Cybercrime and online scams

Read about this scam in Simplified Chinese 简体中文.

Victoria Police is aware of a worldwide extortion scam targeting the Mandarin-speaking community, particularly students of Chinese background.

The scam involves false information being provided to victims in order to extort money from them. Scammers commonly send a pre-recorded phone message in Mandarin notifying victims that there is a parcel on hold for them.

Victims who respond to the call are:

• transferred to people claiming to be from a courier service
• told they have been implicated in a crime and that a parcel with their name on it has been intercepted.

Victims are then threatened by people claiming to be Chinese authorities such as government officials or police. They are told they must transfer large sums of money to prevent themselves, their family or their friends being deported or charged. This is always a lie.

The scammers then request money is transferred to Bank of China accounts. In most instances, these bank accounts are located overseas and are established using false details.

In 2023, Victoria Police have seen a number of victims staging kidnappings on the instructions of the scammers for their use to attempt to extort money from the victim’s family members. The victims are tricked into believing that they must comply.

On some occasions the scammers have also demanded that victims:

• film themselves committing sexual acts, and
• obtain loans, use their personal savings or purchase cryptocurrency to transfer money into overseas bank accounts.

Scammers may also request victims activate their video chat function or attend a local police station to appear credible. This request is then met with the scammer creating reasons not to meet.

Advice to protect yourself

To avoid being involved in this scam, keep the following tips in mind:

• If you receive an unexpected phone call from someone claiming to be a government official telling you that you are suspected of committing a crime, hang up.
• If you have any doubts about someone who says they are from a government department, contact the department directly. Don’t use any phone numbers, email addresses or websites provided by the caller. Find them through an independent source or through an online search engine.
• Do not provide or confirm any personal details to anyone over the phone, unless you made the call yourself.
• Never send money via wire transfer or cryptocurrency to anyone who requests it over the phone unless you made the call yourself.
• If you are unsure about any phone calls, emails or messages, do not comply with any requests – talk it over with someone you trust, or contact your local police station.

Visit the Scamwatch website for more information about current scams in Chinese languages.

If you think you’ve been scammed

If you think you’ve been involved in this scam:

• If you have been extorted to commit sexual acts, make a report to your local police station.
• If you have provided financial or banking details to the scammer, contact your bank or financial institution as soon as possible to let them know.
• If you have transferred large sums of money to the scammer, make a report to ReportCyber. ReportCyber collects your initial report and sends it to your local police station for assessment and investigation. Learn more about how to report a cybercrime.
• If you are concerned that your identity has been compromised, visit the IDCARE website or call 1800 595 160. IDCARE provides free, confidential advice to Australians who have concerns about their identity or cyber security.
• Report the scam to the Australian Competition and Consumer Commission.
• Report the scammer to the website, app or social media platform where you first spoke to them.

If you have relevant information and wish to remain anonymous you can call Crime Stoppers on 1800 333 000 or visit the Crime Stoppers website.

Classified scams use classified websites to trick online shoppers into thinking they are dealing with a legitimate contact, but it is actually a scammer.

Scammers will pose as genuine sellers and post fake ads:

• on classifieds websites
• in print classifieds
• through email
• on social media platforms.

Advice to protect yourself

To help protect yourself from classified scams:

• Be wary of ads for products advertised at a very low price.
• Be aware of sellers or buyers who ask you to pay through money order, a pre-loaded money card, Bitcoin or wire transfer.
• Only use reputable websites for rental properties and holiday accommodation, or reputable online booking agents.
• Do not send items to buyers until the money has cleared in your bank account.

Find more information about classified scams on the Scamwatch website.

If you think you’ve been scammed

If you think you've been involved in a classified scam:

• Contact your bank or financial institution as soon as possible to let them know.
• Report the scam to the website, publication or social media platform.
• Report the scam to the Australian Competition and Consumer Commission.

Dating and romance scams involve a scammer taking advantage of a person looking for a romantic partner.

Dating and romance scams often happen on:

• dating websites
• dating apps
• social media
• email.

Dating and romance scammers pretend to be a potential companion. They often create fake online profiles using fake names or another person’s identity.

Scammers will work to gain your trust. Once your defences are down, they will play on emotional triggers to try to get you to provide:

• money
• gifts
• bank or credit card details
• personal details
• inappropriate material.

