Latest News

With Boxing Day and other seasonal sales just around the corner, online shopping is set to surge, and unfortunately, so is the risk of scams. As the holiday sales approach, the Customer Owned Banking Association (COBA) is urging consumers to remain vigilant. “Scammers often use tactics like creating a sense of urgency to get customers to make immediate decisions and payments. Knowing that pressured shoppers are less likely to spot a scam, criminals deliberately target events like Boxing Day sales,” COBA Head of Financial Crimes and Cyber Resilience Martin Latimer explained. According to ACCC’s Scamwatch, there have been more than $8 million in reported losses from shopping scams in 2025 so far. To help savvy shoppers stay safe, COBA’s financial crimes team share their expert tips on how to spot, and avoid, such scams. Beware of fake websites Scammers often create ‘phantom’ websites that are designed to trick even the savviest shopper. Latimer urges Australians to be extra cautious when browsing online deals, and to double-check the legitimacy of a website before you decide to make any payments. Look out for poor website design and spelling or grammatical errors, as well as a lack of customer feedback or reviews for the seller or product.  “Scammers are experts at creating convincing fake websites that closely resemble legitimate retailers. Pay close attention to the domain name, because even a small typo could mean you're on a scam site,” Latimer advised. Shoppers are urged to verify the site's legitimacy by looking out for a privacy policy, terms and condition, or even contact details - many fake websites don’t include this level of information. If you are shopping on an Australian website, you can use the Australian Domain Authority’s website register to see which company or trademark registered it. Don’t click on unsolicited links Phishing is a tactic criminals use to steal your personal and financial information, such as login credentials or credit card details. Scammers often send unsolicited emails or messages pretending to be legitimate retailers, delivery companies or payment processors, in an attempt to trick shoppers to click on links or download suspicious attachments. “A common phishing tactic is a scammer sending an email or text message about a sale or delivery, urging you to click on a link. These links then lead to fake websites or download malware onto your device,” Latimer explained. “Never open attachments from unknown senders, as they may contain malware. Instead, always go directly to the retailer’s official website.” Use secure payment methods Before making any online purchases, make sure your payment is protected. Check that the website shows “https” and a padlock icon to safeguard your financial information. Latimer added: “Scammers will often encourage you to use untraceable payment methods, like wire transfers or cryptocurrency, so avoid these. Stick to trusted and secure payment methods, which often have built-in buyer protection and fraud prevention features to help safeguard your purchases.” Trust your instincts. If something appears suspicious or too good to be true, it probably is. Need help? If you believe someone has gained access to your bank account and/or personal information, even if the scam appears unrelated to your finances, you should contact your bank immediately. A timely response can be critical. If you have concerns about your account contact us immediately. You can report cybercrime directly to the Australian Cyber Security Centre (ACSC) or National Anti-Scam Centre (NASC) – Scamwatch. Find out how scams work, how to protect yourself, what to do if you’ve been scammed or report a scam to the Australian Competition and Consumer Commission (ACCC) via Scamwatch. Change your passwords and enable two-factor authentication to protect your accounts. As always, we remain committed to your security and privacy online. To understand how we help to keep you safe, please refer to our Security page. For more information on common scams and how to protect yourself, please visit the News section of our website.

From 10 December 2025, some social media platforms will be restricted, by law, to people aged 16 and over. These laws require affected platforms to take reasonable steps to prevent anyone under 16 from creating or holding accounts.  These measures are designed to protect young people from the risks and pressures associated with social media use. Information about the new restrictions is available at eSafety’s social media age restrictions hub. There are 4 potential scams that opportunistic criminals may use to take advantage of these changes. Who’s at risk Young people and their families affected by the new social media age restrictions Social media users What the scams might look like Platform impersonation scamsScammers may pretend to be social media platforms or age verification providers, and ask you to verify your age or risk losing your account. Government impersonation scamsScammers may pretend to be from government or law enforcement, claiming you have breached the new laws and threaten fines unless you provide proof of age. Fake ID scamsScammers may offer fake IDs or access to age-verified accounts for a fee, targeting young people under 16 and their families. ‘Hi Mum’ scamsScammers might impersonate young people aged 16 or older, contacting their parents or guardians to claim they need help verifying their age to use a social media platform. If someone contacts you about the social media age restrictions STOP. Don’t be rushed to share age verification details quickly. Don’t make any payments. No legitimate platforms are requesting payment associated with these laws. CHECK. Make sure the person or organisation you’re dealing with is real. Find out how your social media platforms are communicating with users about the restrictions and how they are verifying users’ ages. You can visit eSafety's frequently asked questions page for more information. PROTECT. If you’ve given any personal information, such as your age or proof of identity, or money to someone you suspect is a scammer act quickly. The What to do if you’ve been scammed page on scamwatch.gov.au has steps you can follow. Need help? If you believe someone has gained access to your bank account and/or personal information, even if the scam appears unrelated to your finances, you should contact your bank immediately. A timely response can be critical. If you have concerns about your account contact us immediately. You can report cybercrime directly to the Australian Cyber Security Centre (ACSC). Find out how scams work, how to protect yourself, what to do if you’ve been scammed or report a scam to the Australian Competition and Consumer Commission (ACCC) via Scamwatch. Change your passwords and enable two-factor authentication to protect your accounts. As always, we remain committed to your security and privacy online. To understand how we help to keep you safe, please refer to our Security page. For more information on common scams and how to protect yourself, please visit the News section of our website.

