Threats and Scams

Contact us on 1300 654 822 (within Australia) or +61 3 9834 8560 (overseas) or by email if you believe you have received a scam email.

Fraud and scams that existed prior to COVID-19 are still posing threats today. Below is an overview of some common threats and scams, plus tips to help you stay safe.

COVID-19 scam

For more information, visit:

NSW and QLD floods scam

There have been a number of reports of scammers targeting flood-impacted communities. Scammers may claim they are insurers, government employees and charity organisations. 

Do not disclose personal and financial information to callers. Follow our phone scam guidelines below for more information on what to do when receiving a scam phone call. 

  • Hoax emails and hoax SMS scams

    There are a number of hoax email and SMS scams that ask you to disclose your personal details either for verification purposes or with the promise of some monetary reward.


    Phishing is a technique used to capture your personal or financial information via a phishing website that has been created to mimic a legitimate financial institution. Phishing emails that appear to be from the financial institution are sent to persuade you to click on a link which will connect you to the fraudulent website.

    Remember, Bank First will never send an email or SMS asking you to update, verify or confirm any of your confidential banking information by reply email or text.

    How to identify a phishing email

    • Sentences that contain poor grammar and spelling errors.
    • Includes links to websites, attachments or requests to call a phone number.
    • The purpose of the email is to encourage you to click on a link or provide personal information.

    How to identify a phishing website

    • The website name (URL) in the address bar is different to the legitimate website.
    • The URL begins with 'http://' instead of 'https://' (which indicates a secure page).
    • There is no padlock icon or valid digital certificate on the website.

    Phishing security tips

    • Use a spam filter on your email software to block spam emails, such as phishing emails.
    • Activate the security feature on your browser which detects phishing websites in case you inadvertently click on the link.
    • Delete suspicious emails immediately.
    • Do not reveal personal information via email or text message. If you receive an email or SMS requesting this type of information please ensure you contact us immediately on 1300 654 822.
  • Mobile phone scams

    Mobile phone porting

    Scammers may obtain your personal information including your mobile phone number through fraudulent means and use this information to switch, or "port", your phone number to another provider. Once your number has been "ported", the scammers will be able to receive SMS security tokens. However, they will also need to know your confidential Internet Banking login details to be able to transact on your account.

    If you receive a call or text from your mobile phone provider advising they are experiencing service difficulties or if your phone service is suddenly disconnected for no reason, you should contact your mobile phone service provider immediately.

    Contact us on 1300 654 822 if you discover that your mobile phone service provider has been switched without your permission.

    Fake banking apps

    Fake apps posing as online banking apps from legitimate financial institutions may contain malware or viruses that could infect your mobile phone or tablet once installed. This means a scammer could gain access to your device and intercept your text messages and other applications to view your personal information.

    Always download your apps from a reputable source such as the Apple App Store (iOS) or the Google Play Store (Android) and always check the name of the app developer. If an app's source cannot be verified or looks suspicious then do not download or install the app.

  • Phone scams

    There are a variety of phone scams in circulation which aim to deceive people into providing personal and financial information over the phone. Cold callers often sound professional and convincing and claim to be from trusted organisations, such as a government department or a legitimate financial institution.

    Phone security tips

    • Be cautious if you receive an unsolicited call and your personal and financial information is requested by the caller. Verify the caller's identity by obtaining their contact details from a trustworthy source and calling them back directly.
    • Never give personal or financial information to anyone you do not know or trust, even if they claim to be from a reputable company.
    • Hang up immediately if a cold caller claims you are entitled to a refund, have won a holiday, or have a virus on your computer.
    • Contact us immediately on 1300 654 822 if you believe you have given your personal or financial information to a phone scammer.
  • iTunes Gift Card Scam

    Scammers will pretend to represent reputable companies, contact Members and demanding iTunes gift cards as a form of payment for various services. In the majority of circumstances the scammers are using scare tactics by threatening police or subsequent action if the request is not carried through.

    The scammed victim is asked to attend their local supermarket, purchase the iTunes gift cards and provide the card numbers over the phone. In most instances, by the time the scam is reported the gift cards have already been on-sold or redeemed by the scammers. Once the gift card has been redeemed the loss is not recoverable.

    • If you are NOT purchasing an item from the iTunes Store, App Store, iBooks Store, or an Apple Music membership, do NOT make a payment with iTunes Gift Cards. There's no other instance in which you'll be asked to make a payment with an iTunes Gift Card.
    • Do not provide the numbers on the back of the card to someone you do not know.

    If you believe you have been the victim of this scam please contact us immediately on 1300 654 822.

  • Malicious software

    Spyware and Adware

    Spyware (and Adware) is software that covertly gathers information about your Internet activity and sends it to a third party over the Internet. Spyware can be used to simply track your Internet habits for advertising purposes or used maliciously to obtain sensitive information including banking and credit card details.

    Viruses and worms

    Computer viruses and worms are self-replicating programs that can infect a computer without your knowledge or permission. A virus attaches itself to, and becomes part of, another executable program and can spread from one computer to many others. A worm is self-contained and does not need to be part of another program to propagate itself.

    Trojan Horses

    A Trojan Horse is a program that installs malicious software while under the guise of performing a desirable function. Trojan Horses may appear to be useful or interesting programs (or at the very least, harmless), but they are actually harmful when executed.

  • Card skimming

    Card skimming is the illegal copying of data from the magnetic strip of debit and credit cards. The information is then encoded onto a fake or 'cloned' card so that fraudulent transactions can be made on your account. This can be achieved by fraudsters tampering with either genuine ATMs or merchant EFTPOS terminals in shops or restaurants.

    How to identify card skimming

    • You are requested to swipe your card through more than one machine.
    • Your card is swiped through a second EFTPOS terminal or is taken out of sight to process the transaction.
    • You notice an attached device on the EFTPOS or ATM card reader entry.
    • You notice holes in the ATM casing panel which may indicate a camera has been hidden.
  • Binary Trader Scams

    Trading in binary options - via brokers - involves speculating on the movement of commodity, asset or index prices over a short period. Some brokers are legitimate entities and there are a number licenced in Australia. To make a profit a person would have to be well researched and have a very good understanding of what they are doing. It is important to note that the vast majority of those registered overseas are not licenced to offer their services in Australia - anyone wishing to use these services should check. Customers should also be wary as there are a lot of other ‘brokers’ present online that are straight-out scams, taking victims money and simply shutting down and disappearing once identified.

    ASIC, through their Moneysmart website, warns against transacting with these companies and provides a list of known scam companies. This information can be found at the following location:
  • Fraudulent Bank First Calls & Website

    We have received reports from customers who have received scam phone calls from Creoles Trust Bank claiming to be a partner of Bank First. They are asking customers to confirm details, including personal information and have created a fake version of the Bank First website with a similar look.

    This is fraudulent activity and is in no way associated with Bank First. Bank First will never call or send you an email asking you to provide your Internet Banking details, account details, card numbers or passwords.

    We are actively working to have this fraudulent site removed. We assure you that our own website remains secure, and to always look for the 🔒 security certificate in your internet browser bar if you are unsure.

    If you receive a call like this, please end the call immediately and call us on 1300 654 822.