Advice to protect yourself

To help protect yourself from dating and romance scams:

• Never send money to someone you haven’t met in person.
• Be careful about what you post online. Scammers can use information and images you share to create a fake identity or target you with a scam.
• Take things slowly and asks lots of questions about the person you are talking to.
• Ask for pictures of the person you are talking to. These can be compared with pictures on websites such as Google or TinEye.
• Do an online search of the person you are talking to.
• Speak to the person on the phone or video chat. This can help to confirm that they are who they say they are.

Beware of a person who:

• quickly asks you to leave a dating service or social media site to talk through text or email
• tries to isolate you from your friends and family
• asks you to engage in inappropriate behaviour
• asks for your financial information
• asks for inappropriate material
• promises to meet you, but continually comes up with excuses not to.

Find more information about dating and romance scams on the Scamwatch website.

If you think you’ve been scammed

If you think you’ve been involved in a dating or romance scam:

• Report the person to the website, app or social media platform where you first spoke to them.
• If you have provided financial or banking details to the scammer, contact your bank or financial institution as soon as possible to let them know.
• If you are concerned that your identity has been compromised, visit the IDCARE website or call 1800 595 160. IDCARE provides free, confidential advice to Australians who have concerns about their identity or cyber security.
• Report the scam to the Australian Competition and Consumer Commission.

False billing scams ask you or your business to pay for fake invoices.

Fake invoices are often sent for:

• website domain name renewals
• directory listings
• advertising
• supplies that you did not order.

Advice to protect yourself

To protect yourself or a business from false billing scams:

• Check bank account details in invoices against your master bank account list.
• If you receive an invoice from a business saying they’ve changed their bank account details, call the company billing you. Speak with the person who sent the invoice and ask them about the change of bank details. Do not pay until you are sure.
• Check that goods or services were delivered before paying for an invoice.

Find more information about false billing on the Scamwatch website.

If you think you've been scammed

If you think you've been involved in a false billing scam:

• contact your bank or financial institution as soon as possible to dispute the transaction
• report the scam to the Australian Competition and Consumer Commission.

Hacking is when a scammer gains access to another person’s personal information using technology.

Hackers may gain access to another person’s computer, mobile device or network.

Advice to protect yourself

To help protect yourself from being hacked:

• Keep your devices up to date with anti-virus and anti-spyware software and firewalls.
• Enable multi-factor authentication on your accounts. Learn more about multi-factor authentication from the Australian Cyber Security Centre.
• Avoid using public WiFi and public computers when accessing personal information.
• Create passwords that aren’t easily guessed by others. Update your passwords regularly.
• Don’t open attachments or links in emails, text messages or social media messages from people you don’t know.

If your devices or network have been compromised

If you think you've been hacked:

• Disconnect the device from the internet or network. This may stop the issue getting worse or spreading between devices and networks.
• The device or network should be examined and treated by an IT professional to:
  • remove any illicit software
  • improve device and network security.
• Run existing anti-virus or anti-malware software to identify and remove viruses or malware.
• Hardware and software may need to be reset to factory settings. Your device may require new software (seek professional IT advice first).
• Find out what to do next by using the ACSC’s Have you been hacked? application.
• Change passwords to accounts that may have been compromised.
• Report the incident through ReportCyber. Learn more about making a ReportCyber report on report a cybercrime.

Find more information about hacking on the Scamwatch website.

If your identity has been compromised

If you are concerned that your identity has been compromised through hacking:

• Visit the IDCARE website or call 1800 595 160. IDCARE provides free, confidential advice to Australians who have concerns about their identity or cyber security.
• Contact your bank or financial institution as soon as possible to let them know.
• Contact other service providers where your personal information could be used to access your accounts.
• Change passwords to accounts that may have been compromised.
• Report the incident through ReportCyber. Learn more about making a ReportCyber report on report a cybercrime.

For more information, visit the Australian Cyber Security Centre’s (ACSC) website.

Identity theft happens when a scammer uses someone else's identity to steal money or other personal information.

Read more about identity theft and how to protect yourself on the online identity theft page.

You can also find more information about identity theft on the Scamwatch website.

Investment scams make up a large percentage of all scams.

Most investment scams look legitimate at first, until you want to withdraw some or all of the funds or investment.

The fake investment company may then ask you to pay more funds to withdraw some or all of your investment.