The Australian Federal Police (AFP)-led Joint Policing Cybercrime Coordination Centre (JPC3) has launched ‘ClickFit’: a national awareness campaign designed to get Australians to stop their scroll, check the warning signs of scams, and protect themselves from cybercrime. Think of 'ClickFit' as a road-safety campaign for the internet: every online user is being urged to slow down, swerve around scam links, emails, and messages, and stay one step ahead of cybercriminals. The campaign promotes safe online behaviour, helps people recognise scams, encourages incident reporting, and supports stronger cyber protection measures. Recent findings suggest too many Australians are not adopting necessary safety measures online and too few are reporting incidents to police when targeted by cybercriminals, with reporting rates in 2024 ranging from 8% for malware to 22% for fraud and scams. According to the Australian Institute of Criminology’s Cybercrime in Australia 2024 report, many victims believed their experience was not serious enough to report or that nothing could be done. Every cybercrime report helps police track criminals, shut down their networks, assist in building intelligence on emerging cyber threats, and prevent other people from being targeted. AFP Acting Commander of Cybercrime Operations Marie Andersson said the message for digital consumers was clear – the online world was incredible, but it was important to develop cyber tools and skills to navigate it confidently and safely. “Research shows our online habits directly impact our risk profile and many Australians overlook simple steps to stay secure online, which can prevent their victimisation,” Acting Commander Andersson said.Real examples: In a recent case investigated by Tasmania Police, a man lost more than $400,000 to a sophisticated cryptocurrency investment scam – despite advice from his bank and police. Acting Commander Andersson said this demonstrated just how convincing and persistent scammers could be. In another case, a mother reported to South Australia Police that she booked a family holiday for four through an online advertisement that appeared reputable, even checking the business had an ABN. However, after paying thousands of dollars for flights and accommodation, she arrived at her destination only to discover the hotel did not exist. Despite Australians rating their tech knowledge highly, many fail to use basic protections such as strong passphrases, multi-factor authentication and regular software updates – a critical gap ClickFit aims to close.Why ClickFit matters Research shows that unsafe online behaviours can significantly increase the risk of being targeted by cybercriminals. However, there are good habits ahead - if you introduce just six steps into your everyday digital routine, this will help protect you from cybercrime, scams, and keep you safe online. This is how you become 'ClickFit'. Get ClickFit: Create strong and unique passphrases for every account. Enable Multi-Factor Authentication. This adds an extra lock on your accounts, even if your password is stolen. Install software updates on phones, apps, and computers to close security gaps. Stay alert to emerging scams and cybercrime trends. Stop and think before you click. Criminals rely on urgency and distraction. Don't rush. Verify the source before you click, call or pay. Call or check directly with the legitimate organisation/trusted source before clicking on a link. Take a moment to reflect on your online habits, have conversations with friends and family about scam safety, and help spread the message, are you ClickFit? Need help?If you believe someone has gained access to your bank account and/or personal information, even if the scam appears unrelated to your finances, you should contact your bank immediately. A timely response can be critical. If you have concerns about your account contact us immediately. You can report cybercrime directly to the Australian Cyber Security Centre (ACSC). Find out how scams work, how to protect yourself, what to do if you’ve been scammed or report a scam to the Australian Competition and Consumer Commission (ACCC) via Scamwatch. As always, we remain committed to your security and privacy online. To understand how we help to keep you safe, please refer to our Security page. For more information on common scams and how to protect yourself, please visit the News section of our website.

