Australians lose billions to scams annually, with older Australians disproportionately targeted by investment and romance scams that produce the largest individual losses. Sophisticated scams target sophisticated people — the defence is not intelligence but pattern recognition and one structural practice: before transferring money or sharing information in response to any unsolicited contact, verify independently using a known, trusted channel. Legitimate requests survive this check. Scams do not.
This is not a comfortable topic, but it is an important one. Australians lose billions of dollars to scams each year — the ACCC's annual Scamwatch reports consistently document losses in that range, and the real figure is likely higher given that many scam losses go unreported. Older Australians are disproportionately targeted in some categories, particularly investment scams and romance scams, which tend to produce the largest individual losses. Sophisticated scams catch sophisticated people. The typical victim of a large investment scam is not someone who has been careless or inattentive — it is someone who was deliberately manipulated by a well-constructed deception. The defence is not intelligence. It is pattern recognition and one simple structural practice.
What are the main scam types targeting older Australians?
Investment scams produce the largest dollar losses. They typically involve promises of unusually high or guaranteed returns — above 10% per year, often framed as exclusive or elite opportunities — and often impersonate legitimate financial firms using professionally cloned websites. Cryptocurrency investment schemes fit this pattern, as do "managed" investment opportunities where the victim is told their funds are being actively traded by a professional. A common structure involves a smaller initial "success" — a tested transaction that returns a small profit — to build confidence before a much larger request. The scammer's account closes, the returns disappear, and the money is gone.
Romance scams are typically longer-running and more emotionally devastating. An online relationship develops gradually over weeks or months, often initiated through dating apps or social media. The other party presents as credible, attentive, and genuinely interested. They are typically overseas or otherwise unable to meet in person. Eventually, a crisis arises — a business emergency, a legal problem, medical costs — and money is requested. Once the transfer is made and the victim is emotionally committed, further requests follow. The financial loss, when the deception is eventually revealed, is compounded by grief over the relationship.
Government impersonation scams use threatened consequences to create panic and override normal judgment. Calls claiming to be from the ATO about unpaid tax, from Centrelink about benefit fraud, or from a government authority about an imminent legal matter share a common structure: the situation is urgent, immediate payment or action is required, and the payment must be made through an unusual channel — gift cards, cryptocurrency, or wire transfer to an unfamiliar account. Australian government agencies do not demand immediate payment via gift cards or cryptocurrency. If that demand appears in a call, the call is a scam.
Bank impersonation typically involves a call from someone claiming to be from your bank's fraud department, reporting suspicious activity on your account and asking you to act immediately to protect your funds by transferring them to a "safe" account or sharing an authorisation code. Banks do not ask customers to transfer money for safekeeping, and they do not ask for full PINs or passwords over the phone. The safe account is the scammer's account. Hanging up and calling the bank's published number — the one on the back of the card — is the right response.
The "Hi Mum" or "Hi Dad" SMS pattern has been particularly active in Australia. A text message arrives from an unfamiliar number, claiming to be from a family member whose phone has been lost or broken. The contact builds rapport over a few messages, then requests money for an urgent matter — a bond payment, a bill, an emergency. The request feels plausible because the emotional logic of a family member in difficulty is compelling. The defence is simple: call the person's known number. If the message is genuine, they will answer. If it is a scam, the call goes nowhere and the rest of the conversation never happens.
What is the verify-via-known-channel practice — and why does it work?
Most scams share a common dependency: they rely on the victim acting within the communication channel the scammer controls. A phone call from a scammer asking you to stay on the line and follow instructions. A text message directing you to a link or a new number. An email asking you to click through. The scammer controls the channel and can construct within it a very convincing reality.
The single most effective protective practice is to step outside that channel before acting. Before transferring money, sharing codes, or providing personal information in response to any unsolicited contact, verify independently using a known, trusted channel — the phone number on the back of the card, the official website, a direct call to the person's actual number. This one step — not the information presented in the suspicious communication itself — breaks the vast majority of scams. Legitimate requests survive independent verification. Scams do not.
What structural protections reduce the risk of being scammed?
Beyond the verify-via-known-channel practice, several structural measures provide additional protection. Multi-factor authentication on key accounts — banking, email, superannuation, and myGov — adds a layer that makes unauthorised access significantly more difficult. The major Australian banks offer vulnerable customer programmes with additional verification protocols and the ability to flag accounts for extra review; for older Australians or family members with concerns, these are worth enquiring about. An Enduring Power of Attorney, combined with a trusted adviser or family member who monitors financial activity, provides early-warning capability for unusual transactions. For any substantial unsolicited investment opportunity, a personal rule of waiting 24 to 48 hours before acting — and discussing the opportunity with a trusted adviser before transferring funds — eliminates most investment scam risk. Legitimate investment opportunities are still legitimate after 24 hours.