Advice to protect yourself

To protect yourself from being involved in an investment scam:

• Research the company with the investment opportunity first.
• Check if a financial advisor is registered via the Australian Securities and Investments Commission (ASIC) website. Any business or person that offers or advises you about financial products must hold an Australian Financial Services (AFS) licence.
• Check the ASIC's list of companies you should not deal with. If the company that contacted you is on the list, do not deal with them. Even if they are not on the list, it could still be a scam.
• Visit the Moneysmart website for more information about investment scams and how to avoid them.
• Remember that if an investment appears too good to be true, it probably is.

Find more information about investment scams on the Scamwatch website.

If you think you’ve been scammed

If you think you’ve been involved in an investment scam:

• Stop sending money to the company immediately.
• Make a report to your bank or financial institution.
• Report the scam to the Australian Securities and Investments Commission.

Find more information about investment scams:

• Visit the Scamwatch website.
• Visit the Moneysmart website.

Malware aims to trick you into installing software on your device that allows scammers to:

• access your files
• watch what you are doing on your device.

Scammers can use malware to steal your personal details.

Ransomware is a type of malware that blocks or limits your access to your own computer or files. Scammers will then demand you pay for them to be unlocked.

Advice to protect yourself from malware

To help protect your devices from becoming infected with malware:

• Think before you click on hyperlinks. Don’t click links in emails, text messages or on websites unless you know who the sender is. You can check where a hyperlink directs to by hovering your mouse over it. Don’t click on the link if you don’t recognise the website.
• Keep your devices up to date with anti-virus and anti-spyware software and firewalls.
• Monitor your devices and accounts for unusual activity.
• Don’t trust pop-up windows that ask you to download software.
• Update device operating systems and software applications to the latest versions.
• Create passwords that aren’t easily guessed by others. Update your passwords regularly.
• Enable multi-factor authentication on your accounts. Learn more about multi-factor authentication from the Australian Cyber Security Centre (ACSC).

If your device is infected with malware

If you suspect that your device is infected with malware:

• Disconnect the device from the network or internet. Isolate the device until it can be examined and restored by an IT professional.
• Use anti-malware software to identify and eliminate malware.
• If you are concerned that your financial details have been compromised, contact your bank or financial institution as soon as possible to let them know.
• If you are concerned your identity has been compromised, visit the IDCARE website or call 1800 595 160. IDCARE provides free, confidential advice to Australians who have concerns about their identity or cyber security.
• Find out what to do next by using the ACSC’s Have you been hacked? application.

Advice to protect yourself from ransomware

To help protect yourself from a ransomware attack:

• Consider investing in backup systems for your device and network. If you are compromised, you will then be able to restore your device or network without having to pay an offender.
• Think before you click on hyperlinks. Don’t click links in emails, text messages or on websites unless you know who the sender is. You can check where a hyperlink directs to by hovering your mouse over it. Don’t click on the link if you don’t recognise the website.

Find more information about malware and ransomware on the Scamwatch website.

If your device is infected with ransomware

If you suspect that your device is infected with ransomware:

• It is not recommended to pay anyone a ransom fee to unlock your digital device or network. There is no guarantee the scammer will give you back control of your device or network.
• Visit the Australian Cyber Security Centre’s website for advice about what to do if you’re held to ransom.

No More Ransom

No More Ransom offers free assistance to help you retrieve your data without paying criminals.

Supported by the Australian Federal Police and other law enforcement and IT security companies worldwide, No More Ransom provides:

• ransomware crime prevention advice
• decryption tools to help victims recover files.

Find more information on the No More Ransom website.

Online shopping scams happen when scammers pretend to be legitimate online sellers, but have a fake website or products.

Scammers may also have fake ads on real websites.

Advice to protect yourself

To help protect yourself from online shopping scams:

• Be wary of the payment method requested for online stores. Scammers will often ask for payment through money order, a pre-loaded money card, Bitcoin or wire transfer.
• Be wary of products advertised at a very low price.
• Use safe payment methods such as POLi Payments and PayPal. These payment types allow you to challenge and recover funds in some circumstances.
• Never send money or give credit card or online account details to anyone you don’t know or trust.
• Do not pay unusually high delivery, courier or freight fees, especially after you’ve paid for goods.

