Check for tricks before you click

Scams are deliberately designed to deceive you. Scammers are becoming increasingly sophisticated, taking advantage of new technology, products, services, and current events to create convincing stories to trick and prompt you into giving away your money or sharing personal information.

Scams succeed because they look like the real thing and catch you off guard when you’re not expecting it. As they become more difficult to spot, we need to better coordinate efforts to stop them.


PAUSE: If you have any suspicions, refrain from further engagement with the caller or sender. Hang up on the phone, do not reply to texts or emails, and avoid clicking on any unexpected links or downloading attachments.

VERIFY: Check the legitimacy of the caller or sender through secure channels such as official websites or direct contact. Do not use the contact details provided in the message sent to you.

You can report a scam to Gateway Bank or on the ACCC Scamwatch website.

Take proactive actions to prevent scams

Keep your details up to date

Maintaining accurate and current details not only helps in preventing fraud but also ensures we can promptly contact you in case of suspicious activity on your account. It’s also important to update your Visa Debit card PIN regularly to keep your bank passcodes secure.

Monitor your bank accounts

Regularly check your credit card and bank accounts through your banking app or internet banking to quickly detect any unauthorised charges. The earlier you detect fraudulent activity, the easier it is to resolve the issue with your bank and mitigate the risk of significant financial loss.

Keep your mobile devices and computers secure

Protect your WiFi network with a strong password and avoid using public WiFi or a public computer for online banking. You should only ever connect to a WiFi network you trust. Install and maintain up-to-date antivirus software and firewalls on your computers and mobile devices to prevent malware and hacking attempts. Also, regularly update your operating system and applications to ensure you have the latest security patches.

Choose secure passwords and use Multi-Factor Authentication

Create secure passwords that include random combinations of uppercase and lowercase letters, numbers, and symbols. Avoid using easily accessible information as part of your password and refrain from using the same password across multiple accounts. Never reveal your passwords to anyone. Enhance security further by enabling Multi-Factor Authentication (MFA), which adds an extra layer of protection through additional verification steps, such as an SMS code that’s sent to your mobile device.

Keep your personal details private and secure

Place a lock on your mailbox, and before discarding personal documents and financial statements, shred them to prevent unauthorised access. Safeguard passwords and PINs by using a secure method like a password manager. Be very careful about how much personal information you share on social media, as scammers can exploit your details and pictures to create fake identities or target you with personalised tactics.

Stay alert when shopping online

Stay safe when shopping online by using only trusted websites and services as websites appearing genuine at first glance could be a scam. Exercise caution with virtual currencies, as they lack the same protections as other payment methods, which means you can’t get your money back once you send it. Learn more about online shopping scams on the ACCC's Scamwatch website.

Are you scam smart?

Australia is experiencing a significant increase in sophisticated scams and fraud that can affect individuals of all backgrounds, ages, and income levels. Take the time to learn how to identify scams and stay informed about current scam trends to better protect yourself.


Signs an email might be a scam

Phishing scams:

Phishing is a fraudulent attempt to obtain personal information, such as passwords or credit card details, through electronic communications like email, texts, direct messages, or social media. Scammers often deceive you into thinking they are from trusted organisations such as the police, government, banks and well-known businesses. They make it sound urgent to get you to act quickly. Scammers can also copy or mask the email address of an organisation or business to make the scam email look more real. Always be wary of unexpected links, even if it appears to come from a legitimate source. Hover over links to verify their destination URL for authenticity. On smartphones, press and hold links to inspect them. Be vigilant in checking these URLs, as they are often created to resemble legitimate addresses.

Social engineering attacks:

Cyber criminals employ social engineering to manipulate people into revealing sensitive information they wouldn’t normally share. These types of attack don’t rely on technical means such as exploiting software vulnerabilities or stealing a password, but instead exploits human psychology and emotions like fear, curiosity, and trust. The attacker may already have some details about you, such as your name or address, making the scam more real.


To learn more about social engineering attacks, read the full article.

Spoofing & Caller ID manipulation:

Scammers use technology to mask their phone numbers, making them appear as legitimate or known entities on the caller or sender ID. This tactic aims to gain your trust and increase the likelihood of the call or text message being answered. Always be cautious of unsolicited calls or text messages, even if the caller or sender ID suggests a reputable company or source. If you feel suspicious and cannot verify the caller or sender’s identity, either hang up immediately or delete the text message. When in doubt, contact the company directly using a verified number or email address you've found yourself from their official website.


Learn in 1 minute about spoofing & caller ID manipulation.


Good to know! 

You can still receive scam calls even if you have a private number or are on the Do Not Call register.

Remote access scams:

Scammers may call and alert you to an issue with your computer or account and request remote access to your computer to fix it. Notably, there’s been a growing trend in attempts to access mobile devices such as tablets and smartphones, not limited to computers. While the scammer may initially sound professional and knowledgeable, they may be overly persistent and even show abusive behaviours when you refuse to follow through. If you receive an unexpected call, text or email requesting remote access, never agree and hang up or delete immediately, even if the caller mentions a well-known company.

Baiting attacks:

Attackers may offer non-existent goods to tempt you, such as gift cards, free software downloads, huge discounts, fake job listings, or lottery scams. The aim is to lure you into “taking the bait” and providing the requested information or access to your device. They will put pressure on you to act quickly so you don't miss out. If something seems too good to be true, it usually is. It’s crucial that you verify the identity of the person or organisation making the offer before taking any action.


Impersonation scams:

In impersonation scams, scammers adopt the identity of someone else, often trusted family members or friends, with the aim to deceive and manipulate you. They can make text messages appear in the same conversation thread as genuine messages. These tactics rely on establishing a façade of credibility and trust to exploit you for financial gain or to obtain sensitive information. Be suspicious of anyone asking you for personal information or requesting that you pay in unusual or specific ways.


Example of an impersonation scam

Is that really from Gateway?

If uncertain, cease all contacts immediately and report the incident to Gateway using the verified numbers on our website.


Remember, we’ll never request you to…

  • Reveal your online banking details
  • Share your card CVC and PIN over the phone, email or text
  • Transfer funds over the phone, email or text
  • Send a link to log into Online Banking – always access Online Banking by our official website

What to do if you have been scammed

If you've lost money to a scam or given out your personal details to a scammer, please contact Gateway on 1300 302 474 between 8am and 6pm AEST / AEDT, Monday to Friday, or report the scam on the form provided to the right.

You can seek help from IDCARE on 1800 595 160 or visit the IDCARE website. IDCARE is Australia and New Zealand's national identity and cyber support service. They can help you make a plan (for free) to limit the damage and support you through the process.

Alternatively, visit Scamwatch's 'Where to get help' page which outlines the steps you should take if you have fallen victim to a scam:

  • Contact people you know that may be affected
  • Contact your financial institution
  • Watch out for follow up scams
  • Report to the police online
  • Report scams to Facebook services
  • Change your online passwords
  • Contact your local consumer protection agency
  • Contact a counselling or support service


Report a Scam


If scammers have succeeded in taking your money, they will try to get more money from you. If you've lost money to a scam, be on the lookout for scammers offering to help you get your money back. This is another kind of follow-up scam.