Scammers posing as trusted contacts
Authorities say a growing tactic involves scammers presenting themselves as people trying to help protect accounts that have supposedly been compromised.
The Joint Policing Cybercrime Coordination Centre (JPC3), which brings together law enforcement and banking intelligence, said these scams often rely on building trust quickly before escalating pressure.
“Using information they gain through both conversations, they can then bypass security checks and create ‘proof’ that seems credible,” she said
How the scams typically unfold
Authorities say impersonation scams often follow a similar pattern designed to create urgency.
Common claims include:
- unauthorised transactions that need to be stopped
- accounts being locked or compromised
- new payees added without permission
- instructions to move money to a “safe account”
Once engaged, victims may be asked to:
- share one-time passcodes or passwords
- approve transactions in their banking app
- download software that gives remote access
- move money or cryptocurrency
- withdraw cash for collection
Det-Supt Andersson said pressure is a key warning sign.
“Cold contact from a banking provider via call, text or email, combined with an extreme pressure to act quickly and hand over personal information, should be treated as a potential scam,” she said.
Losses continue to rise
According to the ACCC, reported combined losses to phishing scams — which include bank impersonation — reached $97.6 million in Australia in 2025, up from $84.5 million the previous year.
Authorities say phishing scams involve criminals impersonating trusted organisations to trick people into sharing information or approving transactions. Some are combined with remote access scams, where victims are asked to install software that allows scammers to control their device.
‘Banks won’t rush you’
Mr Roberts said while scams are becoming more convincing, the warning signs remain consistent.
“Banks won’t rush you – and we will never ask you to share passwords, PINs or one-time codes, or move money to a ‘safe account’,” he said.
“If you get a call you’re unsure about, stop, hang up and contact your bank using the number on your card or through the app.”
What to do if you’re unsure
Police and CBA are urging Australians to pause and verify any unexpected contact.
“Pause and consider the veracity of the request. If in doubt, hang up and call the banking institution’s official phone number,” Det-Supt Andersson said.
She said people should never:
- share passwords or codes
- click banking links in messages
- move money on instruction from an unexpected caller
Authorities are encouraging people to report scams.
“Scams can affect anyone and you should not feel shame or embarrassment about reporting it,” she said.
If you're a customer and concerned you may have fallen victim to a scam here’s how to contact us.
Additional anti-scam initiatives from CBA
CBA was the first bank to integrate and share information into a new ‘anti-scam intelligence loop’ making it faster to report and remove scams across banking, digital platforms and telecommunications.
It’s aim is to improve Australia’s “whole-of-ecosystem” approach to combatting scams, by being the first bank to integrate and share information into a new anti-scam intelligence loop (intel loop).
Co-designed by the Australian Financial Crimes Exchange (AFCX) and National Anti-Scam Centre (NASC), the intel loop means banks, telecommunications networks, internet service providers and social media companies can share information on scams between themselves more easily - enabling faster action and greater protections.
CBA has a suite of anti-scam technology and collaborations aimed at helping protect customers from scams, including:
For more information on protecting yourself from scams and fraud, visit: commbank.com.au/commbanksafe
