Fraud protection.
Now it's personal.
ANZ Falcon® technology monitors millions of transactions every day to help keep you safe from fraud.
Falcon® is a registered trademark of Fair Issac Corporation.
Latest scams, fraud and security alerts
Stay informed on the latest scams, fraud, and security alerts. Learn about emerging cyber threats and important online risks as they arise. If you are a business, make sure to stay updated with the latest business security alerts 
that could impact you.
Explore the latest alerts below, and make informed decisions to help keep your personal and banking details safe.
Businesses: See latest security alerts
December 2025
Posted on 09 December 2025
Social media minimum age scams
Type: 
From 10 December 2025, some social media platforms will be restricted, by law, to people aged 16 and over.
These laws require affected platforms to take reasonable steps to prevent anyone under 16 from creating or holding accounts.
These measures are designed to protect young people from the risks and pressures associated with social media use.
The National Anti-Scam Centre has warned about four potential scams that opportunistic criminals may use to take advantage of these changes:
- Platform impersonation scams
Scammers may pretend to be social media platforms or age verification providers, and ask you to verify your age or risk losing your account.
- Government impersonation scams
Scammers may pretend to be from government or law enforcement, claiming you have breached the new laws and threaten fines unless you provide proof of age.
- Fake ID scams
Scammers may offer fake IDs or access to age-verified accounts for a fee, targeting young people under 16 and their families.
- ‘Hi Mum’ scams
Scammers might impersonate young people aged 16 or older, contacting their parents or guardians to claim they need help verifying their age to use a social media platform.
Posted on 27 November 2025
Fake government emails
Type:
Scammers are sending extremely convincing fake emails pretending to be from Services Australia and Centrelink. These scams have already hit over 270,000 inboxes nationwide targeting a wide range of organisations including schools, hospitals, law firms, corporations, and even government agencies.
The emails look real and often mention various Australian benefit systems like Superannuation or Family Tax Benefits. These emails are mostly written and sent using various techniques to avoid security or spam filters.
They deceive people into clicking links and entering personal details, which can lead to identity theft, account compromise, or even ransomware attacks.
Posted on 13 November 2025
ANZ Rewards SMS Scam
Type:
A scam has been identified where individuals are receiving SMS messages impersonating ANZ Rewards. These messages may claim that rewards points are about to expire and include a link to redeem them.
Be cautious of SMS messages, emails or phone calls, claiming to be from ANZ. They may ask you to log in to your account through a link, provide sensitive banking details, download software, transfer money or open another account.
Remember, we will never ask you to:
- share sensitive banking details (like passwords, PINs, ANZ Shield codes, token codes, or one-time passcodes for payment).
- click a link to log in to your account.
- grant remote access to your computer, phone, tablet (or any other mobile device).
- transfer money to another account.
Business alerts
Posted on 05 December 2025
Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)
Type: 
The ASD's ACSC has published a critical alert regarding vulnerabilities affecting React Server Components, which is used extensively in modern web applications.
According to the ASD’s ACSC, the vulnerability (CVE-2025-55182) enables an attacker to achieve unauthenticated Remote Code Execution (RCE) in vulnerable versions of the following packages:
- react-server-dom-webpack
- react-server-dom-parcel
- react-server-dom-turbopack
Posted on 06 November 2025
Information Stealer Malware alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)
Type:
ASD’s ACSC has identified corporate network breaches that started in employees accessing work resources or systems from personal devices infected with malware called information stealers.
Info stealers, are a type of malware designed to collect information from a victim’s device.
Organisations that allow employees, contractors, managed service providers or other entities to access their network remotely, including with Bring Your Own Device (BYOD) hardware, need to be aware of the risks and protect themselves from this threat.
Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)
Type:
The ASD's ACSC has published a critical alert regarding the following vulnerability in the Microsoft Windows Server Update Service:
- CVE-2025-59287: This vulnerability involves deserialisation of untrusted data in WSUS, which could enable an unauthenticated actor to achieve remote code execution with system privileges.
The vulnerability impacts Microsoft Windows Server Update Service in Windows Server (2012, 2016, 2019, 2022 and 2025).
Posted on 17 October 2025
Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)
Type:
The ASD's ACSC has published a critical alert regarding multiple high-severity vulnerabilities in F5 products and an incident impacting F5.
According to the ASD’s ACSC, F5 have released an advisory regarding a cyber security incident that has affected certain F5 systems with recommendation on what customers can do to help protect themselves.
In addition to this advisory, F5 has issued its October 2025 quarterly security notification summarising multiple critical vulnerabilities identified across its product portfolio.
App Store is a service mark of Apple Inc. Google Play and the Google Play logo are trademarks of Google LLC