Imagine seeing a huge online sale from a brand you recognise, receiving a message from a government agency, or getting a notification through a workplace platform like Microsoft Teams. Each of these situations feels normal, which is exactly why scammers are increasingly using them to target victims.
 

Today’s scams are designed to blend into everyday digital life. By impersonating trusted organisations, copying legitimate websites, or exploiting workplace tools, criminals are finding new ways to trick people into handing over money or sensitive information. Here are some of the most common scams circulating right now.

Online Shopping Scams

Online shopping scams use fake online stores designed to look like legitimate retailers. These sites often promote popular products, like clothing, electronics, or fan merchandise at massive discounts to lure people into making a quick purchase.
 

The websites may copy the branding and layout of well-known brands, making them appear convincing at first glance. But once payment is made, the product never arrives, or a cheap counterfeit item is sent instead. In many cases, the real goal is to capture payment details and personal information. 

Common red flags include:

• Prices that seem too good to be true 

• Website URLs that look slightly different from the real brand 

• Limited contact information or missing return policies 

• Poor spelling, grammar, or low-quality images 

Business Impersonation Scams

A business impersonation scam happens when criminals pretend to be a trusted organisation to trick people into handing over money or sensitive information. These scams often involve organisations people recognise and rely on, such as banks, government agencies, delivery companies, or major brands. Below are two examples currently circulating in Australia.

Australian Federal Police (AFP)

Scammers are pretending they work for the AFP and other law-enforcement agencies to deceive victims into sending them funds from their cryptocurrency accounts, or to share seed phrases, a list of random words used to help recover your account.

The victim will receive a call from someone claiming to be an AFP officer working on an investigation. The scammer may say the person has been involved in a data breach or financial crime, and that urgent action is required. They often pressure victims into transferring funds or sharing sensitive information. 

Medicare

Another common impersonation scam involves criminals pretending to be from Medicare. The message usually includes a link directing people to a fake website designed to look like an official Medicare page. Once there, victims are asked to provide personal details, banking information, or payment to “restore” access or replace a Medicare card. Because Medicare is an essential service for many Australians, scammers rely on the fear of losing access to healthcare to pressure people into responding quickly.

Red Flags of Business Impersonation Scams

• Unexpected contact claiming to be from a government agency or major organisation 

• Requests for urgent payments, especially through unusual methods like cryptocurrency or gift cards 

• Links directing you to websites asking for personal or financial details 

• Messages warning that your account will be suspended or restricted if you don’t act immediately 
  

The Unexpected Scam on the Rise: Microsoft Teams Scams

Scammers are now targeting workplace tools like Microsoft Teams to reach victims in a more trusted environment.
  

In this scam, attackers send guest invitations to join a Teams group with names designed to look like billing alerts, such as messages claiming there has been a subscription charge or payment issue. Because the invitation is generated through Microsoft’s system, the notification email often comes from a legitimate Microsoft address. This means it can bypass many email security filters and appear more trustworthy than a typical scam email.
 

Instead of using suspicious links or attachments, the scam message is built directly into the Teams group name itself, which may include a phone number or payment instructions. The scam relies entirely on social engineering. If someone believes the billing alert is real, they may panic and contact the number provided, where scammers attempt to convince them to make a payment or share sensitive information.