SMS scams, also known as text message or smishing scams, often appear to be legitimate. The may even show up in the same message stream as the real organisation as scammers can 'spoof' phone numbers. Banks, parcel deliveries, telcos or internet providers, government agencies, online retailers, streaming services, or gas and electricity providers are some of the favourite organisations that scammers impersonate in SMS scams. Their goal is to get you to click on a link and/or call a number in order to do any or all of the following:
It is always safest to assume that an SMS is a scam, and contact the legitimate organisation by phone, through their app, or in person. If the organisation asks you to login to your account, don’t use the link provided in the message. Instead, open the app you have already downloaded or type in the web address that you know is correct for that organisation.
SMS scams are becoming increasingly sophisticated, with many using the exact wording that the real organisation uses in their text messages. You can no longer rely on spotting a fake SMS through spelling errors, grammar mistakes, or because they come from different phone numbers than usual.
I didn’t click on the link, but I replied with a text message or called the number. What can someone do with the personal information I have provided?
Information such as name, address, and email address are credentials that alone would be considered low risk of direct financial fraud, however they will invite more phishing communication if obtained by a scammer. In most cases what is of real value to identity thieves is your credit or other payment card details, account username and password, and multi-factor authentication (MFA)codes. Identity thieves also target government issued credential information, such as driver licences, passports, myGov or RealMe login details, tax information, or Medicare card details.
What about my debit or credit card details?
If you have provided your debit or credit card details, contact your financial institution/s straight away to let them know that your personal details have been compromised and request additional security be placed on your accounts.
I clicked the link but I didn’t fill in any details
In some cases, clicking on the link has become enough for malware to be installed on some devices.
Run your antivirus software on the affected device, and then disconnect your phone from the internet.
If you feel confident, you can try the following. Otherwise, ask your local IT service provider for help.
I clicked the link and filled in the details
What else can I do to increase my phone’s security?
Go through all applications on the device to detect any unknown programs. Remove them immediately.
What might the scammer do next?
You can expect that scammers will make future attempts to communicate via a variety of channels, such as via phone, email or SMS, if your contact details were provided. With just a small amount of personal information, a scammer can easily convince people they are representing Government agencies or other businesses. Never feel compelled to respond to unsolicited communications. Do your research and make contact using communication channels you have discovered.
My email account is receiving a lot of spam now
Some people affected by these types of scams have received emails indicating that they have been signed up to online marketing, such as from dating sites and movie sites. If you do receive an email suggesting this, it is best not to click 'Unsubscribe' and rather block the sender. You may choose to do your own research and contact the relevant company directly to request removal from their marketing communications.
*Please note: This information is generalised to support individuals in most situations. However, depending upon your experience, capabilities and the device(s) you use, seeking professional support may be advisable. IDCARE's recommended steps for an individual concerned about their identification is based upon the information provided by you. A generic template is not able to appropriately address every individual’s situation and some events may require additional steps.
**If at any time during the scam you were asked to provide your driver licence, Medicare card, passport, tax file number, IRD number, banking or other online account details, or to give remote access to your device, contact IDCARE by submitting a Get Help Form or call 1800 595 160 (Aus) or 0800 121 068 (NZ).
Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:
IDCARE as a registered charity does not ask individuals to donate or pay for our front line services. We are not a charity that can receive tax deductible donations.
We rely on organisations that care enough about you to care about us to keep our charitable service going. Proudly these organisations are displayed above and on our Subscriber Organisations page.
If you are asked for payment from someone claiming to be from IDCARE, please report this to us using our Report Phishing email.
IDCARE has access to the Department of Home Affairs Free Interpreting Service, delivered by the Translating and Interpreting Service (TIS National). Access to the Free Interpreting Service is provided to assist you to communicate with non-English speaking people who hold a Medicare card. Please note that the service does not extend to New Zealand citizens or residents who do not hold an Australian Medicare card, or to tourists, overseas students or people on temporary work visas.
New Zealand Relay provides services to help Deaf, hearing impaired, speech impaired, Deafblind and standard phone users communicate with their peers.
A TTY user connects to New Zealand Relay via a toll-free number and types their conversation to a Relay Assistant (RA) who then reads out the typed message to a standard phone user (hearing person).
The RA relays the hearing person's spoken words by typing them back to the Textphone (TTY) User.
The National Relay Service (NRS) is an Australian government initiative that allows people who are deaf, hard of hearing and/or have a speech impairment to make and receive phone calls.
The NRS is available 24 hours a day, every day and relays more than a million calls each year throughout Australia.
ABN 84 164 038 966
IDCARE acknowledges and Respects the traditional custodians of the land on which we operate across Australia and New Zealand.
This website may contain names, images and voices of deceased Aboriginal, Torres Strait Islander and Māori peoples.