Skip to Content
BSB 704-191


Learn how to protect yourself from cyber threats, fraud and scams and keep your accounts secure.

Report a scam or fraud

What to do in the event of fraud or a scam

Received a text or call that seemed too good to be true? It usually is. Legitimate companies will never ask you to reveal passwords or financial information. 

Beware of scams and stay updated on national scams by reviewing current scams at


Don’t act straight away. Stop and think about what you’re being asked to do. 

Real companies or government agencies won’t pressure you to make payments.


Have a quick look on Google to see if the company or person is real and whether it's the right phone number.

Check to see if anyone else has had similar experiences.


If you’re still unsure, show a family member or friend and ask for their opinion before taking any action.

Online Security Checklist

  • Unique password

    Create a unique secure password for Internet Banking and always use an alpha-numeric password combining numbers, upper and lower case letters with at least one special character, e.g. Rf3Tg#1d8w.
  • Two-factor authentication

    Register for one of our free second level authentication security features; SMS One Time Password or Funds Transfer Password.
  • Change your password regularly

    Regularly change your password and keep your password secure.
  • Contact details

    Keep your contact details up-to-date.
  • Keep your personal identity private

    Only provide your personal identity information to entities that you do know and trust.
  • Antivirus software

    Regularly scan your computer and keep your antivirus software up-to-date.
  • Automatic security updates

    Turn on Automatic Updates for your security software.
  • Unknown software

    Do not install software or run programs of unknown origin.
  • Always logout of Internet Banking

    Always logout of Internet Banking using the logout button located at the top right of the screen.
  • Don't use public computers for Internet Banking

    Do not use public computers for Internet Banking, e.g. Internet cafes, libraries or hotels. If you have used a shared computer then please change your password on your own trusted computer at home or work.
  • Check your last login details and transaction history

    Immediately report any suspicious activity on your account to Bank First on 1300 654 822.
  • Do not click links in an email

    Never access Internet banking by clicking on a link in an email. Login directly by typing into your browser and clicking on the Internet Banking link. Also check that the Internet Banking address starts with 'https://' to ensure that the site is secure.

What is phishing?

Phishing is the most common cyber-attack used today. They can be sent to you via email, text message, and sometimes via social media from what can appear to be a reputable source.  Phishing attacks are used to trick the recipient into revealing sensitive information or data in order to steal from you. 

Remember to pause, review and ask a friend or family member when you receive such messages. Learn more about protecting yourself from specific scams below.

More security resources

For further information about Internet and Email Security, visit the following websites:


Statement for Participants/Identified Institutions Customer Communications

We have become aware that there has been a cyber-attack at another financial institution which has resulted in the disclosure of PayID details of other banks’ customers.

The attackers will not be able to access bank accounts since no passwords or credentials are available from the PayID database.

Please be aware that SMS phishing attempts using hacked data could occur – for example, you may receive a personalised message from the attackers which looks like a legitimate message from us or another bank, in an attempt to acquire your banking credentials and password.  You should be cautious of any unusual SMS activity and never click on a link in a random message.

Please call us on 1300 654 822 if you receive a suspicious SMS message.