What is fraud?
Fraud is best described as any deceitful or intentionally dishonest conduct, involving acts or omissions or the making of false statements, orally or in writing, with the objective of obtaining money or other benefit from a person/organisation for him/herself or another, or evading a liability. In simple terms, using deceit to obtain an advantage (property or financial) or to avoid an obligation. Defrauding people of money is the most common type of fraud.
The Australian Federal Police (AFP) has primary law enforcement responsibility for investigating serious or complex fraud and corruption against the Commonwealth. The fraud and anti-corruption business area enhances the AFP response to serious and complex fraud against the Commonwealth, corruption by Australian Government employees, foreign bribery and complex identity crime involving the manufacture and abuse of credentials.
What is a scam?
A scam, or confidence trick, is an attempt to intentionally mislead a person or persons usually with the goal of financial or other gain. Scams try to exploit human weaknesses, such as greed, dishonesty, vanity, and also virtues like honesty and compassion. In a traditional confidence trick, a person is led to believe that he or she will be able to win money by doing a task.
SCAMwatch is a website run by the Australian Competition and Consumer Commission (ACCC). SCAMwatch provides information to consumers and small businesses about how to recognise, avoid and report scams.
Visit Stay Smart Online, the Australian Government's online safety and security website, designed to help everyone understand the risks and simple steps we can take to protect our personal and financial information online.
Listed below are common types of fraud and the appropriate investigative authority. See the Fraud Report form:
Investment or share trading fraud
Report this type of fraud to the by visiting MoneySmart , calling , or report to . Any information such as company name, location and contact details will assist with subsequent investigations.
Report this type of fraud to the relevant service provider.
Foreign bribery includes providing or offering a benefit to a public official, or causing a benefit to be provided or offered to a foreign public official, where the benefit is not legitimately due.
Types of scams and the appropriate investigative authority
Reporting to police
In many cases where a person loses money, it will not be a criminal, but a civil matter. Particularly when a matter involves breaches of contract or non-payment of debts. Police cannot investigate civil matters. Police only investigate criminal matters in order to charge offenders and place evidence before a court.
Civil action is the most appropriate method of recovering money and it is recommended a person consults with a solicitor if this is the case. If the complaint and supporting information supports a finding that a criminal offence may have been committed, then the matter will be referred for investigation.
To report a matter with police, it is useful to gather the following information.
- complainant's details – including name, date of birth, age, address, phone number, email and employment details
- summary of allegations – prepare a summary of events in chronological order that forms the basis of your complaint. Include times, dates, places and any conversations or interaction with suspect regarding the complaint
- evidence – include a brief description of the evidence which support the events described
- suspect/offender – if you suspect a particular individual/s, provide details such as date of birth, age, address, phone number, email, vehicle registration number and employment details
- witnesses – provide details of any witnesses, including name, address, phone number and a brief summary why this person is a witness
- document/exhibits – provide copies (copies only) of documents or exhibits which support the complaint. This may include, but not limited to, banking records, business records, receipts, contracts, invoices, internet content, phone records, and audit reports. Please note, original exhibits should be handled with clean surgical or fabric gloves and with care, to prevent the loss of forensic evidence. Ensure each exhibit is stored in separate bags
- action taken against suspect – provide information of any discipline or civil action taken against the suspect/s
ACSC accepts reports made on behalf of businesses, organisations and corporations. If you wish to report another type of fraud associated with a corporation or business or organisation, or a matter that involves a high degree of complexity where Victoria Police would be the appropriate investigative authority then please read and complete the Victoria Police Fraud Report Form before reporting the fraud to the police.
This form, along with copies of evidence, will be used by police in assessing and investigating a complaint.
Credit card fraud
How does it happen?
Credit card fraud can occur in a number of ways. It is possible for someone to:
- steal your card and make purchases by forging your signature
- use your credit card details to pay for goods or services over the phone or internet
- trick you into revealing your access codes for your account and then making internet purchases
- capture your credit card details with hidden devices during an ATM or EFTPOS transaction (ATM credit card skimming) or your PIN may be seen by someone in the queue (shoulder surfing)
- skim your credit cards at retail outlets or restaurants, resulting in a clone card being made and used by a fraudster
How to protect yourself?
