How to avoid common phone scams in Australia

According to Scamwatch, an ACCC-run service that reports on scams in Australia, more than $257 million has been lost to scams in Australia in 2022. For context, that’s up by more than $50 million in the week between drafting and revising this article.

More concerning is the reality that of the 88,000-odd reports, only 12.3% of them suffered financial losses, which means that around 10,800 of those reports contributed to that staggering figure. Thankfully, Scamwatch also details how to spot scams in Australia and offers advice on how to avoid them.

Investment scams are attempted via phone but may also come via email or social media. These scams promise too-good-to-be-true financial gains from massive payouts, fast earnings, or guaranteed returns. If it sounds too good to be true, it probably is. This is the most common type of scam in Australia and should be treated with extreme caution.

Scamwatch advises speaking with an ASIC-listed financial advisor before investing funds in anything. You can check that a financial advisor is registered via this ASIC website. ASIC also has a list of companies that you should avoid.

Cryptocurrency scams are on the rise, and it’s made easier because it’s difficult to tell the difference between legitimate and fraudulent crypto investments. You should avoid unsolicited contacts reaching out about investment opportunities. Romance baiting is also another form of investment scam, wherein a scammer attempts to win your trust online before asking you to invest money.

Because there are many types of investment scam, always do your research and seek professional advice. Scamwatch recommends keeping an eye out for these warning signs:

• The promise of low risks and high returns.
• You are contacted about investments out of the blue.
• High-pressure investment tactics.
• Someone you’ve never met before offers investment advice.
• Celebrity endorsements or images to drive investment.
• Convincing promotional materials or websites (always check for an ASIC registration first).
• You are asked to deposit funds into different bank accounts per investment transaction.
• Cryptocurrency investments have fewer protections than other investments.

Remote access scams start with a scammer convincing you that you have a ‘problem’ with your computer or internet, and they insist you need software or their expertise to fix it. These scams tend to start with an unsolicited phone call where the person claims to be from a well-known tech company, such as NBN, Microsoft, or Telstra.

The scammer will tell you that your computer has a virus, or it’s been sending error messages, or other claims like your internet has been hacked. Whatever the lie, if you’re uncertain of who is calling, ask for their name and where they claim to work for. Then say you’re concerned it may be a scam and you’d like to call them back via an official number. If it’s a scammer, they’ll either end the call or insist you stay on the call, but legitimate places will have no problem with you protecting your privacy like this.

These unsolicited calls come out of the blue, which is the first warning sign because tech support requests are typically reactive, not proactive. To protect yourself, never give an unsolicited caller remote access to any of your devices. Unless you called a trusted source, don’t give out personal details over the phone, including credit card or online account details. Big companies like NBN, Microsoft, and Telstra don’t request credit card details over the phone to fix problems. Also ensure your devices are up to date with the latest antivirus and anti-malware software (we recommend Bitdefender or Norton), and consider using a reliable firewall.

False billing scam attempts tend to be made via phone but they also come via email. The bill itself may even appear to come from a reputable source, but it’s for a payment that you haven’t requested. This can be trickier when a scammer happens to use a company name that you have a service with, such as a bank or electricity provider. Always keep an eye out for oddities in an email, such as typos or an email address that doesn’t include the company name.

If you receive a phone call or an invoice from somewhere you’ve never heard of confirming a supposed task they’ve done for you, hang up or ignore it. Again, the details matter here, so even if it looks reputable, if there are typos in your name or a closely matched service (such as a website you own), find the contact details for the actual provider and reach out to them for confirmation.

Scamwatch advises never agreeing to anything over the phone and always asking for an offer in writing. Always check that services or goods were actually ordered—and, if they were ordered, that they’ve been delivered—before paying an invoice, and pay attention to the fine print. Keeping records of the goods and services you are paying for will help make false claims stick out, especially if they match something you do want but an invoice arrives at an unexpected time.

Phishing scams can come from many sources, including phone calls, text messages, emails, or social media. The scammer’s goal of a phishing scam is to trick someone into volunteering sensitive personal information, including credit card numbers, account passwords, or bank account numbers.

A phishing scammer will contact you out of the blue posing as a legitimate business, like a bank, telco, or internet provider. The scammer will ask you to provide personal details to confirm your identity, usually offering a tall tale as to why they’re contacting you. Alternatively, a phishing email may direct you to a website that appears legitimate but has slightly different spelling in the web address.

Whichever way a phishing scammer receives personal information, these details will be used to perform fraudulent activities. For emails, keep an eye out for spelling or grammatical errors. Also pay close attention to the sender’s email address. Don’t click on any links or email attachments asking you to verify your details; either delete them or forward these emails to the corresponding legitimate organisation (if they have a dedicated phishing email address).

You can also search for the exact phrasing of an email to identify scams online. Also keep an eye out for the padlock symbol or ‘https’ in the full website address, as legitimate websites tend to have these things, which indicates a secure site. If you’re unexpectedly contacted and asked for personal details, ask for the caller’s name and contact number, then search online to see if that contact number matches the actual contact number of the organisation you’re with. Actual representatives will understand the importance of user security and won’t mind you being diligent in calling them back, whereas phishing scammers may get upset, hang up on you, or try to convince you to stay on the call.

Identity theft scams are a scarier version of phishing scams, wherein a scammer attempts to use someone else’s stolen identity to gain benefits or steal money. These types of scams are most commonly found in phone calls, text messages, or emails.

Phishing, hacking, remote-access requests, malware and ransomware, fake online profiles, document theft, and data breaches are all common components of an identity theft scam. With the right personal information, a scammer can open new bank accounts under your name, take out lines of credit, or drain your bank accounts. They can also take out phone plans or other contracts, purchase items under your name, steal superannuation, access government online services, and/or get access to your email and social media profiles.

Be wary of out-of-the-blue phone calls, text messages, or emails asking for personal information, including emails asking to confirm your personal details by opening a link or attachment. Spelling and grammatical errors in a text or email are a red flag for identity theft scams. Also keep an eye out for unexpected computer popups asking for permission to run software you haven’t installed.

If you receive a suspicious text or email, just delete them. Verify the identity of anyone calling you via independent research online or in a phone book and note the details provided by the person contacting you. Be vigilant with personal information, including credit card and online account details, and don’t send it to anyone you don’t trust. Having a strong password (made easier with a password manager) and using additional security barriers like two-factor authentication are also helpful for protecting your identity.

Rebate scams may appear via phone calls, text messages, email, or social media. This type of scam attempts to convince you that you’re owed a reimbursement from a trusted organisation. The scammer will typically pretend to be from the trusted organisation it claims to represent.

While a rebate sounds like a good thing, the way to spot the scam is if it’s unexpected and the scammer requests you make an initial small payment to cover administrative fees or some other cost. If you’re owed money by an organisation, they won’t charge fees for you to access it. The scammer will usually ask you to send the money to cover the fee via a money transfer service.

Always verify the identity of a caller claiming to offer a rebate, then contact the actual organisation directly to ask for more information. Don’t use the contact details provided by the person who’s contacting you out of the blue; official contact details are easy to find via any major online search engine. You can also search for the exact phrasing of an email or text to find reports of a potential scam online.