Banks Targeted in Tax Time Phishing Scams

Banks targeted in tax time phishing scams

  • Big banks are increasingly targeted by scammers at tax time.
  • Know how to protect yourself from fraud.
  • Find out how a credit card can actually protect your money.

Recently, Australian financial institutions have been the target of increased phishing emails and scams. Fraudsters are aiming to take advantage of at-risk Aussies leading up to tax time on June 30.

What is a phishing scam?

In the last two weeks, four different phishing email campaigns have been reported, impersonating ANZ, BankWest, NAB, and Westpac.

Customers received emails with messages from scammers pretending to be from these banks. Scammers have been referring to some sort of “unusual activity” on accounts, asking customers to follow links to a login page to fix the issue. Don’t fall for it. 

Time-poor recipients of the email are encouraged to click the dodgy links, leading them to what would appear to be a well-designed copy of the bank’s login page. 

Users are then asked to enter their login details, date of birth, drivers licence details, or answer security questions. After entering their details, it is common for a notice of failed login to appear, followed by a redirection to the bank’s actual login page.

These scams exist for cybercriminals to gain access to enough of your personal details to get into the accounts of unsuspecting victims via extra authorisation methods, or to steal the identity of the victim. 

In May - June 2018 there was a spike of pre-tax scams – 4,335 phishing scams reported in total - resulting in nearly $120,000 of losses.

What can you do?

You need to protect yourself from these sophisticated scams.

The most important thing is to never click on the links in emails from banks or even the ATO if you suspect it’s dodgy.

Things to look out for:

  • The address of the sender of the email.

  • The content of the email - scam emails usually only include plain text and a link, with text often being written in poor or broken English.

  • If the email sounds as though it is trying to scare or intimidate you, it is probably a scam. Banks will never threaten action in this way. 

  • The URL of the web page the link directs to. If it doesn't match the bank's official website, don't click it!

If you still can’t decide or want to make sure you aren’t being scammed, check with your bank (either by calling or logging in through a phone app or trusted link). They will be able to confirm if they have sent any correspondence.

If you do come across any scams, be sure to report them. Most banks will have hotlines specifically designed for reporting scams. Alternatively, you can report to the Government via their scam watch website.


Most importantly, be aware! Phishing scams prey on users as they present as an easier target than hacking company websites directly. If you stay informed and exercise caution online you will significantly decrease your chances of being affected by these scams.

Learn a few lessons from an (ex) master of scams, Frank Abagnale, who is adamant in only using credit cards to make purchases for many reasons.

One of those reasons is that if Frank is ever the victim of fraud himself (karma, Frank?) the money taken will technically be the bank's money (your credit limit) and not his own money. So banks will naturally work much harder to recuperate the losses.

With a credit card, you are not on the hook for unauthorised spending, provided that you use reasonable care in protecting your card from loss or theft; and you promptly report loss or theft to your bank or credit card issuer.  

Mastercard, Visa and American Express all have fraud liability policies:

Review your transaction on your trusted banking apps, Internet Banking portal, or paper statements for any unusual charges.

Another telltale sign that something might be going wrong is if your credit score starts to plummet without a good explanation. Check your credit score and keep a track of it right here on Credit Card Compare. Download our app for an easy score tracking capability.