There are steps you can take to minimise the risk of fraud and protect your identity. If you do not, your financial institution may hold you responsible for any losses that occur due to fraudulent transactions. If you have lost your credit card or had it stolen, contact your financial institution, and be advised whether you need to report it to the .
ACSC is a secure reporting service for cybercrime incidents that may be in breach of Australian law. Certain reports will be directed to Australian law enforcement and government agencies for further investigation. The more information you enter into a report, the better equipped agencies will be to consider your matter. The public can also access education and prevention information from the .
The following tips will help you to increase the security of your card and account details.
Be aware of general security
- keep your card safe and secure at all times
- secure your mail by locking your letter box
- tell your institution as soon as you realise your card has been stolen or lost, or if you think it may have been used without your authorisation
- never lend your card to another person
- sign the back of a new card as soon as you receive it
- consider picking up a new or replacement card in person
Guard your PINs and passwords
- keep your PINs and passwords secret and strictly to yourself
- if you have to write down PINs and passwords, disguise them as alternative information. Keep the record in a different place from your credit cards and somewhere where it is not likely to be stolen or lost at the same time as your credit card
- choose PINs and passwords that are hard to guess. Avoid obvious giveaways such as your date of birth, part of your name, address or other things thieves could easily guess if they know you or steal your bag
Take care with online transactions
- do not store internet banking passwords in an undisguised form on your computer if you use your card for goods and services online
- send your card details only through secure internet sites
- be fussy about sending personal details to an online business – question if they are genuinely necessary to use the site
Check your history
- conduct regular checks/reconciliations of your credit/debit card account records
- contact your institution immediately if there are transactions listed that you do not understand or dispute
- a contact number should appear on your account statement
Watch your card when it is out of reach
- when paying bills at restaurants or other locations, keep your eye on your card at all times
- do not give your card to a waiter and allow it to be taken away
- be wary of employees who swipe your card on more than one card reader
Phishing is a technique used to gain personal information for the purpose of fraud and identity theft. Phishing attempts can take many different forms.
A common type of phishing involves sending emails that appears to be communications from a bank or financial institution hoping to trick people into supplying their online access details. A phishing email might ask an online banking customer to follow a link in order to update personal bank account details or login details. The link often leads to a webpage that looks just like the real site, but is a copy created by the offenders to collect login details. Following the link might also download a program which captures his or her banking login details and sends their details to a third party. Afterwards, these webpages will generally return the victim to the legitimate website.
It is important to remember that credit card details or login details used to access finances and services online are valuable and can be misused by others.
Reduce the risks of phishing by following these tips:
- never provide personal details, including customer ID or passwords, in response to an email, even if it claims to be from your bank
- only access your bank's internet banking login page by typing the address into your browser, do not click on a link from an email
- be suspicious of any email from someone you do not know or trust
- delete emails that you think are untrustworthy without opening them
- be wary of emails that do not use your proper name, contain errors or use poor grammar
- install and use anti-viral software, and keep it up to date
- install filtering software to stop spam email or use an Internet Service Provider (ISP) that will filter spam for you
- ensure security patches for your operating software are updated on a regular basis
You can also report it to the business that the scam is impersonating, but be sure to use an email address or phone number that is not in the suspicious email.
If you have supplied your account details after receiving one of these emails, you should immediately change your password and report it to your financial institution so they can freeze your account and make alternate arrangements for you.
Internet banking fraud
Internet banking fraud is a fraud or theft committed using online technology to illegally remove money out of your account. Some of the malicious online technologies used to obtain information include spyware, trojans, viruses.
Internet banking fraud is a form of identity theft and is usually made possible through techniques such as phishing.
To avoid this type of fraud or theft:
- never give out your username or password
- ensure a firewall and virus protection are installed and regularly updated
- use a strong password, which includes uppercase and lowercase letters, numbers and symbols
- check your bank and credit card records on a regular basis
- look for any transactions that you did not authorise
- contact your financial institution immediately if you notice an unauthorised transaction
Reporting internet banking fraud
If you are the victim of internet banking fraud, report it to your financial institution and find out about their process for investigating the incident. Once the financial institution clears you of any involvement, generally under the Electronic Funds Transfer (EFT) Code of Conduct they will reimburse your bank account. Under Victorian law, the financial institution is the victim of the criminal offence not you. The responsibility for reporting the crime is therefore with the financial institution.
