skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus
Article related to:


Impersonation scams – how to spot one and keep your money

Security specialist

2024-04-03 00:00

Estimated reading time
6 min

Jump to

Picture this, your phone rings and the caller ID comes up as: Australian Taxation Office (ATO). They’re claiming you won’t be able to get your tax refund without urgently providing some information, including your banking details. They’re a legitimate government agency, and they wouldn’t lie about this, right?

Unfortunately, this is just one of the ways scammers can exploit your trust to gain access to your personal details or your wallet.

Reports to the National Anti-Scam Centre’s Scamwatch, reflected a loss of close to half a billion dollars in 2023 alone, so chances are, you will encounter scams like these sooner or later. We know it can be daunting, but we’re about to explore some strategies you can use to spot these scams and protect yourself and your hard-earned money.

What is an impersonation scam?

An impersonation scam is when a scammer makes direct contact with you while impersonating a familiar person or a trusted organisation. They do this to gain access to your personal information and/or money, and both their methods and means of contact can vary. Impersonation scammers may even appear to call or SMS under the same number as an institution you trust.

They might contact you through SMS message or other messaging platforms, phone call, email, or even social media. Their methods can range from pleading or threats to innocently offering you a discount on services. Anyone can be targeted, and anyone can be impersonated. But as scary as that may sound, there are some reliable ways to spot these scams before it’s too late.

How can you spot an impersonation scam?

These scams can be especially upsetting because they tend to play on your emotional connection with a loved one, or your trust in (or fear of) an institution. Given the emotional nature of this scam, it’s important that you can spot them before they start pulling on your heartstrings.

How do these scams work?

While there are many scenarios that can play out, these are some of the common ones:

  • You might receive a phone call, SMS message, or email claiming to be from a trusted organisation like a bank, telecommunication provider, or the taxation office. They might try to direct you to click a link and log in to their services to verify fraudulent activity on your account.

  • You might get a phone call or voicemail claiming to be someone from the government, tax office or even the federal police, threatening that if you don’t pay the money that they claim you owe, there will be immediate and dire consequences. 

  • You could get a message from a ‘family member’, like a son, daughter, or parent. They might address you casually and warmly, asking you to transfer them money to get them out of a jam.

  • “It’s important to be wary of any request asking for money or personal information –particularly banking information – even if it appears to be someone you know,” says Erica Hardinge, ANZ’s Product Area Lead in Staff and Customer Security Education and Resilience Enablement. “It’s unlikely a family member will suddenly have a new number, be un-reachable for a phone call and be in dire need of money.”

6 impersonation scam red flags

  1. An unsolicited or unexpected call, email or message. “Emails or text messages which you don’t expect to receive, with links to provide your personal information are also unlikely to be from legitimate organisations,” explains Erica. “For example, a text in the middle of the night about an undelivered parcel, requesting you to confirm delivery details via a weblink is a huge red flag.”

  2. Being prompted to follow a link to an external website and fill in your details.

  3. An urgent request for action.

  4. Request for you to share sensitive information (PINs, usernames, passwords).

  5. Being asked to download a file.

  6. Being informed of an unauthorised transaction or asked to confirm a payment you didn’t make. 

Who do these scammers tend to impersonate?

Unfortunately, no one is safe from impersonation scams as they can come from a wide range of seemingly legitimate senders. In fact, these scams are becoming so sophisticated, they can even make SMS messages appear in the same thread as your previous contact with a trusted organisation – scary, huh? Below are some of the most common ways these scams might manifest.

  • Trusted service providers: Scammers will often impersonate internet providers, insurance companies or telecommunications services reaching out to offer a discount (if you can confirm your personal details), or to upgrade or change over your services with a threat of cancelling them if you do not comply.

  • Banks: A scammer might contact you posing as your bank and claim there has been fraudulent activity on your account. Or they might say you need to confirm your personal details otherwise your account will be suspended. The scammer may direct you to a fake webpage to log into your account (so they can gain access to your login info), ask you to transfer money to a ‘safe’ account or verify your personal info, such as your PIN, password, one-time passcode and account numbers. They might even request you click on a link to initiate a live chat which may require you to download software that can be used to gain access to your account or monitor your online activity.
    Learn more about bank impersonation scams.

  • Government agencies: Scammers will often try to use your trust in government or authoritative organisations against you. You might receive contact from a scammer claiming to be from the tax office informing you about a refund you’re entitled to or claiming that you owe them money urgently. You may even get a call from the ‘federal police’ to say you need to make a payment urgently to avoid arrest.

  • Family and friends: The most common one in this category is the now infamous “Hey Mum/Dad” scam. This is where a scammer sends you a message  from an unknown number claiming to be a loved one who has lost their phone and needs your help. Another way this scam can operate is via direct messages from a friend on a social media site. The scammer will speak to you just as your friend would, telling you this is their new account. They might ask you to follow a link or to transfer them money urgently.


How can you protect yourself from impersonation scammers?

  • If someone calls claiming to be from your bank, confirm it’s from them by calling the number on the back of your card, or the number listed on your bank’s official website.

  • Be suspicious of anyone asking you for personal information or payment. If in doubt, ignore the message, or just hang up.
    Hot tip: Some phones allow you to report scams after receiving a call or SMS.

  • Be wary of threats, time pressure or emotional guilt trips from anyone claiming to be an authority figure or loved one.

  • Use a family code word. This can help you and your loved ones know whether it’s actually you who is sending the message.

  • Don’t click on links or download attachments from an unexpected message or email.


What can you do if you think you’ve been scammed?

If you think you’ve been scammed by someone impersonating a trusted source, know that you are not alone.

“There is no shame in being scammed. Being scammed is increasingly common and sadly it’s also common to feel grief, anxiety and embarrassment, but you shouldn’t,” explains Erica. “It is literally a scammers job to convince you to take action, whether this involves sharing personal and often banking information or transferring money.”

It’s normal to feel angry when your trust has been exploited, but there are some immediate actions you can take to protect yourself from further financial harm.

  • If you have shared financial information or believe you have transferred money to a scammer, notify your bank immediately.  If you are an ANZ customer, please contact us immediately.

  • If you shared credit card details, block or cancel those cards immediately. If your cards are with ANZ, you can do this through the app. Learn more.

Who can you contact if you’ve been scammed?

  • Report the scam to the Police through the Australian Signals Directorate’s ReportCyber portal. This resource is there for reports of scams where money or personal information has been lost.

  • You can contact the Australian cyber security hotline 24 hours a day, seven days a week on 1300 CYBER1 (or 1300 292 371). 

  • Help others by reporting to Scamwatch to help them prevent future losses, monitor trends and educate the population about emerging threats. 

  • For phishing or identity theft associated with government accounts such as Centrelink, Medicare, or Child Support, contact the Services Australia Scams and Identity Helpdesk on 1800 941 126 or find out more via their website.

  • You can also contact IDCare, a not-for-profit organisation providing support to those experiencing identity and cyber security issues.
Impersonation scams – how to spot one and keep your money
Security specialist

Make a PACT to protect your virtual valuables today

Learn more about how to keep yourself scam-safe and check out our latest security alerts.

Learn more



This information seeks to raise awareness and provides general information only. It may be necessary or appropriate  to ensure that measures are taken in addition to, or in substitution for, the measures presented having regard to your particular personal or business circumstances.