What should you do if you've been scammed?
Contact the bank immediately. Early reports give the bank's fraud team the best chance of blocking or reversing transactions before funds leave the country, though recovery is difficult once funds reach overseas accounts. Report the incident to Scamwatch at scamwatch.gov.au. If personal identity information has been compromised, contact IDCARE — Australia's national identity and cyber support service — at 1800 595 160 or idcare.org. For substantial losses, report to police. Recovery of transferred funds is rarely complete, which is why prevention is the correct focus.
Key takeaways
- Investment scams produce the largest dollar losses and typically involve promises of unusually high or guaranteed returns, often backed by professionally cloned websites. A common technique is a small initial returned profit that builds confidence before a much larger transfer request is made — at which point the scammer's account closes and the money is gone.
- The single most effective defence is to step outside the scammer's communication channel before acting. Before transferring money, sharing codes, or providing personal information in response to any unsolicited contact, verify independently using a known, trusted channel — the number on the back of the card, the official website, or the actual phone number of the person. Legitimate requests survive this check. Scams cannot.
- Australian government agencies do not demand immediate payment via gift cards or cryptocurrency. If a call makes that demand — even claiming to be from the ATO or Centrelink — it is a scam. Banks do not ask customers to transfer money to a safe account or share full PINs over the phone. Hang up and call the published number.
- Structural protections include multi-factor authentication on banking, email, super, and myGov accounts; a personal rule of waiting 24–48 hours before acting on any unsolicited investment opportunity; and major banks' vulnerable customer programmes, which add verification protocols and account monitoring.
- If a scam loss occurs: contact the bank immediately for the best chance of blocking the transfer; report to Scamwatch at scamwatch.gov.au; if identity information was compromised, contact IDCARE at 1800 595 160 or idcare.org. Recovery of transferred funds is rarely complete — prevention is the correct focus.
Frequently asked questions
Why are older Australians disproportionately targeted by scammers?
Older Australians are disproportionately targeted for several reasons: accumulated wealth makes them higher-value targets for investment and romance scams; greater likelihood of owning a home and having retirement savings creates specific scam angles; and some may be less familiar with digital communication norms that help identify suspicious contacts. The ACCC's annual Scamwatch data consistently shows older Australians among those with the largest individual scam losses, particularly in the investment and romance categories.
How do investment scams typically work?
Investment scams usually promise unusually high or guaranteed returns — above 10% per year is a common indicator — often framed as exclusive opportunities. They frequently impersonate legitimate financial firms with professional cloned websites. A common technique involves an initial small returned profit to build confidence before a much larger transfer is requested. Once the larger transfer is made, the scammer's platform closes and the funds disappear. Cryptocurrency investment schemes and managed trading accounts are frequent vehicles.
What is the single most effective way to protect yourself from scams?
Verify every unsolicited request independently using a known, trusted channel before acting. This means: if a call comes from someone claiming to be your bank, hang up and call the number on the back of your card. If a text claims to be from a family member, call their actual number. If an email asks you to click through to update account details, go directly to the organisation's website instead. This one step — breaking out of the scammer's communication channel — prevents the vast majority of scam attempts. Legitimate requests survive independent verification. Scams do not.
How can I tell if a call from the ATO or Centrelink is a scam?
The clearest indicator is a demand for immediate payment via an unusual channel — gift cards, cryptocurrency, or wire transfer to an unfamiliar account. Australian government agencies do not make such demands. They also do not threaten immediate arrest or legal consequences for failing to pay on the spot. If you receive a call making these demands, hang up. If you want to verify whether there is a genuine matter, call the relevant agency directly using the number published on their official website — not a number the caller provides.
What should I do if I've been scammed?
Contact your bank immediately — the sooner you report, the better the chance of blocking the transaction before funds leave the country, though recovery is difficult once funds reach overseas accounts. Report the incident to Scamwatch at scamwatch.gov.au; this helps warn others and contributes to enforcement action. If personal identity information (passport details, myGov credentials, tax file number) was compromised, contact IDCARE at 1800 595 160 or idcare.org for specialist guidance. For substantial losses, file a report with police. Expect recovery to be partial at best.