Shopping and auction site fraud
Many people use the Internet to buy things through online shops or auctions. With some simple precautions, this can be a safe and convenient way to shop.
When you buy something from an Internet auction site, you are purchasing from an individual or company, not the auction house. Once the bidding has finished, negotiations about payment and delivery take place between the purchaser and seller. Regarding online transactions, it is advisable to select an escrow (secure payment) service yourself rather than accept advice from the seller. Do not click on links to banking or escrow services provided in emails as these may lead to fraudulent sites.
The auction house will usually adopt a policy of not taking legal responsibility for any loss that is suffered from using their service. Goods bought at auction are not covered by statutory warranties under the Trade Practices Act. The seller's only obligation is to give clear title.
It is therefore important to take care when using online auction sites. The Australian Competition and Consumer Commission (ACCC) provides useful advice for using online auction sites or conducting transactions over the internet.
The following general advice is a good start:
- find out as much as possible about the auction rules and the responsibilities of buyers and sellers before you bid
- be aware that when you buy from an international seller, you may not be covered by Australian laws
- find out as much as possible about the contact details, reputation and selling history of the business or auction seller before you buy
- use registered mail for tracking your parcel
- try to stick to businesses that have a physical address or telephone number on their websites, and check that these are valid
- read the terms and conditions of the contract to make sure you understand them
- make sure the site is secure and look for the tiny icon of a padlock or other evidence of security and encryption when you are submitting credit card details
- do not send confidential personal or financial information by email
Reporting shopping and auction site fraud
If you believe you are a victim of a cybercrime and have reported this to ACSC, ensure you retain original copies of all available electronic evidence (as such emails, logs, screen captures). You may be asked to provide this information if contacted by an Australian law enforcement agency.
Electronic evidence can include:
- copies of all email relating to the matter, including email received from the offender
- the emails should include the full Internet header
- a copy of the auction page, which should include, the username of the alleged offender, the item number and description of the item you bought
- bank or other transaction receipts
You should not delete any emails you have received from the alleged offender. Retain them on your computer in electronic form.
Common sense goes a long way in guarding yourself against email scams. Email has become a fast and easy way of forwarding unsolicited scam information to many recipients. If an online offer or deal seems too good to be true, it probably is.
The text of fraudulent emails may vary, but they usually ask victims to provide bank account or personal details in order to receive a fictitious financial windfall.
- get-rich-quick schemes
- miracle health products
- competitions and lotteries
- pyramid selling schemes
- loan or investment scams
- work-at-home schemes
- bogus employment as a money-handler or money transfer agent
The SCAMwatch has further information about these emails and what to watch out for.
Reporting email scams
If you receive a suspect email, delete or ignore it, without replying or clicking on a link to unsubscribe.
- never send personal, credit card or online account details out in an email
- be wary about responding to special investment offers or when dealing with individuals/companies outside Australia
- do not invest in anything you are not absolutely sure about and do not make decisions based solely on the appearance of a website
- do your research on any investments or opportunities to ensure that it is legitimate and find out about all the terms and conditions
- one way to check if an email is a known scam or hoax is to Google a sentence from the suspected email with the word 'scam' or 'hoax'
- contact ACSC if you think you have been the subject of misleading or deceptive conduct
How to identify an investment scam
Investment scams can come to you via a phone call or email. It may even be an offer from someone you trust. There are three main types of investment scams:
- the investment offer is totally fictitious and does not exist
- the investment offer exists but the money you give the scammer is not going towards that investment
- the scammer says they are representing a well-known investment company but they are lying
Example of a fake investment offer
Organised crime groups are targeting the retirement savings of middle-aged and older Australians with sophisticated fraud operations. Criminals claiming to be investment brokers initially make contact with victims by phone. They build a rapport through regular contact over the phone and by email and create a perception of legitimacy through:
- professional looking websites
- personal accounts for victims with login access
- regular reports of a strong return on investment
- media releases; and in some cases
- professional-looking documents delivered via courier
Who is being targeted?
