Phishing Scams in Australia
Australians face high volumes of phishing attacks impersonating myGov, the ATO, major banks, and Australia Post, with SMS and email phishing among the most reported scam types to Scamwatch.
Part of: Phishing
Last reviewed: 1 June 2026
Phishing in Australia has a distinctly local flavour: attackers impersonate the most trusted domestic institutions — the Australian Tax Office (ATO), myGov, Australia Post, and the 'Big Four' banks — to give their lures maximum credibility. The convergence of tax season, benefit payments, and parcel delivery into a single national digital identity platform (myGov) gives phishers a consistently exploitable framework throughout the year.
Australia's high smartphone penetration and digital banking adoption mean that SMS-based phishing (smishing) is particularly effective, with Scamwatch consistently recording it among the highest-volume fraud contact methods.
How this scam works on Australia
ATO phishing peaks around tax lodgement season (July–October), sending SMS and email messages claiming the recipient owes a tax debt payable immediately or is entitled to a refund that requires bank detail confirmation on a spoofed myGov-style page.
Australia Post phishing runs year-round, mimicking official Australia Post tracking SMS messages with a link claiming a redelivery fee is needed. The linked page captures card details for a nominal sum.
Bank phishing — particularly targeting CommBank, NAB, ANZ, and Westpac customers — involves SMS chain attacks where the fake message appears in the same thread as legitimate bank messages due to SMS sender ID spoofing.
Common red flags
- ATO SMS claiming you owe a tax debt and must pay immediately via a link
- myGov email saying your account has been locked and requires immediate verification
- Australia Post SMS with a redelivery fee link that was not expected
- Bank SMS that appears in a legitimate message thread but asks you to verify account details via a link
- Any message creating urgency around government payments or tax refunds
How to protect yourself
- Access myGov and the ATO only by typing the URLs directly into your browser — never via links
- The ATO does not send SMS messages with links — treat all such messages as phishing
- Enable multi-factor authentication on your myGov account
- Report phishing to Scamwatch at scamwatch.gov.au and to the ACSC at cyber.gov.au
- Forward phishing SMS messages to 7226 (SCAM) for network-level blocking
How to report it
- Report to Scamwatch at scamwatch.gov.au
- Report to the Australian Cyber Security Centre at cyber.gov.au/report
- Contact your bank immediately if card details or banking credentials were entered
Frequently asked questions
How do I tell a real myGov or ATO message from a fake one?
The ATO and myGov will never ask you to click a link to 'confirm' a refund or pay a debt via gift cards, wire transfer, or crypto, and they generally direct you to log in directly through the official myGov or ato.gov.au site rather than a link in a text or email. Check the sender's actual email address or phone number for inconsistencies rather than trusting the display name. If in doubt, log in directly through your browser instead of clicking any link.
Where do I report phishing scams in Australia?
Report phishing and scam attempts to Scamwatch, run by the ACCC, and forward suspicious texts to 7726 to help carriers block similar messages. If money was lost, also report it to your bank immediately and to the Australian Cyber Security Centre via ReportCyber. Reporting helps authorities track and disrupt campaigns even if it doesn't guarantee recovery of lost funds.
What should I do if I clicked a fake Australia Post link and entered my details?
Contact your bank immediately if you entered any card or banking details, since they can flag or freeze the card. Change passwords on any accounts where you reused that information, and enable two-factor authentication where available. Report the incident to Scamwatch and, if a payment was involved, to your bank's fraud team as soon as possible.
Does the ATO ever contact Australians by SMS?
The ATO does send some SMS messages but never includes links asking you to verify details or pay a debt via SMS. Always log into your myGov account directly to check any tax matter. If you receive a suspicious ATO SMS, report it to the ATO's fraud tip-off line.