Ten tips to help you stay ahead of online scammers

Investment scams have resulted in significant total losses so it’s worth being aware of the common tactics scammers use.  

Other frequent types of fraudulent activity included romance scams, payment redirection, remote access, and phishing – where a scammer sends messages pretending to be from a reputable firm or a government service to obtain personal information. 

Scams involving crypto ATMs, SIM swapping and compromised business email addresses have also been on the rise in recent months. Here’s what to look out for.  

There are now more than 1,100 crypto ATMs in Australia^, which allow people to buy or sell cryptocurrencies, such as Bitcoin, using cash or debit cards. 

Reports of crypto ATMs being used to transfer funds to scammers have risen internationally and in Australia in recent years, with older investors three times more likely to be affected.  

In many cases, the scammer impersonates a government or business. The intended victim may be provided with a code to deposit funds to a Bitcoin wallet. However, crypto ATMs don’t offer a way to verify who that wallet belongs to, leaving people vulnerable to making deposits into a fraudulent account. 

Cryptocurrency transactions cannot be reversed, so if you're using a crypto ATM to buy or deposit cryptocurrency, make sure you use an address or account that you control. 

SIM swapping may involve a scammer tricking a mobile phone carrier into believing the intended victim has lost their phone. 

If the mobile carrier transfers the personal information associated with that person’s SIM card to a new number, this gives the scammer access to text messages that may enable them to access one-time pin codes sent by SMS that are intended to verify the victim’s identity. 

 
Signs of SIM jacking include a sudden loss of access to the network – for example, when an SOS message appears at the top of your screen, a phone that stops working, or receiving a message stating a mobile number is about to be swapped to a new one. 

It may be possible to set up a special PIN with your mobile carrier to avoid unauthorised SIM swapping.

In these scams, criminals impersonate legitimate businesses. They send fraudulent emails to trick victims into transferring funds to scammers' bank accounts. They may alter email addresses to closely resemble legitimate ones, or they may use compromised accounts to make the messages look authentic.

In property and real estate transactions, this may involve inserting false bank details for settlement payments, causing victims to unknowingly transfer money to the wrong account.

There will always be scammers out there, but just as you might lock your front door when leaving the house, here are some simple steps you can take to help  keep them away from your savings and investments in 2025. 
 

1. Update your sensitive passwords regularly

Ensure that the passwords for your MyGov, bank, and your email accounts are strong and unique – and change them every three months at least.  

 
2. Enable Multi Factor Authentication (MFA)

MFA strengthens security by requiring you to verify your identity through multiple methods, which may include something you know (like a password), something you have (like a phone or hardware token) and something you are (like a fingerprint or facial recognition). This makes it much harder for scammers to gain access to your money. You’re protected by MFA when you use the CFS mobile app and FirstNet. 
 
3. Conduct a digital cleanse

Regularly remove old or sensitive files and emails from your computer and email accounts so that information can’t be accessed by an unauthorised user. 

 
4. Install a password manager

A password manager securely stores your passwords and can generate strong, unique passwords for each of your accounts.

 
5. Install Internet security apps

Protect your mobile and computer with Internet security apps, such as anti-malware and anti-virus software, which can detect and block malicious activities.

 
6. Guard against physical access

Shred any personal documents you no longer need and secure your mailbox with a lock to stop identity thieves from accessing sensitive information in discarded documents or stolen mail.

 
7. Sign up to a credit bureau

Monitoring your credit profile can help you spot signs of identity theft early. Consider placing a freeze or proactive alert on your profile to prevent fraudsters from opening accounts in your name.

 
8. Avoid clicking on links

Always manually enter business websites and phone numbers from their official websites to reduce your risk of falling victim to phishing scams. 
 

9. Pause before you act 

Take a moment to verify the legitimacy of any urgent requests. Use the ASIC scam register or Scamwatch to check if you could be the target of a known scam. Scammers often use urgency to pressure people into making hasty decisions. 
 

10. Don’t offer easy access 

Public Wi-Fi networks are often insecure, so don’t use them for sensitive transactions and always log out of browser windows on your devices when you are finished.

 

If at any time you think you may have been targeted by scammers or the subject of fraud, please contact us on 13 13 36 and change your passwords. Also visit Australia and New Zealand’s national identity and cyber support service IDCARE which can help you if you’ve been hacked or scammed.