Phishing Scams in Australia
Australians face high volumes of phishing attacks impersonating myGov, the ATO, major banks, and Australia Post, with SMS and email phishing among the most reported scam types to Scamwatch.
Part of: Phishing
Last reviewed: 1 June 2026
Phishing in Australia has a distinctly local flavour: attackers impersonate the most trusted domestic institutions — the Australian Tax Office (ATO), myGov, Australia Post, and the 'Big Four' banks — to give their lures maximum credibility. The convergence of tax season, benefit payments, and parcel delivery into a single national digital identity platform (myGov) gives phishers a consistently exploitable framework throughout the year.
Australia's high smartphone penetration and digital banking adoption mean that SMS-based phishing (smishing) is particularly effective, with Scamwatch consistently recording it among the highest-volume fraud contact methods.
How this scam works on Australia
ATO phishing peaks around tax lodgement season (July–October), sending SMS and email messages claiming the recipient owes a tax debt payable immediately or is entitled to a refund that requires bank detail confirmation on a spoofed myGov-style page.
Australia Post phishing runs year-round, mimicking official Australia Post tracking SMS messages with a link claiming a redelivery fee is needed. The linked page captures card details for a nominal sum.
Bank phishing — particularly targeting CommBank, NAB, ANZ, and Westpac customers — involves SMS chain attacks where the fake message appears in the same thread as legitimate bank messages due to SMS sender ID spoofing.
Common red flags
- ATO SMS claiming you owe a tax debt and must pay immediately via a link
- myGov email saying your account has been locked and requires immediate verification
- Australia Post SMS with a redelivery fee link that was not expected
- Bank SMS that appears in a legitimate message thread but asks you to verify account details via a link
- Any message creating urgency around government payments or tax refunds
How to protect yourself
- Access myGov and the ATO only by typing the URLs directly into your browser — never via links
- The ATO does not send SMS messages with links — treat all such messages as phishing
- Enable multi-factor authentication on your myGov account
- Report phishing to Scamwatch at scamwatch.gov.au and to the ACSC at cyber.gov.au
- Forward phishing SMS messages to 7226 (SCAM) for network-level blocking
How to report it
- Report to Scamwatch at scamwatch.gov.au
- Report to the Australian Cyber Security Centre at cyber.gov.au/report
- Contact your bank immediately if card details or banking credentials were entered
Frequently asked questions
Does the ATO ever contact Australians by SMS?
The ATO does send some SMS messages but never includes links asking you to verify details or pay a debt via SMS. Always log into your myGov account directly to check any tax matter. If you receive a suspicious ATO SMS, report it to the ATO's fraud tip-off line.