What is the very first thing to do after being scammed?

Call your bank's fraud line before you do anything else. The number is on the back of your card or in your banking app. Tell them you have been scammed and ask them to stop or recall the payment and freeze the affected account. If money has just left your account by bank transfer, ask specifically for an NPP or Osko recall. The faster the bank acts, the better the chance the funds are still sitting somewhere they can claw back.

Can a bank reverse a scam payment in Australia?

Sometimes, but it is not guaranteed. Real-time transfers move in seconds, and once a scammer pulls the money out of the receiving account it is usually gone. Your bank can attempt an NPP or Osko recall to ask the receiving bank to return any funds that have not yet been moved on. Card payments may be eligible for a chargeback. Acting within minutes or hours gives you the only realistic window, which is why the first call matters more than anything else you do.

What order should I change my passwords in?

Email first, because a scammer with your email can reset every other account through password-recovery links. Then your banking and any financial logins. Then anything that shares the same password as the compromised account, because reused passwords are the most common way one breach becomes five. Turn on two-factor authentication as you go. Change passwords from a device you trust is clean, not the one that may have been compromised.

Who do I report a scam to in Australia?

Report to Scamwatch at scamwatch.gov.au, which is run by the National Anti-Scam Centre and tracks scam patterns nationally. Report cybercrime such as hacking or remote-access fraud through ReportCyber at cyber.gov.au. If your identity documents are exposed, contact IDCARE on 1800 595 160, Australia and New Zealand's identity and cyber support service. Reporting will not usually get your money back on its own, but it builds the record you may need for a bank dispute or an AFCA complaint later.

What should I document after a scam?

Everything, and quickly, before anything gets deleted. Screenshot the scam messages, emails, payment confirmations and any websites involved. Note the transaction IDs, amounts, account or BSB numbers the money went to, and the dates and times in AEST. Keep a simple timeline of what happened and who you spoke to. This record is what your bank, IDCARE and AFCA will ask for, and a thin record is one of the most common reasons a dispute stalls.

Should I keep using my phone or computer after a scam?

If the scam involved installing an app, clicking a link, or giving someone remote access to your device, treat that device as untrusted until it has been checked. Malware can sit quietly logging keystrokes and capturing banking sessions. Do your password changes from a different device you know is clean, and get the suspect device scanned or wiped. For a remote-access situation specifically, follow our device-cleanup guide and consider a professional checkup before you log back into anything sensitive.

Scammed? The First 24 Hours: Emergency Checklist (Australia)

Quick answer: Call your bank's fraud line first and ask for the payment to be stopped or recalled, then change your email password, then your banking password, then anything that reused that password, turning on two-factor authentication as you go. Document everything, then report to Scamwatch, ReportCyber and IDCARE. Speed is the whole game.

The first hour after a scam is worth more than the next ten. I have watched this play out from the repair bench for years: the people who get some money back are almost always the ones who rang their bank within minutes, and the people who lose the lot are the ones who spent the first hour in shock, re-reading the messages, hoping it was a mistake. It usually isn't.

This is a checklist, in order. Work top to bottom. Don't stop to feel embarrassed, and don't try to investigate the scammer yourself. Your only job in the first 24 hours is to cut off the money, lock the accounts, and build a record. I am a repair tech, not a bank or a lawyer, so I will be blunt about what these steps can and cannot do.

Hour Zero: Stop the Money

Before email, before reporting, before anything: ring your bank. The fraud number is on the back of your card and inside your banking app. Tell them plainly that you have been scammed and you need the payment stopped.

Do this first

Ask for an NPP or Osko recall by name

Most instant transfers in Australia move over the New Payments Platform (the system behind Osko). Once a payment lands in the scammer's account, your bank can ask the receiving bank to return it — this is a recall. It only works if the funds are still there. Scammers move money on fast, often within minutes, through mule accounts and crypto, so the recall window is short. Ask for it anyway, by name, and ask them to flag the receiving account as fraudulent.

If you paid by card, ask whether the transaction qualifies for a chargeback. If you sent cryptocurrency or bought gift cards, be realistic: those are very hard to reverse, but still report them.

While you have the bank on the phone, ask them to freeze or put a hold on the affected account and card, and to watch for further attempts. If the scammer has your card details, assume they will try again within hours.

Hour One: Lock Down Your Accounts

If the scam touched any login, the scammer may already be inside. Change passwords in this exact order, and do it from a device you trust is clean. If the scam involved an app you installed or a link you clicked, that device may be compromised, so use a different phone or computer to reset things. Our guide on the warning signs that you have been hacked covers what to look for.

