iscover 
New information from the Australian Federal Police (AFP) and the Commonwealth Bank of Australia (CBA) has revealed that scammers are refining their tactics when it comes to impersonating banks, including copying bank hold music and co-ordinating calls to bypass security checks.
According to the AFP and CBA, modern scammers are utilising increasingly sophisticated, “tag-team” tactics to defraud Australians by posing as authority figures from banks to drain accounts.
Consumers are increasingly being tricked into thinking that the scammer is their actual banking institution due to them increasingly knowing personal information, such as their date of birth, account details, and bank balances, which have been acquired through previous cyber attacks.
These bank impersonation scams aim to frighten bank victims by suggesting that there have been pending unauthorised payments, which can only be reversed or cancelled once banking details or codes are shared, or by telling customers that their bank account is locked and can only be unlocked if acted upon immediately.
Specific methods flagged involve:
- “Safe account” transfers, where victims are pressured into moving life savings to bogus accounts or hand cash over to a courier for ‘safekeeping’, after being alerted to fake unauthorised payments.
- Fake hold music and technical redirection, where scammers replicate a bank’s environment to capture PINs and codes, or manipulate the victim to download software allowing them full control of their device.
- Crypto ledger manipulation, where scammers use leaked data to convince victims their wallets are compromised, tricking them into revealing seed phrases. By working in pairs to concurrently call both the victim and the bank, these ruthless actors bypass security checks in real time, sometimes stealing hundreds of thousands of dollars in a matter of hours.
In one recent example, a victim was contacted by a scammer purporting to be from a bank’s fraud team, who said there had been suspicious activity in a business bank account. The scammer asked the victim to verify personal and banking details (which they already had) and provide the PIN.
The scammer said the card would have to be cancelled and reissued, and the customer registration number (CRN) would need to be changed.
They also said that due to malware, the bank’s app should be deleted and reinstalled, and that they would text a code to verify the new CRN.
The victim only became suspicious after being placed on hold several times to verify other transactions and became suspicious as the hold music was different to the usual hold music they were accustomed to.
When the victim called the bank through its main number, $197,000 had already been transferred out of the accounts. It is uncertain if the funds will be returned.
‘Scammers are getting better at sounding convincing’: CBA
The details have been issued as part of the Joint Policing Cybercrime Coordination Centre (JPC3), which draws on banking industry intelligence to showcase the changing tactics used by scammers in a bid to improve customer vigilance.
AFP detective superintendent Marie Andersson said scammers were extremely tech-savvy, adaptable, and ruthless, particularly when it came to presenting as helpful voices of authority.
“Scammers approach victims armed and ready using secure information such as their name, date of birth, account details, and bank balances, acquired through previous cyber-attacks or data breaches,” Andersson said.
“This allows scammers to build trust and legitimacy with their victim and acquire additional information or access to complete their scam.
“We are also seeing scammers acquire this information in real-time by working in pairs. One scammer will contact a bank and pretend to be the victim, while concurrently, another scammer is calling the victim and pretending to be a representative of the banking provider.
“Using information they gain through both conversations, they can then bypass security checks and create ‘proof’ that seems credible.
“We want to encourage victims to report these scams – remember scams can affect anyone and you should not feel shame or embarrassment about reporting it.”
She added that recognising the warning signs early and refusing to act under pressure was the best defence against bank impersonation scams.
“Cold contact from a banking provider via call, text or email, combined with an extreme pressure to act quickly and hand over personal information, should be treated as a potential scam,” Andersson said and urged people to hang up and call the banking institution’s official phone number if in doubt.
“We understand that the threat of losing any money is scary, but what is scarier is actually losing money, sometimes even life savings, to a scammer.”
James Roberts, CBA’s executive general manager of group fraud and scams, added: “Scammers are getting better at sounding convincing, but there are a few simple things to remember that can help keep you safe.
“Banks won’t rush you – and we will never ask you to share passwords, PINs or one-time codes, or move money to a ‘safe account’,” he said.
“If you bank with us and get a call you’re unsure about, stop, hang up and contact your bank using the number on your card or message us securely in the app.
“Do not call back the number that contacted you or any number from a suspicious SMS or email."
To help Australians spot the warning signs and navigate online banking more safely, the JPC3 has launched ‘ClickFit: Impersonation Scams’ – a national cyber crime awareness campaign supported by law enforcement across the country.
ClickFit encourages Australians to build simple habits into their online routine to protect their personal information, bank accounts, and money from cyber criminals.
The initiative outlines six essential steps, including pausing before acting on unexpected contact, verifying requests through official channels, and never sharing sensitive passwords or codes. By securing accounts with multi-factor authentication and reporting suspicious activity immediately, individuals can also better protect their personal information and finances from sophisticated scammers.
In 2025, Australians reportedly lost $97.6 million to phishing scams, which include victims of bank impersonation scams. This was up from $84.5 million reportedly lost in 2024.
Other recent impersonation scams flagged recently include scammers posing as brokers, setting up fraudulent websites, and posting advertisements on social media platforms offering personal loans.
Indeed, a recent Equifax survey found three-quarters of brokers had been impacted by scams or fraud.
Separate data from Equifax shows Australian lenders prevented more than $1.5 billion in fraudulent financial applications in 2025, despite a rise in fraud attempts.
[Related: Fake brokers target borrowers in new loan scam alert]
Want to see more stories from trusted news sources?Make Broker Daily a preferred news source on Google.