Anyone with savings to invest is at risk, but victims are usually Australian males aged over 50 who have invested previously. The fraudsters typically source their contact details from publicly available investor registries or purchase details from survey and seminar participation.
How can you protect yourself?
- always seek independent financial advice before making an investment
- alert family and friends to this fraud, especially anyone who may have savings to invest
- report suspected fraud to the Australian Securities and Investments Commission, via or , or your local police - any information that can be provided such as company name, location and contact details will assist with subsequent investigations and enquiries
- hang up on unsolicited telephone calls offering overseas investments
- check any company you are discussing investments with has a valid Australian Financial Services Licence at
- visit or call for further information
Identity theft is where a person has stolen and used personal information or assumed a pre-existing identity, with or without that person's permission, and in the case of an individual, whether the person is alive or dead. Businesses may also be victims of identity theft. Having your identity stolen can be devastating.
Quite often your stolen identity documents are used by the offender for opening and operating fictitious bank accounts in your name or accessing your bank accounts. The sort of documents offenders steal are credit cards, driver's licences, utility bills, bank and credit card statements, and any other documents containing personal information.
How it happens
Identity theft can happen in many ways. It can range from someone using your credit illegally, to having your entire identity assumed by another person and business conducted in your name without your consent. Important personal information can be accessed by a determined thief, despite your best efforts.
- your wallet or purse is stolen with all your identifying cards
- your home is burgled and personal documents stolen
- important documents, such as bank statements, credit cards, utility bills and taxation return, are stolen from your letterbox
- mail is diverted to another address without your knowledge
- recycle rubbish bins are searched
- your personal computer may have been compromised with malicious software or hackers/criminals may compromise the computers of businesses that hold your personal information
- credit card details may be captured by hidden devices during an ATM or EFTPOS transaction (ATM credit card skimming) or your PIN may be seen by someone in the queue (shoulder surfing)
- credit cards may be skimmed at retail outlets or restaurants
How to protect yourself
Personal information is shared almost everyday as you pay bills, log on to a computer, or engage with any number of transactions with other people and organisations. You can take an active role in reducing the risk of your identity being used without your knowledge. First, you need to recognise where you might be vulnerable and then make changes to avoid becoming a victim of identity theft.
- aim to provide a minimum amount of information about yourself
- destroy identifying information when you are throwing out personal papers - including 'pre-approved credit card applications'
- conduct regular checks/reconciliations of your billing and account records (credit card, cheque and mortgage accounts)
- limit the amount of credit you have in your 'everyday' accounts
- obtain a copy of your credit rating report regularly
- place passwords on all your important accounts
- memorise passwords and avoid using obvious passwords
- secure your personal information at home
- collect new credit cards in person from the bank
- secure your mail with a lockable letterbox and only post mail at official post boxes
- remove your name from mailing lists if you receive unsolicited mail
- write cheques and fill out forms carefully so that they cannot be altered easily
- keep a list of all your accounts and credit cards in a secure place
- leave anything in your car glove box that could identify you
- provide personal information over the phone or by email to people you do not know or trust
- let your credit card out of your sight when paying a bill
- lend your personal documents to others
- carry extra personal information unless you have to
- leave your wallet/purse unattended at the gym, parties, in shopping trolleys, etc
- send original proof of identity documents in the mail
How to report identity theft
It is important to act quickly if your personal information is compromised. Identity theft can be reported to your local police station. Collect and keep any documentation that will help police in investigating the crime. Police may need to take your photograph or fingerprints to establish that your identity is different from that of the person who may be charged with the identity theft.
The following steps may also be necessary.
- contact your bank or credit provider immediately and cancel all cards
- freeze or close all accounts to which the thief may have gained access
- open new accounts with new PINs and passwords
- contact the Credit Reporting Agency (Veda Advantage) and ask that an alert be placed on your file
- check your credit file carefully for unauthorised transactions or changes
- keep all documentary evidence of fraud.
Reviewed 07 July 2021