Black Friday and Cyber Monday are among the year’s biggest online shopping events, with millions of Australians searching for bargains. While retailers prepare for increased demand, scammers do too, building fake websites, sending phishing messages and placing deceptive ads designed to steal money and personal information. Fraudulent activity typically rises during major shopping periods. Common scams to watch for: AI fake online stores – Professional-looking websites that use deepfake videos, fake reviews, manufactured product images and convincing logos to appear legitimate. Phishing emails and texts – Messages that appear to come from trusted retailers or delivery companies, asking you to “confirm your order” or “track your parcel.” Social media ads – Ads promoting unrealistic prices or fake giveaways that redirect you to malicious sites. Payment scams – Requests for direct bank transfers or cryptocurrency payments instead of secure options like credit cards or PayPal. It’s also important to note that even legitimate retailers may occasionally use misleading promotions, such as limited-time claims that create false urgency, “store-wide” discounts that exclude most products, or “up to X% off” deals where only a small number of items receive the highest discount. The Australian Competition and Consumer Commission (ACCC) is conducting a sweep of retailers to ensure their sales advertising is accurate, transparent, and not likely to mislead or deceive consumers. If you’re planning to shop during the Black Friday and Cyber Monday sales, check prices before promotions begin so you can compare and ensure the discount is genuine.How to protect yourself You can still enjoy the sales, just shop smart: Stick to trusted retailers:- Buy from official brand websites or authorised sellers. Check URLs carefully:- Look for subtle spelling differences, extra characters or unusual domain names. Recognise fake website: AI generated images and videos can show unnatural facial expressions, inconsistent lighting, blurred lip movements. Verify the legitimacy by checking the contact details. Avoid clicking on suspicious links: Type the retailer’s URL directly or use a bookmark instead of following links from emails, texts or social media. Use secure payment methods: Credit cards and PayPal generally offer better buyer protection than direct bank transfers or cryptocurrency if something goes wrong. Be wary of offers that seem too good to be true: They usually are. Don’t succumb to pressure: Don’t let countdown timers or low stock pressure you into buying. Verify social media offers: Don’t rely solely on celebrity videos or influencer posts, check the retailer’s official channels. Black Friday and Cyber Monday sales can provide a great opportunity to save on your purchases, but it’s also a prime time for scammers. Take a moment to double-check before you click, buy, or share any personal information. A few seconds of caution can save you from weeks of stress and financial loss.Need help?  If you believe someone has gained access to your bank account and/or personal information, even if the scam appears unrelated to your finances, you should contact your bank immediately. A timely response can be critical. If you have concerns about your account contact us immediately. You can report cybercrime directly to the Australian Cyber Security Centre (ACSC). Find out how scams work, how to protect yourself, what to do if you’ve been scammed or report a scam to the Australian Competition and Consumer Commission (ACCC) via Scamwatch. Change your passwords and enable two-factor authentication to protect your accounts. As always, we remain committed to your security and privacy online. To understand how we help to keep you safe, please refer to our Security page. For more information on common scams and how to protect yourself, please visit the News section of our website.

October is Cyber Security Awareness Month, an important reminder that small, consistent actions help protect what matters most online. This year’s theme “Building our cyber safe culture” underscores the importance of proactive online safety measures, supported by a range of resources designed to help individuals and businesses to prioritise cyber security. There are simple actions everyone can take to safeguard themselves online: 1) Install all software updates to keep your devices secure: Installing regular updates will keep your devices secure and makes it harder for cyber criminals to access them. Make sure that automatic updates are switched on so that you are notified when an update is available. Learn more about how to update your devices at cyber.gov.au 2) Use a unique and strong passphrase on every account: A passphrase is a more secure version of a password. Passphrases are hard for cybercriminals to crack, but easy for you to remember.        Create passphrases that are: 15 or more characters Unpredictable: use 4 or more random words. Avoid identifying information such as family names, birth dates or addresses. Unique: are different for every account. Learn more about how to set secure passphrases at cyber.gov.au 3) Always set up multi-factor authentication (MFA): Enable multi-factor authentication where available to add an extra layer of security to all of your online accounts. MFA requires two or more proofs of identity to log in to your account MFA adds an extra layer of security Start with setting up MFA on your most important accounts (such as online banking and email accounts) Learn more about how to turn on multi-factor authentication at cyber.gov.au Cyber Security Awareness Month focuses on building capability and encouraging action, giving Australians the skills and confidence to take control of their online safety. The goal is to ensure both individuals and organisations have the knowledge and tools to stay secure. A strong cyber culture develops through small, consistent actions that become everyday habits. Simple practices, such as questioning unexpected emails, pausing before clicking links, and regularly checking account security, can make a big difference. By embedding these behaviours into daily routines, cyber safety becomes second nature at home and in the workplace. Everyone has a role in creating a resilient digital community. By staying alert and practising good cyber hygiene, we can reduce risks and better protect the things that matter most. Need help?If you believe someone has gained access to your bank account and/or personal information, even if the scam appears unrelated to your finances, you should contact your bank immediately. A timely response can be critical. If you have concerns about your account contact us immediately. You can report cybercrime directly to the Australian Cyber Security Centre (ACSC). Find out how scams work, how to protect yourself, what to do if you’ve been scammed or report a scam to the Australian Competition and Consumer Commission (ACCC) via Scamwatch. As always, we remain committed to your security and privacy online. To understand how we help to keep you safe, please refer to our Security page. For information on common scams and how to protect yourself, please visit the News section of our website.  

