IDCARE Impersonation scam

Have you received a cold call or email recently from IDCARE asking you to participate in a “sting”?

There are No-Caller ID and overseas telephone numbers at present calling community members impersonating IDCARE. The caller claims to be from IDCARE (sometimes referring themselves as “Ashton”) stating that IDCARE is a not-for-profit charity working with Government.

The ”Sting”

The scammers claims that the person receiving the call or email has been “hacked” and they can assist in catching the hacker.

The “Deception”

Aside from impersonating our Charity, the scammer then requests remote access of the recipient’s computer, phone or tablet using remote access software like AnyDesk and TeamViewer. They show the victim apparent “hacking” activity, such as via “Event Viewer” or “Tree” via a “Windows key + R” command. This gives the appearance of activity on a screen, but in fact is just a basic view of your device’s activity.

The scammer then claims they will transfer money into your online banking account, whereupon you are then asked to transfer the money to a bitcoin wallet the victim is asked to set up. Except there has been no transfer of money in most cases and the scammer has actually hidden the fact that they have just stolen the money from the victim.

Before the victim transfers money, the scammer asks them to either show or send them a copy of a driver licence or passport. They also coach them to set up a cryptocurrency account via a cryptocurrency exchange (such as Coinspot).

The Treatment

IDCARE will never cold call someone or send an unsolicited text or email and ask you to provide remote access, provide a copy of your driver licence or establish a cryptocurrency account. We will never ask you to participate in a “sting” or work with IDCARE to catch criminals on behalf of law enforcement.

If you have experienced this scam, here is what we would recommend you do:

  1. Notify your financial institution(s) without delay;
  2. Change your email password using another device and logging on to webmail;
  3. Wherever possible set up multi-factor authentication for your online accounts (using a separate device);
  4. Have your device looked at by an IT professional to remove any persistent remote access software, scan for malware, and ensure your online accounts are secured and free from any rules or changes to recovery methods (such as recovery phone numbers);
  5. Reflect on what personal and credential information you may have in your emails about yourself or others;
  6. Engage IDCARE via our Get Help web request. You will have a specific Client Reference number generated, upon which our Case Managers can confirm with you on contact.

Join the global list of organisations making a real difference in people’s lives by supporting our service.

SBS Bank
HSBC
ANZ
Department of home affairs
Queensland Government
Curtin University
Suncorp
Powercor Australia
ING
Regional Australia Bank
SA Power Networks
Culture Amp
AMP
Mercy Health
Queensland Country Bank
Sportsbet
NGM Group
City of Goldcoast
ConnectID
TPG
Western Sydney University
BOQ
Department of Premiere and Cabinet off of Digital Government
ABC
Coles
REA Group
Equip Super
Return to Work SA
Urban Utilities
BUMA
Transurban
Westpac
Internal Affairs
Allianz
Commonwealth Bank
Bupa
Services Australia
Qantas
NAB
Australia Post
Victoria State Government
NBN
NDIS
BNZ
Kiwi Bank
Tasmanian Government
Telstra
Coastline
Woolworths Group
Beyond Bank
Origin
UTS
Makesure
Australian Super
Australia Post
Urban Utilities
Vocus
Brisbane City Council

Copyright © 2025, IDCARE. All Rights Reserved.

ABN 84 164 038 966