Think of ClickFit like road safety for digital banking
STOP your scroll
CHECK with your bank
PROTECT your accounts
ClickFit: Bank impersonation scams
Steer clear of bank impersonation scams. Keep your online banking safe and on track.
Bank impersonation scams are designed by criminals to create urgency and fear, so people act quickly before they have time to think. They use simple emotive tactics to pressure people to “act fast because your money is at risk”.
ClickFit will help you recognise the warning signs of bank impersonation scams and bank safely online.
Impersonation scams are often urgent, alarming, and highly believable….and that is exactly the point.
Criminals create realistic emails, text messages, and phone calls to impersonate banks and trusted organisations replicating their brand, tone, and messaging.
How do bank impersonation scams work?
Bank impersonation scams come in many forms. Criminals constantly evolve their tactics, contact methods, and requests for money or account details to deceive victims:
Tactic: “unauthorised payment”, “new payee”, “account locked”
Contact: SMS, phone calls, emails, social media
Request: bank or personal details, security or one-time passcodes (OTPs), passwords, remote access, transfers
Common narratives used in bank impersonation scams to get you to act quickly:
- Pending unauthorised payments which can only be reversed or cancelled once banking details or codes are shared;
- Locked bank accounts that can only be unlocked if you act now;
- New payees added to your bank account; and
- Compromised devices or accounts where money or cryptocurrency needs to be moved to a “safe account” to be protected.
Once scammers have your attention, they may:
- Send one-time passwords and ask you to verify the code;
- Request your banking passwords or personal details to verify your identity;
- Request remote access to your computer;
- Ask you to approve transactions in the bank’s app;
- Ask you to withdraw cash from the bank and for a courier to collect for safekeeping;
- Ask you to open new accounts, move money to a “safe account” or another bank; and
- Ask you to make payments via a “bank-linked” or socially engineered platform.
Are you fit to Click Bank?
Introducing these six simple steps into your online banking routine can help protect you from impersonation scams:
- Stop, think before you click
If you get a call, text, or email from your "bank" pause before you act. Real banks won't rush or pressure you. - Check with your bank directly
Don’t trust unexpected contact. Contact your bank using their official app, website, or number on your card. - Protect your codes and passwords
Your bank will never ask you to disclose an OTP, password, or PIN over the phone. - Do not transfer money on request
Banks will never ask you to move money to a "safe account". If asked - stop and contact your bank. - Secure your accounts
Use strong passphrases and multifactor authentication (MFA). Keep your devices updated. - Report immediately to bank
If something feels off - act fast. Report to your bank immediately. Have you lost money? Report to police at cyber.gov.au/report
Learn more about ClickFit and take the quiz
If you or someone you know has been a victim of a romance scam:
Support is available — you’re not alone
Follow these steps:
- Stop all contact with the scammer
- Contact your bank immediately to block transactions or access to your bank account/credit cards
- Report the scam to police via ReportCyber
- Talk to someone you trust
- Get support from services such as:
- IDCARE
- Free financial counselling services
Support is confidential, and help is available.
Download the ClickFit Stakeholder Kit for campaign assets
ClickFit is a national cybercrime prevention campaign by the Joint Policing Cybercrime Coordination Centre.