Email first. Your email is the master key. Anyone with it can reset the password on almost every other account through recovery links. Change it, sign out all other sessions, and check for sneaky mail-forwarding rules the scammer may have added. If your inbox is a Gmail account, our Gmail recovery walkthrough shows exactly where those settings hide.
Banking and finance next. Online banking, any buy-now-pay-later accounts, PayPal, super, share platforms. New password on each, two-factor on.
Reused passwords after that. If you used the compromised password anywhere else, those accounts are next in line. Reused passwords are how one breach quietly becomes five.
Turn on two-factor authentication everywhere it is offered. Even a stolen password is useless if the scammer cannot pass the second step. Prefer an authenticator app over SMS where you can.

One thing people get wrong: they change their banking password but leave the email it recovers from untouched. The scammer just resets it straight back. Email always goes first.

Hours One to Three: Document Everything

Evidence decays. Messages get deleted, links go dead, and your own memory of the exact times blurs by tomorrow. Capture it now while it is fresh.

Screenshot the lot Texts, emails, chat threads, payment confirmations, any website the scammer sent you to. Screenshots survive even after the scammer deletes their side.

Write down the money trail Transaction IDs, amounts, the BSB and account number or wallet address the money went to, and your reference numbers.

Log times in AEST Note when each message arrived and when each payment was made, in Australian Eastern time. A clean timeline carries weight in a dispute.

Keep a who-you-spoke-to list Bank reference numbers, the name of the operator, and what they told you. You will need this if you have to escalate later.

This record is not busywork. It is the file your bank, IDCARE and, if it comes to it, AFCA will ask for. A thin record is one of the most common reasons a dispute stalls or gets knocked back.

Hours Three to Twenty-Four: Report It

Reporting rarely gets your money back by itself. Be clear-eyed about that. What it does is create the official record behind any bank dispute, feed the national picture so others get warned, and, in identity-theft cases, get you expert help fast.

Scamwatch — report a scamRun by the National Anti-Scam Centre. Reports help track scam patterns and warn others. ReportCyber — Australian Cyber Security CentreReport hacking, remote-access fraud and other cybercrime. Find the "report" path on the site. IDCAREAustralia and New Zealand's identity and cyber support service — 1800 595 160, Mon to Fri 08:00–17:00 AEST.

Call IDCARE on 1800 595 160 if any identity documents are exposed: driver licence, Medicare card, passport or tax file number. They are a free, not-for-profit service and they will build you a tailored response plan, including which documents to replace and how to put a ban on your credit file so nobody can take out loans in your name.

If you are not sure exactly which scam hit you, or whether a website was even real, our breakdown of how to spot a fake online store and our explainer on the AI-powered scams now targeting Australians will help you work out what you are dealing with and what to tell the bank.

Reduce Your Exposure Going Forward

Once the immediate fire is out, it is worth quietly closing the gaps that let the scammer reach you. I am not going to oversell any single tool. A password manager and two-factor authentication do most of the heavy lifting. Beyond that, a VPN can reduce some of your exposure on public networks and limit certain tracking, though it is one layer and not a force field. If you want the honest version of what it does and does not stop, we wrote one: what a VPN actually prevents against Australian scams.

The bigger protection is behavioural. Slow down on anything urgent, verify money requests through a second channel, and treat unexpected links as guilty until proven innocent. Scammers run on pressure. The pause is the defence.

The single biggest predictor of how a scam ends is not how clever the victim is. It is how many minutes passed before they rang their bank.

When Your Device Is Part of the Problem

If the scam involved giving someone remote access, installing an app, or clicking a link that may have dropped malware, the device itself is now a risk. It can sit quietly logging your keystrokes and capturing banking sessions long after the scammer hangs up. Don't log back into anything sensitive on it until it has been checked. Our companion guides on what to do after giving a scammer remote access and the realistic side of getting your money back pick up from here.

Worried your phone or computer is compromised?

If the scam touched your device — a remote-access tool, a dodgy app, a clicked link — don't trust it until it has been checked. We scan for malware, remove what's there, clear malicious settings, and help you get your accounts back on solid ground before you log in again.

Central Coast locals can walk in to our Erina workshop for same-day diagnosis, or read more about our scam recovery service.

Book a Security Checkup

Scammed? The First 24 Hours — An Emergency Checklist