Bank impersonation emails are the most financially damaging scam type targeting Australians — and they work because they look real. The Commonwealth Bank, ANZ, Westpac, and NAB logos are freely available online. The email templates look professional. And the messages create a sense of urgency that’s designed to override careful thinking. Understanding exactly what these emails look like — and having a simple rule for checking them — is more protective than any spam filter.
What your bank will NEVER ask you to do by email
🔴 If an email asks you to do any of the following, it is a scam:
The golden rule: If you’re unsure whether an email from your bank is real, do not click anything in it. Instead, open a new browser tab and go directly to your bank’s website by typing the address yourself, or call the number on the back of your card. Never use contact details from the suspicious email.
The 4 bank scam email types targeting Melbourne residents
Type 1 — “Your account has been suspended / unusual activity detected”
The most common type. The email claims your account has been temporarily locked or suspended due to “suspicious activity” and urges you to verify your identity immediately by clicking a link. The link goes to a convincing fake login page — whatever you type there goes directly to the scammer.
Tells: Generic greeting (“Dear Valued Customer”), urgent language, link URL doesn’t match the bank’s real website, email sender address is not from the bank’s official domain (e.g. @commbank.com.au)
Type 2 — “A new payee has been added to your account”
The email claims a new payment recipient has been added to your account (that you didn’t authorise), and provides a link to “cancel this immediately.” The urgency of not wanting an unknown payee to receive money is the hook — but clicking the link leads to the fake login page. Particularly effective because it feels like you’re protecting yourself.
Tells: You didn’t receive an SMS verification when this “payee was added” (real banks require SMS verification for new payees), the link URL on hover doesn’t match your bank, the payee name is designed to be alarming
Type 3 — “You have a secure message waiting”
Claims to be from your bank’s secure messaging system, with a button to “Read Message.” Clicking requires you to log in — which goes to a fake login page. This type is more subtle because it doesn’t create an immediate alarm about your account; instead, it creates curiosity. Real banks do use secure messaging systems, which makes this type harder to dismiss immediately.
Tells: Real secure messages from banks arrive after you’ve logged in to internet banking — not requiring you to log in through an email link. Hover the button to check the URL.
Type 4 — “Your tax refund is ready” (ATO impersonation)
Technically from the ATO rather than a bank, but closely related — it claims you have a tax refund waiting and asks you to “confirm your bank details” to receive it. Either leads to a fake myGov/ATO login page, or asks you to enter bank account details directly in the email. The timing of these often coincides with actual tax return season (July–October).
Tells: The ATO deposits refunds automatically to the BSB/account number registered in your myGov — they never email asking for bank details. Any such request is a scam.
The 10-second check — is this email actually from your bank?
Before doing anything with a suspicious email, do these three checks. If any one of them fails, the email is a scam.
Click on the sender’s name in the email to reveal the actual address. Real bank emails come from official domains: @commbank.com.au, @anz.com.au, @westpac.com.au, @nab.com.au. Scam emails use addresses like “security-alerts@commbank-secure.net” or “noreply@bank-au-verify.com” — the domain after the @ symbol is the giveaway. Anything that isn’t exactly the bank’s official domain is a scam.
On a computer: move the mouse pointer over any link or button without clicking — the actual URL appears in the bottom-left corner of the browser. On a phone: press and hold on the link — the actual URL appears in a popup. The URL must start with your bank’s actual domain (e.g. commbank.com.au, anz.com.au). Any URL that contains extra words, different spelling, or a different domain is a scam link.
If you’re genuinely concerned about something in the email, open a new browser tab and type your bank’s website address directly (e.g. commbank.com.au). Log in there. If there’s a real alert on your account, you’ll see it when logged in. If there’s nothing there, the email was a scam. This approach makes it impossible to land on a fake banking website via an email link.
The phone call that follows — how money is actually lost
⚠️ Understanding the two-step bank scam
Most people who lose significant money to bank scams don’t lose it by clicking an email link. The email is Step 1 — its purpose is to get you to enter your login credentials on the fake page, giving the scammer your username and password.
Step 2 is a phone call. Shortly after you enter your details, someone calls claiming to be from your bank’s fraud team. They know your name, they might know your account balance, and they explain that they’ve detected suspicious activity on your account — the same suspicious activity mentioned in the email. They then guide you through “securing your account.”
The actions they ask for in this call are what transfers the money:
- 🔴 Asking you to read out the one-time code (OTP) sent to your phone — this authorises a transaction
- 🔴 Asking you to transfer money to a “safe account” they’ve set up for you — the account belongs to the scammer
- 🔴 Asking you to install “bank security software” — this is remote access software that gives them control of your computer
The rule: Hang up immediately if you receive a call from someone claiming to be your bank, asking for any of the above. Call your bank back using the number on the back of your card to verify if the original contact was genuine.
Emergency checklist — I already clicked a link in a bank scam email
Do these in order — the faster, the better:
Frequently asked questions
Need help after a bank scam email?
We check for malware, secure email and banking accounts, and explain calmly what happened and how to stay safe. $89/hr, no call-out fee, all Melbourne suburbs.
Related safety guides
Serving all Melbourne suburbs — Doncaster, Camberwell, Box Hill, Glen Waverley, Kew, Hawthorn, Balwyn, Ringwood and all surrounding areas. View all service areas →
About Fixable: Friendly, patient on-site IT support across all Melbourne suburbs. NDIS Worker Screening cleared. Call 0435 955 429 or visit fixable.au