News Centre

This is a joint media release with the Australian Federal Police, ANZ and NAB.

Editor’s note: Audio grabs from Commander Marshall available via Hightail 

Don’t be an inadvertent April Fool. That’s the message from authorities this 1 April, as new data reveals Australians lost more than $11 million to online banking impersonators in 2024*.

The AFP-led Joint Policing Cybercrime Coordination Centre (JCP3) is working closely with Australian banking partners to combat a rise in bank impersonation scams, as online fraudsters continue to fleece the community.

In 2024, ScamWatch received 190,592 impersonation scam reports, costing more than $181 million. Of these, 10,800 related specifically to online banking.

AFP Commander Graeme Marshall said online offenders, including impersonation scammers, used various methods to gain access to victims’ funds. These included convincing victims to download remote access programs giving access to, and control of, a victim’s computer to steal personal information and money.

“Scams are increasingly sophisticated, making it difficult for consumers to identify them as fake,” Commander Marshall said.

“Our warning is to be very wary of all unsolicited contact online.

“Fraudsters pretend to be trusted businesses, government agencies, law enforcement, friends or family, to steal money or personal information. 

“Victims of banking impersonators, for example, will usually receive an email, text message or phone call from someone purporting to be from a bank’s security team.

“Scammers will begin by telling victims they have detected a suspicious payment, their account has been compromised or they have been approved for a loan they never actually applied for. This conversation is often conducted in a way that suggests an extreme sense of urgency.”

Commander Marshall said one tactic scammers used was leveraging information they could access to secure details they did not have.

"They will use avenues including data breaches, phishing and other cyber attacks to secure information such as their victim’s full name, their date of birth, account and credit card details and even bank balances,” he said.

"This allows them to build trust and legitimacy with their victim so they can convince them to hand over log-in details.

"Using this information, they then directly access and drain the victim's bank account, hitting the scam jackpot."

Commander Marshall said another common tactic encouraged victims to transfer money to a ‘safe’ account, which was really the criminal’s own bank account. 

“Unfortunately, it’s becoming increasingly difficult for victims to identify banking impersonation scams, as fraudulent email or text messages may include a bank’s legitimate contact details or language that seems consistent with standard bank communications,” he said.

“This is often paired with scammers creating an extreme sense of urgency and reassuring victims they are there to help. 

“All of this can happen in a matter of minutes, and by the time victims can review the situation and realise something doesn’t seem right, they’ve already been scammed.

“These evil and deceitful criminals are extremely savvy in how they operate and coax victims out of their money. Anyone can be a victim.

“We encourage people to be extra vigilant when being asked to transfer or move money online, or to give a third party security details or access.”

ANZ’s Head of Financial Crime Threat Management Milan Gigovic said the methods used by criminal syndicates to scam and defraud customers were becoming increasingly sophisticated.

“ANZ urges all Australians to stay vigilant in the face of these evolving threats. It's important to be cautious of any unsolicited calls, emails, or messages claiming to be from your bank, particularly if they request personal or financial details or ask you to transfer funds,” he said.

“Keep in mind your bank will never ask for sensitive information over the phone, so always take the time to verify the authenticity of any communication through official channels before taking any action. Protecting your financial security starts with being informed and cautious at all times."

NAB Executive, Group Investigations Chris Sheehan said NAB had made significant efforts to tackle impersonation scams, resulting in losses decreasing by 65 per cent between 2023 and 2024.  Reports to NAB of bank impersonation scams also decreased by 45 per cent in the same period.

“Three key NAB initiatives have contributed to these decreases,” he said.

“We worked with telcos to make it harder for criminals to infiltrate bank phone numbers and text message threads and we no longer use links in unexpected customer text messages to make it easier to recognise scam red flags.

"We've also cracked down against hundreds of fake websites impersonating the bank.

“These transnational organised criminals are the same groups linked to drugs and arms trafficking.

“Criminals impersonate many well-known organisations including banks, telcos, governments and supermarkets. Our customers tell us criminals are trying to get them to call 'NAB'. A few years ago, crooks were trying to get customers to click on a link, but have had to change tack after we removed links from text messages.

“Once funds are sent it’s often very hard to recover money, despite our best efforts. Criminals quickly send it to overseas accounts or to cryptocurrency platforms knowing it makes it harder to retrieve.”

If you believe you are the victim of a cybercrime, you should notify your financial institution and report it to police immediately via ReportCyber. 

The AFP-led Joint Policing Cybercrime Coordination Centre (JCP3) brings together Australian law enforcement and key industry and international partners to fight cybercrime and prevent harm and financial loss to the Australian community. 

The JPC3 is committed to equipping all Australians with the knowledge and resources to protect themselves against cybercrime. 

Watch our cybercrime prevention videos and protect yourself from being a victim of cybercrime. 

If there is an immediate threat to life or risk of harm, call 000. 

If you, or someone you know, needs help, we encourage you to contact Lifeline on 13 11 14 or Beyond Blue on 1300 224 636. They provide 24/7 support services.

If you are concerned your identity has been compromised, contact the national identity and cyber support service IDCARE. 

Suspected scams should also be reported to Scam Watch to help others avoid similar scams.

Further information 

Warning signs of bank impersonation scams

• Unsolicited calls, texts or emails from someone claiming to be from your bank, especially if you haven’t initiated any recent transactions.
• Pressure to act quickly due to the possibility of account closure, suspicious activity or legal consequences.
• Being asked to provide sensitive information, such as your password, PINs, account/card numbers or account balances.
• Links to fake websites which may look identical to your bank’s website but are controlled by the criminal.
• Unusual requests to transfer money or make payments to a different account under the guise of securing your funds.

Steps to protect yourself online

• If you receive a call, email or text claiming to be your bank, stop the communication and call your bank using the official contact details on its website to confirm the legitimacy of the request.
• Do not click on any links or download attachments from unsolicited texts or email.
• Be extremely wary of urgent requests asking you to act immediately.
• Never provide your personal information, such as your online banking details and credit card number.
• Keep your devices secure by ensuring your software is always up to date.
• Enable multi-factor authentication for an additional layer of security.
• Ensure you have strong passphrases and never reuse the same passphrase for multiple accounts. 

*Source: ScamWatch statistics for 2024.