Findings by the Joint Policing Cybercrime Coordination Centre (JPC3) revealed that scammers are now using a variety of new tactics, including replicating the hold music used by financial institutions and simultaneously calling both victims and banks so they can bypass authentication.
Phishing scams, including bank impersonation scams, cost Australians $97.6 million in 2025, up from $84.5 million the year prior, representing a growth in impersonation by scammers to steal funds.
“Scammers are getting better at sounding convincing, but there are a few simple things to remember that can help keep you safe,” said Commonwealth Bank’s executive general manager of group fraud and scams, James Roberts.
The AFP cited one case in which scammers stole $350,000 worth of cryptocurrency in 18 hours, roughly $324 a minute, after the criminal impersonated a crypto ledger company representative and convinced the victim that their crypto ledger had been breached.
“Scammers approach victims armed and ready using secure information such as their name, date of birth, account details, and bank balances, acquired through previous cyber attacks or data breaches,” said AFP Detective Superintendent Marie Andersson.
“This allows scammers to build trust and legitimacy with their victim and acquire additional information or access to complete their scam.
“We are also seeing scammers acquire this information in real time by working in pairs. One scammer will contact a bank and pretend to be the victim, while concurrently, another scammer is calling the victim and pretending to be a representative of the banking provider.
“Using information they gain through both conversations, they can then bypass security checks and create ‘proof’ that seems credible.”
Scammers work on urgency and panic, while creating a sense of trust. They may convince victims that their bank account has recorded an unauthorised payment, a device has been compromised, an account has been locked, or new payees have been added.
They will then ask for verification details such as passwords and personal information, ask you to verify one-time passwords or approve transactions, request remote device access, ask you to move funds to “safe” accounts or make payments via a platform they share.
“Banks won’t rush you – and we will never ask you to share passwords, PINs or one-time codes, or move money to a ‘safe account’,” Roberts said.
“If you bank with us and get a call you’re unsure about, stop, hang up and contact your bank using the number on your card or message us securely in the app. Do not call back the number that contacted you or any number from a suspicious SMS or email.”
Superintendent Andersson said the best defence is identifying a scam before it’s too late and refusing to play along.
“Cold contact from a banking provider via call, text or email, combined with an extreme pressure to act quickly and hand over personal information, should be treated as a potential scam,” Superintendent Andersson said.
“Pause and consider the veracity of the request. If in doubt, hang up and call the banking institution’s official phone number, which can be found on their website, your banking card, or app.
“If you believe you have been targeted, contact your bank immediately so they can secure your accounts and change your online banking password.
“Never log in via online banking links sent through email or text, or share your passcodes or passwords over email, text or phone.
“We understand that the threat of losing any money is scary, but what is scarier is actually losing money, sometimes even life savings, to a scammer.”
She also encourages those unsure to report suspected scams so that the perpetrators can be identified and the scams stopped.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