Stop. Check. Protect. From 25 to 29 August, Scams Awareness Week 2025, a national initiative led by the Australian Competition and Consumer Commission (ACCC) aims to raise awareness about the growing risks of scams and cyber threats. “Stop. Check. Protect.” is this year’s theme, encouraging Australians to remain vigilant, verify suspicious activity, and take proactive steps to protect their personal and financial information.  As a mutual bank, the trust and safety of our members are among our highest priorities. We are committed to helping protect member data, raising awareness of online risks, and ensuring our members have the knowledge to respond to threats with confidence and care. Common types of scams and cyber threats: Scams and cyberattacks are becoming increasingly sophisticated and frequent. Some of the most common include: Phishing emails: Scammers pose as trusted organisations, sending emails that prompt recipients to click malicious links, download harmful attachments, or reveal sensitive information such as passwords and credit card details. Romance scams: Fraudsters create fake identities online to form emotional connections, eventually convincing victims to send money for fabricated emergencies. Lottery and prize scams: Scammers falsely declare victims as lottery winners, demanding upfront payments or personal data to claim fictitious prizes, resulting in financial loss or identity theft. Bank impersonation scams: Scammers impersonates a bank or financial institution to trick their victims into making payments to a fraudulent account. Tax time SMS and email scams: These scams encourage people to click on a link that directs them to a fake MyGov sign-in pages designed to steal their username and password. E.g. phrases include: 'You are due to receive an ATO direct refund”, or “You have an ATO notification.” Linkt Toll scams: Messages (SMS or WhatsApp mostly) request payment or updated billing information through a fraudulent link. Phone scams: Scammers call victims pretending to be from government agencies, tech support, banks or delivery services to steal information or money. Impersonation scams: Fraudsters pose as trusted individuals, such as colleagues, family member, or CEO, to request urgent payments or sensitive data. Fake websites: They mimic real websites to steal credentials or infect your device with malware when you enter information or download content. Malware attacks: Malicious software is installed via unsafe links or downloads, allowing scammers to access your personal or financial information. Remote access scams: Scammers convince victims to grant access to their computer or mobile device, often claiming to be tech support. No one is immune, stay alert and informed.That’s why we’re focused on continuing to strengthen our digital security, educating both members and staff, and providing the tools and training needed to protect what matters most: our members’ information and financial wellbeing. What you can do: Stop. Check. Protect. We all have a role to play in cybersecurity. Here’s how you can take action: Stop: If something feels off. Don’t click, share or respond. Scammers often create a sense of urgency to get you to act quickly.  Check: Always verify the legitimacy of the message or call. If in doubt, contact the organisation directly using official contact details from their website, not the ones provided in the suspicious message. Protect: Secure your accounts with strong passwords and enable Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) whenever available. Report any suspicious activity immediately to us and the appropriate authorities (e.g. Scamwatch, your IT support or local police). Additional tips for protection: Never share your password with anyone. Use complex, unique passwords for different accounts. Avoid using easily guessed words. (e.g. “123456”, “password”, “birth dates”) Don’t reuse passwords across platforms. Keep your devices updated with the latest security. Be cautious of unsolicited messages or offers that sound too good to be true. Don’t click on suspicious links or attachments, especially from unknown sources. Our commitment to youScams Awareness Week is a timely reminder of the importance of staying safe online. As your mutual bank, we will continue to: Provide ongoing cybersecurity training to help our staff stay alert. Share useful resources and alerts to help members identify and avoid scams. Maintain strong data protection policies and invest in secure technology. Monitor cyber threats closely and act quickly to protect member accounts. This Scams Awareness Week, take a moment to reflect on your online habits, have conversations with friends and family about scam safety, and help spread the message.  Stop. Check. Protect.  To understand how we manage your personal information, please visit our Privacy page. To understand how we help to keep you safe, please refer to our Security page. Need help?If you believe someone has gained access to your personal information, even if it appears unrelated to your finances, you should contact us or relevant financial institution immediately. A timely response can be critical in giving you the best chance to stem any loss. If you have concerns about your account with us, contact us on 1300 36 2000. If the scam occurred on social media or a legitimate website, report it to the platform involved. For scams on Facebook, Messenger, WhatsApp and Instagram, see this step-by-step guide for reporting scams on Facebook services.