Selling your own items

If you are selling an item:

• Do not hand over or post your item until funds from the buyer have cleared into your bank account.
• Do not accept a courier to collect the item on behalf of the buyer.

Buying from online marketplaces

Do not buy items from an online marketplace without:

• first viewing them
• the items being placed in your hand first.

Find more information about online shopping scams on the Scamwatch website.

If you think you’ve been scammed

If you think you've been involved in an online shopping scam:

• contact the retailer or auction service you used to report the scam
• contact your bank or financial institution as soon as possible to dispute the transaction
• report the scam to the Australian Competition and Consumer Commission
• for problems with products from a private seller online, visit Consumer Affairs Victoria.

Phishing is when a scammer pretends to be from a legitimate business (such as a bank or service provider). They then try to trick you into sharing personal information with them.

This can include your:

• passwords
• bank details
• credit card numbers.

Scammers use personal details for criminal activities, such as stealing money from bank accounts.

You may be contacted by:

• email
• social media
• phone call
• text message.

Advice to protect yourself

Think before you click hyperlinks

Don’t click links in emails or messages unless you know who the sender is.

You can check where a hyperlink directs to by hovering your mouse over it. Don’t click on the link if you don’t recognise the website.

Check if emails and messages look legitimate

If you receive an email, text or social media message that you’re unsure about, check that:

• it looks legitimate
• it is addressed to you
• it is from a real person or company
• there are no spelling mistakes
• there are no faded or blurry images or company logos.

If you are unsure if an email, text message or social media message is legitimate, you can:

• look up the contact details of the person or company online
• call the person or company to confirm they contacted you.

If you think you have received a scam email, text message or social media message you can:

• block the sender
• delete the message or email.

Find more information about phishing on the Scamwatch website.

If your identity has been compromised

If you are concerned that your identity has been compromised through a phishing scam you can take the following steps:

• Visit the IDCARE website or call 1800 595 160. IDCARE provides free, confidential advice to Australians who have concerns about their identity or cyber security.
• Contact your bank or financial institution as soon as possible to let them know.
• Contact other service providers where your personal information could be used to access your accounts.
• Change passwords to accounts that may have been compromised.
• Report the incident through ReportCyber. Learn more about making a ReportCyber report on report a cybercrime.

For more information:

• visit the Australian Cyber Security Centre’s (ACSC) website
• visit online identity theft.

If you’ve been hacked

If you think you’ve been hacked:

• find out what to do by using the ACSC’s ‘Have you been hacked?’ application
• change passwords to accounts that may have been compromised
• report the incident through ReportCyber. Learn more about making a ReportCyber report on report a cybercrime.

For more information visit the Australian Cyber Security Centre’s website.

Remote access scammers try to convince you that you need to buy new software to ‘fix’ computer or internet issues.

Scammers may pretend to be from real companies, such as the National Broadband Network (NBN) or telecommunications companies.

They may then request remote access to your computer or ask for bank or credit card details.

Advice to protect yourself

To protect yourself from remote access scams:

• Don’t allow remote access into your mobile phone, computer or digital device unless you are certain of who the person or company is.
• Do not load any remote access applications onto your device.
• Disable any remote access applications or software.
• Be aware that remote access to your device allows offenders to gain access to other areas. This includes bank log ins, personal documents, photographs, videos, and more.
• Don’t give out personal, credit card or account details over the phone unless you made the call yourself, and the phone number came from a trusted source.

Find more information about remote access scams on the Scamwatch website.

If your identity has been compromised

If you are concerned that your identity has been compromised through a remote access scam:

• visit the IDCARE website or call 1800 595 160. IDCARE provides free, confidential advice to Australians who have concerns about their identity or cyber security.
• Contact your bank or financial institution as soon as possible to let them know.
• Contact other service providers where your personal information could be used to access your accounts.
• Change passwords to accounts that may have been compromised.
• Report the incident through ReportCyber. Learn more about making a ReportCyber report on report a cybercrime.

For more information, visit the Australian Cyber Security Centre’s (ACSC) website.

If you’ve been hacked

If you think you’ve been hacked through a remote access scam:

• find out what to do by using the ACSC’s ‘Have you been hacked?’ application
• change passwords to any accounts that may have been compromised
• report the incident through ReportCyber. Learn more about making a ReportCyber report on report a cybercrime.