A scam is an illegal trick. Scams usually try to get money illegally from people. A scam is a type of fraud.

Scams target people of all backgrounds, ages and income levels across Australia. All of us may be vulnerable to a scam at some time.

Scams succeed because they look like the real thing and catch you off guard when you’re not expecting it. Scammers are getting smarter. They take advantage of new technology, new products or services and major events to create believable stories that will convince you to give them your money or personal information. 

Our factsheet explains more about scams:

We publish scams alerts if we become aware of scams targeting participants, nominees and providers.

Types of scams

Impersonation scam

Threat-based impersonation scams are common and can be traumatic for the victim. Typically, scammers pretend to be from a well-known trusted business, government department or organisation and they threaten you into handing over your money or personal details.

Participants have reported receiving calls from scammers pretending to be from the NDIA. The scammers will usually claim that there is a debt against your plan and that you will lose access to the NDIS if you don’t provide them with personal information including bank details, addresses, and Medicare details. They may also ask participants to repay these ‘debts’.  

The call can sometimes appear to come from a legitimate provider. Scammers can sometimes ‘spoof’ a provider’s phone number and it will show up on your phone. Sometimes these calls will come from a private number. 

The NDIA will never call you and threaten to cancel your access to the NDIS because of a debt. 

Invoicing scams

Scammers will sometimes send false invoices via email. These emails will often look like the real thing and will ask you to pay an invoice into an account that is different to the usual account you pay money into.

If you receive one of these emails, you should call your provider and ask them whether they sent this email. If they didn’t, you should report it to us.

If you have accidentally paid the invoice, you should also:

  • change your email account passwords
  • contact your bank or financial institution and report the scam 
  • ask your bank whether they can reverse the payment, freeze the scam account and/or recover the funds 
  • check your NDIS records for any other unauthorised payments, withdrawals or updates.

Phishing scams

Phishing is a way that cybercriminals steal confidential information such as online banking logins, credit card details, business login credentials or passwords/passphrases.

They do this by sending fraudulent messages and emails (sometimes called ‘lures’).

Some phishing scams will claim to provide information on how to protect yourself against COVID-19, or how to claim a payment. If you click the link or open a document, a virus or malware will start to collect your personal information and data. 

Phishing scams often impersonate government departments including the NDIA, Department of Health, Services Australia and the Australian Taxation Office.

Charity scams

Some scammers will contact you via phone, mail, email or face-to-face and pretend to be a charity. Often these messages will look like they real thing, but then they will ask you to click on a link, make a payment or provide personal information.  

Before you donate to any charity you should always check if they are registered charity with the Australian Charities and Not-for-profit Commission Charity Register .

Unauthorised access

Scammers who have accessed your information illegally may use that information to make false claims against your plan. 

Report a scam

The ACCC provides information to Australians about how to recognise, avoid and report scams. 

To report a scam, visit Scamwatch.

If a scammer contacts you pretending to an employee of the NDIA or an NDIS provider, you should report it to us by:

  • calling the NDIS Fraud Reporting and Scams Helpline on 1800 650 717 
  • emailing [email protected].

Case study

This page current as of
16 November 2021
Indicates required field
Was this page useful?*
Why?
Why not?