!
Right Now
What to do in the next 60 seconds
Never say or confirm — ever — during an unsolicited call
Your full name, date of birth, or address — even to "verify your identity"
Bank account numbers, card numbers, PINs, or passwords
Tax file number, Medicare number, passport number, or any government ID
"Yes" — scammers record calls and "yes" can be spliced into fake authorisations
One-time passcodes or verification codes sent to your phone
Remote access to your computer — any caller requesting this is a scammer
- 1Stop talking immediatelyYou do not need to be polite. You do not need to explain yourself. Simply stop engaging with the conversation.
- 2Say this one sentence — then hang up"I'm going to hang up and call [the organisation] directly on their official number." Then hang up. Do not wait for their response.
- 3Do not call back the number that called youScammers use number spoofing — the number displayed may look exactly like your bank, the ATO, Medicare, or a government agency. It is not. Look up the real number independently.
- 4Find the real number yourselfSearch the organisation's official website, your physical bank card, or a bill you have received. Do not use a number provided by the caller. Do not search just the phone number — search the organisation name.
- 5Call the real number and verifyAsk whether there is a genuine alert or issue on your account. In most legitimate cases, there isn't — you've just confirmed the original call was a scam.
V
Verify
Is the call genuine? — the tests that work
Legitimate organisations have specific things they will and won't do on an unsolicited call. If any of the following occur, the call is almost certainly a scam — regardless of how convincing the caller sounds or what information they already have about you.
| Scam signal | Why it's a scam tell |
|---|---|
| They ask you to confirm your identity with personal details | They called you — they should already know who you are. Legitimate organisations don't ask you to prove your identity to them on an unsolicited call. |
| They say your account has been compromised and you need to act now | Manufactured urgency is the core mechanism of financial scams. Real banks put holds on accounts — they don't call asking you to transfer funds to a "safe account". |
| They send a one-time code and ask you to read it back | That code authenticates an action on your account — usually a transfer or login. Reading it back gives them access. Never read OTP codes to anyone. |
| They ask for remote computer access | No legitimate bank, government agency, or tech company asks for remote access via an unsolicited call. This is always a scam. |
| They know some of your details (last 4 digits, address) | Data breaches mean personal details are widely available. Partial information does not validate a caller. Scammers use it to build false trust. |
| They tell you not to tell your bank or family about the call | Any caller who instructs secrecy is a scammer. Full stop. |
The "safe account" scam — the most common high-loss variant: A caller claims your bank account has been compromised and instructs you to transfer funds to a "safe account" they control. Your real bank will never ask you to do this. If you receive this instruction, hang up and call your bank's official fraud line immediately.
A
After
If you gave information or transferred money
Act within the hour. The faster you act after a scam, the greater the chance of stopping or recovering a transfer. Do not wait until tomorrow. Call your bank now.
- 1Call your bank's fraud line immediatelyUse the number on the back of your card or on the bank's official website. Tell them you believe you've been scammed and ask them to freeze any transfers and review recent account activity.
- 2Change passwords — starting with email and bankingIf you gave a password or if the caller had remote computer access, change all passwords immediately. Start with email — it is the master key to all other accounts.
- 3Enable two-factor authentication on all key accountsBanking, email, superannuation (AU), government services (myGov AU, HMRC UK, IRS US). This prevents scammers using any credentials they have obtained.
- 4If government ID was given — contact the issuing agencyAU: contact Services Australia if Medicare or Centrelink details were given. Contact the ATO if your TFN was given. UK: contact HMRC. Alert your state's driver licence authority if your licence number was given.
- 5Document everythingWrite down the time, the number that called, what was said, and what you gave. This is your record for the bank dispute and the fraud report.
R
Report
Where to report — by country
| Country | Authority | Contact |
|---|---|---|
| Australia | ScamWatch (ACCC) | scamwatch.gov.au · 1300 795 995 |
| Australia | ReportCyber (AFP) — if financial loss or ID theft | cyber.gov.au/report |
| Australia | IDCARE — identity theft support | idcare.org · 1800 595 160 |
| UK | Action Fraud | actionfraud.police.uk · 0300 123 2040 |
| UK | Financial Conduct Authority (FCA) | fca.org.uk/consumers/report-scam |
| USA | FTC (Federal Trade Commission) | reportfraud.ftc.gov |
| USA | IC3 (FBI Internet Crime Complaint Centre) | ic3.gov |
| NZ | NetSafe | netsafe.org.nz · 0508 638 723 |
Reports matter beyond your own case. Fraud reporting agencies use individual reports to identify patterns, trace operations, and issue public warnings. A report you make today may prevent the same scam reaching someone more vulnerable next week.