Cyber risk - protecting yourself online from scams

“My password has been hacked again. That’s the third time I’ve had to rename the dog.”

Cyber scams are a pervasive threat in the digital world and their impact can be devastating.

The average amount of money lost to cyber-crime is $20,000.1 For some, scams can even mean the loss of an entire life’s savings. Cyber-crime can be hard to identify and difficult to stop once it is underway.

From deceptive emails and texts to fake websites and advertisements, our online world is awash with attempts at fraud aiming to trick us into divulging sensitive information or sending money.

But by understanding the nature of these kinds of threats, staying alert to attempts at fraud, and adopting best practices for online safety, it is possible to protect yourself and your loved ones from loss.

This guide explains the main types of online scams you may come across and offers the latest best practice thinking on how to keep yourself safe.

What is a scam?

A scam is when someone tricks you out of your money2.

Scams can take many forms – from something as simple as being tricked into making a payment to something as complex as someone gaining control of your personal information and passwords.

One of the common types of fraud in wealth management is identity fraud,3 which involves stealing personal information to impersonate someone for financial gain.

This can be achieved offline through stealing a handbag or wallet or using telemarketing cold calls purporting to be from a bank, the ATO, or an internet service provider.

More commonly, theft of personal identification information occurs online through fraudulent emails and text messages pretending to be from a familiar organisation, fake banking and payment websites, or malicious software code that takes information from computers. And increasingly, personal information exposed in a data breach can lead to identity theft and fraud.

Compromising a person’s identification information is just the start for criminals.

Once a criminal has access to an identity, they can use it for accessing and operating accounts, withdrawing money, or making requests for early releases of superannuation. This can have serious consequences, including financial loss and emotional harm.

Summary of the main types of scams4

  • Identity theft and fraud: stealing personal information to impersonate someone for financial gain, like credit card fraud.

  • Phishing and social engineering: deceptive practices to trick individuals into revealing sensitive information, often through emails, text messages, or fake websites. This can include romance scams where individuals are tricked into believing they are in a relationship, or extortion threats aiming to frighten people into giving away money or information.

  • Remote access: allowing a malicious actor to get unauthorised access to a computer, often by inadvertently clicking on links or downloading software. This can happen after being tricked into clicking on a link that looks legitimate or from someone claiming to be a tech specialist and requesting access to a system.

  • Investment scams: trickery aimed at encouraging investing in a fraudulent scheme, often through promising high and quick returns.

How to protect yourself

The first step in protecting yourself from a scam is staying alert and learning what you need to look for to spot a fraudster coming.

Scams succeed because they look real – and noticing the warning signs is an important step to protecting yourself.5

The Australian government’s ScamWatch service offers a three-step process: stop, think, protect.

  • Stop: Do not give money or information unless you are sure. Scammers will ask you to verify who you are and pretend to be from an organisation you trust.

  • Think: Ask yourself if the message or call could be fake. Do not click links in messages. Contact organisations through their official website or app instead.

  • Protect: Act quickly if something feels wrong. Contact your bank if you notice unusual activity.

So, what are some of the warning signs to look for?

In emails and messages, there is a chance something may be a scam if it asks you to take immediate action, transfer money, click a link or call a number, or log in to an online account. Other signs might be a sense of urgency in the communication, suggesting something is wrong or threatening to stop a service, charge a fine, or delay delivery of a package.6

For phone calls, tell-tale signs are asking for personal information, suggesting you install software, promising easy money, or threatening you in any way.  Scammers are also known to ask for one-time security codes which can lead to problems accessing devices. A newer scam involves asking for payments to be made through the widely available but poorly understood PayID payments system.

Cyber security

Keeping your phone, computer, and online accounts secure is an important way to avoid being scammed.

Here are some tips for things you can do to ensure criminals do not get access to your accounts:

  • Use multi-factor authentication:
    A critical weapon against fraud, using separate forms of identification to access an online service is a clever way to protect yourself. Usually, multi-factor authentication takes the form of a password and a separate code sent by text message, but increasingly many providers also use authentication apps that can be downloaded and set up on your phone.

  • Use biometrics: 
    Most phones and many computers come with the ability to set a biometric login that requires your fingerprint or a scan of your face to log in.

  • Never share usernames or passwords:
    Keep your passwords to yourself and make sure they are hard to guess combinations of letters, numbers, and symbols. Use different passwords for different systems and applications.

  • Be careful online:
    Never click on links in unexpected emails or text messages. Do not open attachments to emails unless you are sure of the source. Never connect to free public Wi-Fi networks.

  • Be cautious on social media:
    Do not give out personal information unless you are sure it is secure and limit social media connections to people you know in real life.

  • Use virus protection software:
    Running high-quality software on your computer to scan, detect and prevent viruses, spyware and malware can help protect you. It is important to keep the software up to date.
  • Contact your financial institution:

    Immediately inform your bank or financial service provider. They can implement extra security measures, halt account activity, reset passwords and security questions, and set transaction alerts to prevent financial loss.

  • Update your device passcodes:

    Change the passcodes on all your personal devices as a precautionary measure.

  • Change online passwords:

    Update the passwords for all your online accounts to secure them against unauthorised access.

  • Credit card security:

    Consider replacing your credit cards to prevent fraudulent transactions.

  • Device clean-up:

    If there's a suspicion of malicious software, have a professional clean your personal devices.

  • Report to law enforcement: 

    Inform the police or relevant law enforcement agencies about the compromise for official documentation and potential investigation.

  • Monitor your credit:

    Regularly check your credit report and subscribe to credit monitoring services to stay alerted to any changes in your credit file.

  • Seek professional help:

    Contact ID Care, a free service in Australia and New Zealand that assists victims of identity fraud and provides support in identity and cyber issues.

1. ACCC,


20 Mar 2024

Tips for financial planning for women, and ways they can eat into the superannuation gap.

07 Feb 2024

A couple’s decision to embark on a shared financial journey is an important milestone in a relationship – but it can bring practical and emotional challenges.

01 Jan 2024

We all love to make New Year’s resolutions but sticking to them can be much harder.

This document has been prepared by BT, a part of Westpac Banking Corporation ABN 33 007 457 141 AFSL and Australian Credit Licence 233714 (Westpac) and is current as at 20 March 2024. The information in this document regarding taxation and legislative change is based on policy announcements which are yet to be passed as legislation and may be subject to future change. This information does not take into account your personal objectives, financial situation or needs and so you should consider its appropriateness, having regard to these factors before acting on it.