Warning & Response Advice: Smishing (SMS-TEXT) Fraud Event

Warning & Response Advice: Smishing (SMS-TEXT) Fraud Event

<  Back to News and Media

Published on:

November 6, 2019

IDCARE is currently assisting members of the community that are experiencing one of eight types of fraudulent SMS text messages (known as Smishing). Australia experienced a similar wave of activities in October and November 2018. These messages enter the legitimate historical text message stream people have received from the organisation that is being impersonated. This adds to the feeling of legitimacy the fraudulent text message has. Content of these text messages require recipients to perform an action, either to open a link or call a number. Links can also contain what looks to be similar website particulars of the brand impersonated – another legitimising strategy of the scammers. It's likely to present as either a threat to financial security or something enticing like winning a prize.

When links are followed it is common that recipients are asked to complete their personal particulars, including:

  • Full name
  • Address
  • Date of Birth
  • Email Address
  • Debit / Credit Card Details
  • Bank Account Details
  • Tax File Number
  • Photo of Driver Licence
  • Photo of Passport
  • Medicare and/or Centrelink Reference Numbers
  • Account Passwords (such as telecommunications carrier customer account)

Around one in five clients that reported to IDCARE said that they completed the details and experienced further crimes. The most common misuse risks relating to the provision of this information captured by these clients involved:

  • Unauthorised transactions on debit / credit cards
  • Establishment of new transaction account
  • Unauthorised Individual Tax Return submission
  • Establishment of new email account
  • Unauthorised Mobile Phone Porting/SIM Swap
  • Unauthorised Access of Email Account
  • Mobile Number Spoofed
  • New Credit Card Application
  • New Personal Loan Application
  • Welfare Claim
  • Mail Redirection
  • Fraudulent Access of Superannuation Account

IDCARE advises that if you have not opened the link or followed any other instructions received on the SMS text message then the risks in relation to identity theft and misuse are very low. If you are using an Android device it is recommended that you install anti-virus. Apple products rely upon operating system updates to maintain their security.

If you have clicked a link and completed the required fields we recommend you take the following immediate actions (where appropriate to your situation):

  1. Contact your financial institution immediately and explore what additional controls you can place on your accounts and cards;
  2. If licence or passport information was sent, request credit bans from each of Australia’s three credit reporting bureaus and apply for copies of your credit reports (see IDCARE’s Learning Centre, Credit Ban Fact Sheet & Credit Report Fact Sheet). For passports you may wish to explore cancelling the passport and having a new one re-issued with a different number – note there will be fees for this;
  3. If a Tax File Number was provided, contact the ATO and ask for additional security measures to be placed on your account (call 1800 467 033 M-F 8am to 6pm AEDT);
  4. Update your passwords to your online accounts that has used the same email address (if provided) as their username;
  5. Contact the Department of Human Services if you believe your Medicare or Centrelink Reference Number has been exposed (call 1800 941 126 M-F 8am-5pm AEST);
  6. Contact your Superannuation Fund and explore what additional controls they can put in place, such as updating passwords, implementing second-factor authentication, or implementing additional “account change” authorisation procedures (such as confirming using alternate communication channels that requests to roll-over or access funds are legitimate);
  7. Contact your telecommunications and email provider about implementing second-factor authentication on your accounts or other security setting upgrades.

Brands impacted include major financial institutions,Commonwealth government agencies, social media, large retailers and telecommunication carriers.

If you require further assistance or have had other identity or account information compromised please complete an IDCARE Get Help Form. We will endeavour to respond to your requirements within two-business days but this will be influenced by demand. Note that we are a charity and not all organisations who refer their customers to IDCARE to address their needs support our charity financially. We appreciate your patience.


Other News

IDCARE is always active in the media from radio to TV, social media and news articles. Keep up to date with what's happening at IDCARE and in the media.
Medicare Rebate Scam

IDCARE has been inundated with calls from people who have received a text message scam referring to a $200 Medicare rebate.

What we know about REvil, that bad-ass ransomware group

And take a look at what happens when we put FaceApp through the hAPPy Score

Yip, Even Savvy 25-Year-Olds Can Lose $150,000 To Scammers

Discover IDCARE's free service to check if your device is safe.



IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   

Get help

Submit a web request

Call Centre Icon


1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440