Think you can spot a scam? Follow our cybersecurity tips to protect yourself these holidays
As the festive season approaches, the rush to bag some great deals and gifts online begins.
Unfortunately, it’s also prime time for cyber criminals to take advantage of unsuspecting shoppers, from selling fake products to sharing malicious links.
Besides losing an eye-watering amount of money, your personal information could be stolen and used to access your finances, including your super account.
Here are the most common scams and how you can protect yourself when shopping online.
Common scams to look out for
Fake websites and links
In just the first half of 2025, over 108,000 scams and losses of almost $174 million were recorded by the National Anti-Scam Centre (NASC), which is a 26% increase compared to the same period in 2024.
The most common ways in which Australians were scammed were through fake websites, social media and online ads.
These can include ads for ‘flash sales’ and deals that sound too good to be true.
Some may take you to an online store where you pay for products that you never receive.
Others may get you to download malicious software that allows cyber criminals to remotely access your phone or computer. They’ll then try to get into your personal accounts and steal your money.
How to spot this scam
- Check for spelling errors and unusual URLs. Scam sites often mimic popular brands but contain subtle mistakes
- Check the website and social media history. Recently created pages or lots of 5‑star reviews can indicate fraud
- Run a reverse image search. Stolen or stock photos, reused across unrelated sites, can be a red flag
- Verify contact details. A missing physical address or customer support information can suggest that it’s a scam
- Search the brand name with ‘scam’ or ‘reviews’. Reports of fraud often surface quickly online
Fake package deliveries
You might get a text or email saying that a package couldn’t be delivered due to an incorrect address or unpaid fee.
These messages will ask you to visit a link or QR code, which sends you to a fake website to fill out your personal or financial details.
In reality, it’s a phishing scam designed to steal your money and information.
How to spot this scam
- Poor spelling and generic greetings (e.g., “Dear customer”)
- Suspicious or unusual links
- Australia Post will never request personal or financial details via SMS, email, or phone
- When in doubt, visit the official Australia Post website or your service provider’s site directly
Impersonation scams
A scammer may pretend to represent organisations such as Australia Post, your bank, the Australian Taxation Office (ATO) or a charity.
They may call, text or send an email to get you to share personal information, make a payment or donation.
They could also try to impersonate someone you know, like a family member, friend or colleague pretending to have an emergency and urgently needing money.
An increasingly common scare tactic used by these scammers is to claim that your bank account or cryptocurrency wallet has been compromised.
They’ll send messages warning you about ‘unauthorised transactions’ or ‘suspicious account activity’, and urge you to click a link or log in.
According to the National Anti-Scam Centre, these scams work by creating a sense of urgency and fear, given many people are already on high alert that they have been caught up in a data breach or cyber attack.
How to spot this scam
The most obvious red flag that it’s a scam is if you’ve been contacted unexpectedly and are being pressured to take action or provide information.
You should check the phone number or email address used, to see if it matches the official contact details of the organisation they claim to represent.
If you’re not sure, hang up or delete the message and contact the person or organisation directly (for example, go to your bank’s official website and call the number listed there).
How can I protect myself online and keep my information secure?
Stop
Don’t open or download any attachments or click on any links from unsolicited text messages or emails, even if they claim there is suspicious activity on your account.
Check
If you think an organisation is legitimately trying to contact you, check by going to their official website or contacting them directly. Always verify the sender or caller before you send any money or provide any personal details.
If you do click on a link within an email or text message, check that the URL of the website you’re visiting starts with ‘https://’ and has a secure connection, to ensure any personal details you enter are kept private. You can check this by clicking the icon next to the URL.
Protect
Set strong passwords for your personal accounts and update them regularly. For an extra layer of security, set up multi-factor authentication (MFA) so you receive a notification every time someone tries to access your account.
Learn more about how to keep your personal data and super funds secure.
What should I do if I’ve been scammed?
- If you’ve made a payment or given away your bank or credit card details, contact your bank immediately
- Always set up multi-factor authentication (MFA) for your online accounts to add a second identity-check step when logging in
- If your email address or other online accounts have been compromised, update your passwords as soon as possible
- Report the scam to Scamwatch and the police
- If you notice any suspicious activity related to your Member Online account, report it to us on 13 43 72
Remember: anyone can be scammed, which is why it’s important to stay alert and take proactive measures to secure your personal information.
Super news
Stay up to date with changes affecting your super and the wider industry, including the latest investment, government and company news.
Thank you for printing this page. Remember to come back to gesb.wa.gov.au for the latest information as our content is updated regularly. This information is correct as at 23 June 2026.