Message from the Chief Commissioner

Crime Prevention & Community Safety

Online fraud

Release date: Wed 17 June 2009

Last updated: Tue 25 November 2014



Phishing is a technique used to gain personal information for the purpose of fraud and identity theft. Phishing attempts can take many different forms.

A common type of phishing involves sending emails that appears to be communications from a bank or financial institution hoping to trick people into supplying their online access details. A phishing email might ask an online banking customer to follow a link in order to update personal bank account details or login details. The link often leads to a webpage that looks just like the real site, but is a copy created by the offenders to collect login details. Following the link might also download a program which captures his or her banking login details and sends their details to a third party. Afterwards, these webpages will generally return the victim to the legitimate website.

It is important to remember that credit card details or login details used to access finances and services online are valuable and can be misused by others.

Reduce the risks of phishing by following these tips:

  • Never provide personal details, including customer ID or passwords, in response to an email, even if it claims to be from your bank.
  • Only access your bank's Internet banking login page by typing the address into your browser, do not click on a link from an email.
  • Be suspicious of any email from someone you do not know or trust.
  • Delete emails that you think are untrustworthy without opening them.
  • Be wary of emails that do not use your proper name, contain errors or use poor grammar.
  • Install and use anti-viral software. Keep it up-to-date.
  • Install filtering software to stop spam email or use an Internet Service Provider (ISP) that will filter spam for you.
  • Ensure security patches for your operating software are updated on a regular basis.


Reporting phishing

If you receive an email asking for your bank account details, report it to SCAMwatch. You can also report it to the business that the scam is impersonating, but be sure to use an email address or phone number that is not in the suspicious email.

If you have supplied your account details after receiving one of these emails, you should immediately change your password and report it to your financial institution so they can freeze your account and make alternate arrangements for you. Also, notify SCAMwatch about your experience.

Internet banking fraud

Internet banking fraud is a fraud or theft committed using online technology to illegally remove money out of your account. Some of the malicious online technologies used to obtain information include spyware, trojans, viruses.

Internet banking fraud is a form of identity theft and is usually made possible through techniques such as phishing.

To avoid this type of fraud or theft:

  • Never give out your username or password.
  • Ensure a firewall and virus protection are installed and regularly updated.
  • Use a strong password, which includes uppercase and lowercase letters, numbers and symbols. Using poor password security is a major cause of computer fraud.
  • Check your bank and credit card records on a regular basis.
  • Look for any transactions that you did not authorise.
  • Contact your financial institution immediately if you notice an unauthorised transaction.


Reporting Internet banking fraud

If you receive an email asking for your bank account details, report it to the ACORN

If you are the victim of internet banking fraud, report it to your financial institution and find out about their process for investigating the incident. Once the financial institution clears you of any involvement, generally under the Electronic Funds Transfer (EFT) Code of Conduct they will reimburse your bank account. Under Victorian law, the financial institution is the victim of the criminal offence not you. The responsibility for reporting the crime is therefore with the financial institution.  Also, notify the ACORN about your experience.

If you choose to also report to ACORN, this will give Australian law enforcement a national picture of the overall cybercrime issue and will assist in reducing the incidence of cybercrime.

For more information on unauthorised and mistaken transactions visit

Shopping and auction site fraud

Many people use the Internet to buy things through online shops or auctions. With some simple precautions, this can be a safe and convenient way to shop.

When you buy something from an Internet auction site, you are purchasing from an individual or company, not the auction house. Once the bidding has finished, negotiations about payment and delivery take place between the purchaser and seller. Regarding online transactions, it is advisable to select an escrow (secure payment) service yourself rather than accept advice from the seller. Do not click on links to banking or escrow services provided in emails as these may lead to fraudulent sites.

The auction house will usually adopt a policy of not taking legal responsibility for any loss that is suffered from using their service. Goods bought at auction are not covered by statutory warranties under the Trade Practices Act. The seller's only obligation is to give clear title.

It is therefore important to take care when using online auction sites. The Australian Competition and Consumer Commission (ACCC) provides useful advice for using online auction sites or conducting transactions over the Internet.

The following general advice is a good start:

  • Find out as much as possible about the auction rules and the responsibilities of buyers and sellers before you bid.
  • Be aware that when you buy from an international seller, you may not be covered by Australian laws.
  • Find out as much as possible about the contact details, reputation and selling history of the business or auction seller before you buy.
  • Use registered mail for tracking your parcel.
  • Try to stick to businesses that have a physical address or telephone number on their websites, and check that these are valid.
  • Read the terms and conditions of the contract to make sure you understand them.
  • Look for a privacy policy to ensure you are comfortable with how the business collects, protects, and uses your personal information before you submit any details.
  • Make sure the site is secure and look for the tiny icon of a padlock or other evidence of security and encryption when you are submitting credit card details.
  • Do not send confidential personal or financial information by email.


Reporting shopping and auction site fraud

Report the matter to the ACORN.

If you believe you are a victim of a cybercrime and have reported this to ACORN, ensure you retain original copies of all available electronic evidence (as such emails, logs, screen captures).  You may be asked to provide this information if contacted by an Australian law enforcement agency.

Electronic evidence can include:

  • Copies of all email relating to the matter, including email received from the offender.
  • The emails should include the full Internet header. 
  • A copy of the auction page, which should include, the username of the alleged offender, the item number and description of the item you bought.
  • Bank or other transaction receipts.

You should not delete any emails you have received from the alleged offender. Retain them on your computer in electronic form.


Email scams

Common sense goes a long way in guarding yourself against email scams. Email has become a fast and easy way of forwarding unsolicited scam information to many recipients. If an online offer or deal seems too good to be true, it probably is.

The text of fraudulent emails may vary, but they usually ask victims to provide bank account or personal details in order to receive a fictitious financial windfall.

Examples include:

  • Get rich quick schemes
  • Miracle health products
  • Competitions and Spanish lotteries
  • Pyramid selling schemes
  • Nigerian loan or investment scams
  • Work at home schemes.
  • Bogus employment as a money-handler or money transfer agent.

The SCAMwatch website has further information about these emails and what to watch out for.


Reporting email scams

Report the matter to the ACORN.  


General advice

If you receive a suspect email, delete or ignore it, without replying or clicking on a link to unsubscribe.

  • Never send your personal, credit card or online account details out in an email.
  • Be wary about responding to special investment offers or when dealing with individuals/companies outside Australia.
  • Do not invest in anything you are not absolutely sure about and do not make decisions based solely on the appearance of a website.
  • Do your research on any investments or opportunities to ensure that it is legitimate and find out about all the terms and conditions.
  • One way to check if an email is a known scam or hoax is to Google a sentence from the suspected email with the word "scam" or "hoax".
  • Contact the ACORN  if you think you have been the subject of misleading or deceptive conduct.



Top of Page
Victoria Police Centre 637 Flinders Street Melbourne 3005 | Ph 03 9247 6666 | Fax 03 9247 5727
Copyright © 2005 State of Victoria. All rights reserved.