Cyber threats and scams

Information about cyber threats and scams and steps you can take to protect yourself.

Cyber threats

Cyber threats are when a computer or online network is used to target a person's computer or data to cause harm. Anyone can be a victim of a cyber threat, including individuals, businesses and the government.

It is important to be aware of the different cyber threats to avoid potential security risks. Some common types of cyber threats include:

Account compromiseWhen someone gets unauthorised access to your banking or other accounts. 
Cyber abuseWhen someone bullies you or stalks you online.
Data breachWhen your personal or health information is lost, used for unauthorised purposes, or released to unauthorised persons by accident, on purpose, or because of a system security breach.
Email CompromiseWhen you receive an email containing fraudulent information designed to trick you into giving out your personal information or sending money.
HackingWhen someone gains unauthorised access to your system or network. 
Identity theftWhen someone has accessed your personal identity information to steal money or commit other fraud. They may create fake documents or get loans and benefits in your name.
PhishingWhen an email is sent pretending to be from a business or agency but contains malware.
QuishingWhen someone uses a QR code to trick you into scanning a code with your phone that downloads a virus or runs ransomware.
Ransomware or malwareWhen malicious software is used to steal your information from your device or encrypt your files and demand money to restore access.

Scams

A scam is an action taken to trick you into giving personal information or paying money.  This can be by email, text message, phone calls or social media.

It is important to be aware of different scams to avoid potential security risks. Some common types of scams include:

  • Impersonating government departments
  • Setting up fake dating profiles
  • Setting up fake social media profiles
  • Creating fake websites.

Scams are also becoming more sophisticated and harder to spot. If someone contacts you, consider:

  • Do the links look suspicious if you hover over them?
  • Are there grammatical errors or spelling mistakes?
  • Is the message urgent, rewarding or threatening?
  • Is the email address or phone number legitimate?
  • Is it addressed to you or is it generic?
  • Does it have any unusual attachments?
  • Is it from a business that you don't deal with?
  • Is it asking you to change your password or for sensitive information?

For information, see Types of scams on the Scamwatch website.

Bank impersonation scams

Scammers can attempt to gain your personal information by impersonating your bank. They can come through as text messages or emails. Sometimes scammers can even intercept your bank's communication system, appearing in the same message chain as legitimate messages from your bank. This is known as ‘spoofing’.

Be aware that your bank will never ask you to transfer funds to another account or for your password or pin code.

You should look out for differences in the phrasing of the message. If you are not sure, don’t click on any links or use the contact number in the message. Instead, contact your financial institution directly and confirm their details from their official website.

If you think your account has been compromised, notify your bank immediately. If you have lost money, there are only limited situations where your bank might be held responsible and refund you lost funds from a fraudulent transaction.

For information about getting your money back or making a complaint if you believe the bank’s actions contributed to your losses, see Mistaken and unauthorised payments

Protect yourself

You can protect yourself by taking some simple steps.

  • Check the sender's email address. Emails can look real but often the address will look suspicious.
  • Read messages carefully. Don't click on any link if you don’t know the number.
  • Don’t share any personal or financial information over the phone.  If you’re unsure that the call is legitimate hang up the phone.
  • Don’t scan a QR code unless you know who has provided it.
  • Be careful who you give remote access to your computer or device.
  • Watch out for apps that want excessive permissions.
  • Protect your social media accounts by changing your settings to private and consider what you post.
  • Check URLs and look for strange letters, numbers and symbols.
  • Make sure you are using trusted websites. Think twice before entering your personal details into a website you’re not familiar with. 
  • Contact government organisations or businesses directly from their official website.

You can also improve your cyber security.

  • Secure your online accounts by using a strong password or passphrase that is long and unpredictable.  Use a password strength tester, see Passwords on the ID Support NSW website.
  • Use multi-factor authentication to protect your accounts. This is an added layer of security in addition to your password to give you access. For more information, see Turn on multi-factor authentication on the Australian Cybersecurity Centre Website.

If you notice any unusual activity or suspect your data has been compromised, you should report it immediately to your bank, ID Support NSW, or ReportCyber.

For more information about how to protect yourself online, see Be prepared on the ID Support NSW website.

If you think your personal information has been compromised there are ways you can get help. For more information see Victims of cybercrime.