Scams are everywhere, and there are many different types. As scams are always changing quickly, the tactics and strategies used by scammers change quickly too. Here, we look at a loyalty points scam and an impersonation scam.
The more you can identify red flags and discrepancies in a situation, the safer you will be when you come across one of these swindles in the wild.
Today we’re looking into two common scams from the last 6 months to identify red flags and the goals of these swindles.
Loyalty Points Scams
Loyalty points scams have ramped up over the last few months, and scammers often build trust by using familiar names or create urgency that taps into the fear of missing out.
Loyalty programs can trigger both of these emotions, making it easier for scammers to collect personal and financial information, which are highly valuable. Psychology plays a significant role in why ruses are successful.
We decided to visit the link to see what happened.
We entered a fake email address, and the website advised us that we needed to spend our 3000 points before they expired. So we added some products to our cart.
Alas, it turns out that our points don’t cover the full balance of the items we want. So we will need to enter our full name, address, date of birth and card details.
The swindles are also brand-agnostic. The purpose of this is to “cast the widest net” and capture the largest amount of victims possible, as seen here:
What’s the goal?
The scammer starts with a critical piece of information: your phone number. However, they don’t yet know who owns this number.
By linking your email address to your phone number, a scammer gains a powerful tool, since both of these details are typically linked to vital online accounts.
This situation becomes even more alarming when you consider that a scammer has your full name, date of birth, phone number, and credit card details. They have enough information to impersonate you completely, making decisions and transactions in your name.
Impersonation Scams
Impersonation scams trick victims into providing money or personal information to a scammer who is impersonating an official or representative of business or government.
Government websites and official portals are a prime target for impersonation scammers, particularly given the wealth of information available within these portals.
Here’s an email we received recently. It suggested there was a new message in the Australian government portal called myGov:
Immediately there are two concerns:
We noted the email did not come from the official my.gov.auWe noted the link supplied in the email is not the official my.gov.au website but appears to be a malicious link.
When we visit the link above, we’re redirected to another website with a sign in page that looks legitimate:
However, this is not the official myGov website. Note the domain name is different to my.gov.au and our browser has luckily flagged the site as Dangerous.
For comparison, here is the real myGov portal. It is very hard to tell the real portal from the fake portal.
What’s the goal?
In this scam, the goal is to steal the credentials of anyone accessing the fake myGov website. Those credentials are stored by the scammer and may potentially be used on the real myGov website.
Then the victim’s account and personal information could easily be accessed, stolen and misused.
Help fight scams
You can help to fight scams by reporting them to the National Anti-Scam Centre via Scamwatch.gov.au/report-a-scam. Your reports are crucial — they help disrupt scammers, protect others, and prevent financial losses.
Currently, 30% of serious scams are unreported. Reporting can be done anonymously or on behalf of someone else. With your consent, information can be shared with relevant authorities to further combat scams.
You can also report directly to the police at cyber.gov.au/report. Reporting makes a difference.
Share your story
We’re encouraging all Australians to speak up, share and report scams.
Sharing your story helps others to spot, avoid and report scams, and recover from the harms caused by scammers.
Share your scam story using the hashtag #ShareAScamStory to help make Australia a harder target for scammers.
FAQs
What are loyalty points scams?
Scammers send fake messages, pretending to be from a company’s loyalty program, tricking you to click on a link or provide personal details. They aim is to steal your money.
Received a text? Never click on any links in unexpected messages about your loyalty points sent via text or on social media. Always visit the official website or app directly to check your points balance.
How do impersonation scammers contact me?
Scammers pretend to be from a trusted organisation like a bank or government department to trick you into giving them your personal information or money. They might contact you through phone calls, text message or email.
Never give out your personal contact details or financial information. Hang up the phone or delete the message.
If you think you have been scammed, contact your bank immediately and report it to the Australian Cyber Security Centre or law enforcement.
What are some common tactics used in impersonation scams?
They might tell you there is an unauthorised transaction on your account, threaten you with arrest or legal action. Or, ask you to pay money or transfer money to a “safe” account.
Stay safe,