Protect your business and customers from scams
Combatting scams is a critical task for corporate Australia to protect consumers.
Key actions:
- Monitor for scammers impersonating your brand and brand assets.
- Keep your customers up-to-date about scams impacting your business.
- Prioritise good anti-scam practices.
Monitoring for brand misuse and impersonations
Scammers pretend to be associated with Australian companies, including Australian licensed financial service businesses, to deceive you into disclosing personal information and money.
It is important you take steps to protect your business and brand from being misused and impersonated.
Tips and resources for monitoring and staying ahead of suspicious activity
ASIC resources
- Keep company affairs up-to-date with ASIC, including fees which can be paid directly to ASIC.
- Register for ASIC’s free Company Alert Service to monitor your company affairs.
- Subscribe to ASIC’s publications such as InFocus to keep up-to-date with company and business name information.
- Regularly check ASIC’s registers for companies and business names registered with a close resemblance to your business name – note that ASIC must abide by laws regarding the registration of company and business names.
Additional resources
- Monitor who is mentioning your company online and on social media, including your business names, numbers and contact details – consider the use of online monitoring tools, such as Google Alerts.
- Find out when your domain names expire. Set a reminder in your calendar to renew them ahead of their expiry – if a domain name expires it may become available for anyone to purchase, including scammers.
- Consider registering similar domain names that could be used by scammers, as recommended by the Australian Signals Directorate's Australian Cyber Security Centre (ASD’s ACSC): Preventing business email compromise.
- Set up measures to prevent email spoofing: How to combat fake emails (ASD’s ACSC).
- Register your branded sender ID, in line with guidance provided by the Australian Communications and Media Authority (ACMA): Sending text messages with your business or organisation name.
- If you believe your business telephone number(s) has been spoofed, contact your telco and place a temporary voicemail message to alert your customers: Caller ID scams (ACMA).
- Be careful posting information online that may assist a scammer to appear more credible if they attempt to impersonate you or your staff, such as your email address or job title.
- Scamwatch provides further guidance on dealing with business impersonation scams.
Keeping your company and business details up to date is one of the simplest and most effective ways to protect your company from scams – it ensures you receive important ASIC correspondence, including annual statements, reminders, notices and alerts, helping you stay aware of any activity linked to your company.
Ensure you regularly review your registered companies and business names, cancelling registrations you no longer need, and monitor your company’s ASIC records.
To combat Australian financial services (AFS) licensee impersonations, AFS licensee website addresses will be published on the ASIC Professional Registers Search from June 2026. For more information, see AFS licensees: Providing and updating website addresses through the Regulatory Portal.
Registered agents
If you use a registered agent, you should expect them to meet strict obligations, including submitting accurate documents, keeping authority records, complying with requests for information, and maintaining an ABN.
You should also expect your agent to act lawfully, transparently, and ensure they hold proper authority before lodging documents on your behalf. If your agent resigns, or you do not want to use them anymore, make sure you update your details accordingly, including your addresses.
Warn your customers about scams impacting your business
Stopping a customer being targeted by scammers not only prevents their money being stolen, but also avoids the distress that scams cause and builds trust in your business. It is important you keep your customers informed if you become aware of a scam impacting your business, so they can be on alert.
Tips for warning customers
- Place prominent scam warnings on all your online channels, including your website, app and social media accounts.
- Add a warning banner or pop-up message prominently on your website’s homepage.
- If you became aware that customers may be or have been targeted by a scam, contact them directly using verified communication channels, and explicitly state what support you can (and can’t) offer, such as liaising with other entities connected in the scam, or helping with recovery.
- Include the word FAKE or SCAM across images of scams impersonating your business to help consumers recognise scam material.
- Make it easy for customers to find scam alerts and warnings by adding a dedicated page on your website, with a prominent link to that page on your homepage.
- Set up newsletter or alert subscriptions for customers to regularly receive new scam warnings.
- Include a prominent ‘Report a scam’ button or section on your website, with step-by-step reporting guidance for affected customers.
- Ensure your scams-related content is regularly updated and clearly communicates what a scam is.
- Add links to trusted websites that provide support for your customers who may have been scammed, such as:
- What to do if you've been scammed (Moneysmart)
- Report an investment scam (Moneysmart)
- What to do if you've been scammed (Scamwatch)
- Report a scam (Scamwatch)
Benefit of removing hyperlinks – Good anti-scams hygiene
Scammers often send links in email and text messages to reach unsuspecting targets. These links may lead to a fake invoice or website or malware.
By avoiding the use of hyperlinks in your communications, you can reduce the risk of scammers impersonating your brand and targeting your customers.
Use links only as a last resort.
Do not use links in messages that don’t require further action or information.
If you continue to send communications with links, acknowledge the risks of doing so and implement mitigation strategies. These can include avoiding the use of shortened URL services, which are used by scammers to disguise malicious links, and providing simple and clear messaging to your customers around how you will communicate with them, including examples.
If you remove hyperlinks from your business communications, be sure to let your customers know – this will make scams easier for them to spot.
Prevent phishing and business email compromise scams
Turning on multi-factor authentication (MFA) is a crucial way to prevent scammers seizing your accounts and defend against password-related attacks. The ASD’s ACSC provides additional MFA tips and guidance: Protect yourself: Multi-factor authentication (ASD’s ACSC).
Always check payee details before making a payment. If a business you regularly engage with sends you an email with new bank details, or unexpectedly includes new banking details on an invoice, this could be a sign they have been targeted by business email compromise.
Be alert
Train your staff to look out for phishing and business email compromise. For example, if a staff member receives an email with an unusual request, they should verify the communication by contacting the sender using known and trusted contact details – not those on the email.
Consider introducing an approval process for changes to customer or supplier payment details and large transfers, and a reporting process to deal with threatening or time-sensitive demands made of staff.
If you come across a suspected phishing site, avoid accessing this directly as it could contain malware or allow scammers to track your activity.
Visit the Australian Signals Directorate’s Australian Cyber Security Centre for further information, including guidance on how businesses can protect against and recover from business email compromise.
ASIC’s reviews of scam practices
ASIC has undertaken reviews of the anti-scam practices of the Australian banks, and published reports with observations to assist financial services businesses with minimising the impact of scams on their customers.
- Report 761 Scam prevention, detection and response by the four major banks (REP 761)
- Report 790 Anti-scam practices of banks outside the four major banks (REP 790)
We are increasingly seeing consumers face risks from automated decisions, AI-driven interactions, and scams amplified by technology.
It is crucial for businesses to consider how they are managing AI governance risks, including in relation to preventing scams and responding to customers who have been scammed.
Additional resources
- Dealing with business impersonation scam resources (Scamwatch)
- Government resources and international frameworks (ASIC)
Disclaimer
The information above does not constitute legal advice and does not in any way obviate or derogate from any statutory legal obligations you have to detect, minimise and prevent scams affecting your consumers and business. The primary responsibility for legal obligations in this regard still remain with your business. We encourage you to seek your own professional advice to find out how the Corporations Act 2001 (Cth) and other applicable laws apply to you, as it is your responsibility to determine your obligations.