming to come from a trusted organisation that includes a link is a sign of a potential impersonation scam. Image: supplied.
What are impersonation scams?
Impersonation scams are when scammers pose as trusted businesses, government agencies, family members or friends in order to steal your money or personal information.
Impersonation scammers use technology to make it seem like their text or social media messages, emails, phone calls or websites are coming from these trusted groups or individuals, to make it more likely that you'll send them your money or information.
For example, they may send text messages that use the sender ID of a real business or organisation, so that their text messages appear under older, legitimate messages from that trusted entity. Or they might create a webpage that closely mirrors that of a major retailer.
To learn how scammers can do this, check out our deep dives on bank impersonation scams and fake shopping sites.
Once they've gained your attention and trust, they'll often then deploy offers of cheap products, time-limited money making opportunities, threats of arrest, pleas for help and myriad other techniques to get you to send them money or information.
How to spot an impersonation scam
Here are some of the common hallmarks of an impersonation scam:
- An organisation you trust, such as a government agency or your bank, contacting you and urging or threatening you to do something quickly, such as updating your personal details, transferring money or downloading software.
- A message from a government agency asking you to pay for services that are usually free, such as processing a tax refund.
- A message from someone you know, in which they claim they have new contact details, or ask for payment to a new bank account.
- A text message or email appearing to be from a trusted institution that includes links it's asking you to click on (government agencies such as the ATO and major banks will never do this).
- A link you've been sent leading to a webpage that asks for personal information or banking details.
- A shopping website purporting to be a major retailer advertising significant discounts on all items.
- A website claiming to represent a major brand or government agency that has an unusual or overly-complicated URL and poor design (links that don't work or text that seems irrelevant or doesn't make sense, for example).
- An SMS message that appears under legitimate texts you've received from business or government, but has different wording or phrasing to the previous messages, or includes different contact details.
- A phone call from someone claiming to represent your bank, asking you to transfer your money and sending SMS messages to your phone as proof of legitimacy.
- A business you've paid before asking you to use a different bank account number and BSB from the last payment you made with them.
How to minimise your risk
1. Protect your assets and personal information
If you suspect a communication might be from a scammer, don't provide them with any money or information.
If you've already sent them money, contact your financial institution or payment platform as soon as possible. If you've given away personal information, contact IDCare to get advice on securing your identity credentials.
Do not click on any links or call any phone numbers a suspected scammer has sent you and do not download any apps or attachments they ask you to install on your device.
Scammers will often continue to ask for money or information (even after you've already given them some), so it's also a good idea to break off contact with the person and not respond to their messages.
You can try blocking the number an impersonator has used to call or message you, but be aware sophisticated scammers can change the caller and sender IDs they're using. For tips on dealing with nuisance calls, check out our guide.
If you're receiving suspicious messages from a relative, try to reach them using a different method, such as social media or a number you've used before. Image: supplied.
2. Verify the contact
Scammers can create fake email addresses, phone numbers and SMS sender IDs that make it seem as if their messages are genuine, so if you want to check if something's a scam, you should circumvent these and independently verify what you're being asked to do.
If you're being contacted by someone purporting to represent a business or government agency, contact the organisation using details you've found yourself, such as by searching online.
To prevent scammers impersonating their employees over the phone, some banks have established systems customers can use while they're on a call with staff to verify that it's legitimate.
The Commonwealth Bank, for example, offers CallerCheck, which triggers an alert in the customer's CommBank app if they want assurance that a call from the bank is the real deal.
If you're receiving suspicious messages from someone you know, such as a family member or friend, try to reach them using a different method, such as social media or a number you've used before.
Throughout this process, avoid clicking on any links the suspected scammer has sent you and immediately cut off contact with anyone who tries to threaten or intimidate you.
Verifying before you buy
Fake shopping websites are a common tool used by impersonation scammers. If you think a shopping site might be a fake, there are a couple of steps you can take to get a better idea of how legitimate it is.
Look at the products and their prices and see if they're too good to be true – impersonation shopping sites often offer unusually large discounts (up to 80%) on many of the items they're selling.
Also take a close look at the URL. Scammers building a fake site will try to make the URL look as close to that of the real brand as possible, but often end up including words and formatting that seem unnecessary for the web address of an established business.
Other tell-tale signs include poor-quality content, including typos in the text, badly phrased language or dodgy-looking design, links that don't work and unusual payment methods. Learn more with our guide to spotting a scam website.
How to report an impersonation scam
If you've lost money to an impersonation scam, contact your financial institution or payment platform straightaway. If you've lost personal information, seek support from IDCare.
Report all impersonation scams (even if it's a near miss and you haven't lost any money or information) to ACCC's Scamwatch.
If you have lost money or personal information to an impersonation scam, lodge a report with ReportCyber, a portal run by the Australian Cyber Security Centre. Reports taken through the portal are passed onto the police.
If a scammer has impersonated the ATO, you can also report it to the tax office, and if they've pretended to be from myGov, Centrelink or another government service, contact Services Australia to report it and get support.
If a scammer has posed as a professional financial service provider (including anyone spruiking investment, superannuation or crypto solutions), you can report the misconduct to ASIC.
If you've come across a scam shopping website, alert other consumers by posting on online forums such as Google Reviews or TrustPilot, or by commenting on the legitimate retailer's official social media page, which will also alert the business being targeted.
For more information on support options available following a scam, see our advice on what to do if you've been scammed.
Stock images: Getty, unless otherwise stated.