Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

How to spot a scam – and what to do about it

Here are some of the key things to look out for, and what you can do if you think you’ve come across a scam.

Scammers are regularly coming up with new ways to try to steal your personal information and money through email, websites, texts, social media and phone calls. While scams are often changing, there are some things they may have in common.

 

If anything seems even a tiny bit strange, treat it as a scam and speak to your parents or a trusted adult.

 

To help you stay alert, we’ve put together some information on different types of scams.
 

7 signs that it might be a scam

Urgency

Scammers create a sense of urgency to play with your emotions and make you feel like you need to act straight away.

 

For example, you could get a text message or a direct message on social media from someone who appears to be a friend or family member saying they are in a tricky situation and need your help straight away. They might ask for your bank details or for you to transfer money urgently to help them out.

 

Or, it could be a text or message saying your social media profile or some type of account will be shut down or suspended if you don’t take immediate action.

 

You could also come across a seller on an online marketplace who is posting to say they have an emergency, and they need to sell their item as soon as possible.

Requests for your personal information

Not all scams have a grand or timely offer – some might simply request your personal information.

 

Any time a business or person contacts you and asks you to provide your information you should be very cautious, particularly if you aren’t expecting the contact, or you didn’t start the conversation.

 

Credible organisations will allow you to contact them back through a trusted method (like the phone number listed on their official website or app, or a number on the back of your card) and would never insist you provide your details to them when they reach out.

 

Even if the request appears to be from a friend or family member – never provide any sensitive information over a message. 

Strange or misspelt email addresses

If you suspect that an email or text message is a scam – look closely at the information about the sender.

 

Most email providers (like Gmail , Yahoo or Outlook) will have a little arrow or symbol at the top that you can tap or click on to show additional information.

 

You should also check the sender details: Do you recognise the email? If it is from a business, is the business name spelled correctly? Is it a big business using a service like Gmail or Yahoo?

 

If you don’t recognise the email, the email address just doesn't seem right, or the email address is spelled differently from what you would expect (e.g. david@h0tmail.com), you should be suspicious.

 

One very important thing to be aware of is “spoofing” – which is when someone can make it look like they are sending an email from an official address or someone you know.

 

So even if you’ve looked online and the email address looks official, or is already in your address book, this may not be the case. If you are unsure – contact the business or individual directly using another method.
 

The ‘From’ details are unfamiliar.
 

The email requests urgent action –
this is an attempt to rush you to take action before thinking careful.
 

There are instructions to clink on a link, pop-up or attachment 
that you don't recognise and seems suspicious.
 

A different website address than you would expect appears when you hover.
 

Spelling errors and strange wording 

Read the message carefully. In general, does it seem professional and sound like the person or brand who is contacting you? If it is a big business, does the email contain obvious spelling or grammatical errors, or overly friendly language?

 

Companies can make small mistakes but, in general, they work hard to make sure their communications are professional and tidy, so any big mistakes or strange wording are red flags.

Requests to click links or download attachments

Be very wary of any message or email asking you to click a link or download something – especially with urgency. Don’t follow these instructions and talk to a trusted adult or parent.

 

Often these links or files can contain malware, which is software designed to infect your device and allow the scammer to take it over or access information in your web browser or files.

 

Links can also direct you to a phishing site that may look like a genuine website but is designed to capture any personal or banking information you enter. 

Offers that are "too good to be true"

Messages telling you that you’ve won a competition or prize are something to be suspicious about. These could be in an email, text, direct message on social, website pop-up, or even phone call.

 

You might also be told about a really cool job like acting or being a brand ambassador. Or it could be an offer for an unrealistic discount, or a low price for an expensive brand or item – like “a brand-new smartphone for just $50!”.

 

Scammers create these exciting situations to make you feel like you can’t miss out.

 

Ignore the temptation and assume it is a scam.

Text or emails from people not in your address book or contacts list (but acting like they are)

We talked about spoofing above, which is when someone uses tricks to make it look like they are emailing or texting you from an account you recognise. Here are a few other examples of fakery:

 

  • Texts from an unknown number. This could be someone claiming to be a friend or a family member who has lost their phone or gotten a new phone number. This message may also include an urgent request for money or help.

  • Texts from a business that come up as a random number they haven’t contacted you with before. Look online and see if this number is legitimate.

  • Friend requests on social media from people you are already connected with.
     

Steps to take when you think you’ve spotted a scam

  • Don’t reply.

  • Don’t click or download anything.

  • Let your parents or a trusted adult know.

  • Never, ever share your password or any personal information.

  • If it’s supposedly from a company, do some research –  go onto a search engine and find their official website and phone number and contact them directly yourself.

  • If it seems to be a friend or relative, contact that person directly using another method and don’t reply directly to the suspicious message.

  • Change your passwords regularly – and use a different one on every site.

  • Check your phone and computer for apps or programs you haven’t installed.

  • Scan your computer with antivirus software.

  • If you have a bank account, monitor your statement regularly to spot any strange activity. When you bank with Westpac, the Westpac App allows you to see your transactions on the go, and even has a Look Who’s Charging feature that provides you with more information about the business and payment. 

 

  • Report it. Contact your bank to report any transactions that look unusual as soon as you spot them. You can also report any type of scam with the Australian Cyber Security Centre.
     

If you think you’ve received an email or an SMS pretending to be Westpac, forward it to hoax@westpac.com.au or send it to 0497 132 032 . Don’t click on anything in the email or SMS or reply to it. Once you’ve forwarded it to us, delete the message.

Activity: Spot the suspicious parts of this email

Have a look at the below email and find what you think makes it a scam. Then, keep scrolling to review the answers.

Answers

The email address: Company emailing from a generic email address that does not include the company name. 
 

The subject line: Urgency and threat of account closure without explanation.
 

The greeting: Not personalised and unusual formatting.
 

The issue: No detail provided – not even the name of the company or the type of your account.
 

The text: Contains spelling errors.
 

The ask: Telling you to click a link with urgency and requesting personal information.
 

The threat: Another generic threat to close your account.
 

The sign off: No company signature or  information.
 

The link: Button to “login” to your account – this should be treated as suspicious and should not be clicked. Messages from banks or other legitimate companies will never ask you to click a link or button, to access your account details.
 

Final note:

Not all scam emails will have all of these warning signs, but it is good to be aware of some of these common traits.

 

Always be on alert, as scammers are always coming up with new ways to take advantage of people.

 

It is always safest to ignore the email or message and contact the company directly through another method.

 

Speak to your parents or a trusted adult if you ever have any questions or concerns about a website, message or person online.

 

You can also visit our Security Hub to stay on top of the latest scams that may be affecting Westpac customers.
 


You may find these useful

Common types of scams and fraud

7 common tricks you need to be aware of.

How to pay for things safely online

Read our guide to keep you and your money safe.

Different ways to pay for things

Count all the different ways you can pay for things today.

Things you should know

This information is general in nature and has been prepared without taking your objectives, needs and overall financial situation into account. For this reason, you should consider the appropriateness for the information to your own circumstances and, if necessary, seek appropriate professional advice.


Westpac’s Online Banking Security Guarantee
- If your Westpac account is compromised as a result of online fraud, we guarantee to repay any missing funds, providing you comply with our Online Banking Terms and Conditions. This includes keeping your sign-in details (including passwords, Westpac Protect™ SMS codes and SecurID® Token codes) private. You must inform us immediately if you suspect the security of your access details has been compromised, or you suspect an unauthorised transaction or potential fraud on your accounts.