In 2024, Australians reported losses of over 20 million dollars to phishing scams.

Jenny*, a 53 year old school administrator, was catching up on emails during her lunch break when she spotted one from what looked like MyState Bank. Her heart skipped a beat when she read that her account needed ‘urgent verification’ due to a security update. The email warned her banking access would be restricted if she didn't act within 24 hours.

Unfortunately, Jenny clicked the link. The website looked exactly like our MyState Internet Banking login page, same logo, same colours, even the same layout. Without a second thought, she typed in her details.

The moment of discovery

The next morning, Jenny went to transfer money for her daughter's school trip. That's when panic set in. Several transactions she didn't recognise had drained nearly $3,000 from her account. Her stomach dropped as she realised what had happened.

"I felt so stupid," Jenny told us later. "I'm usually careful about these things, but this email looked so real. They even knew my name." When Jenny called our team, we immediately recognised the signs of a sophisticated phishing attack. The fake website had captured everything the scammers needed to access her account and make transfers.

One of our Fraud Prevention specialists, who helped Jenny through the recovery process, puts it plainly: "These aren't the obvious scam emails from ten years ago with terrible spelling and weird formatting. Today's phishing emails can be incredibly convincing. Sometimes the only giveaway is a slightly odd email address or a website URL that's just a few letters off."

Spot the phishing scam ‘hook’ before you ‘bite’

So how can you tell if that urgent email is really from your bank? Here are the tell-tale signs:

  • That sense of panic they create; "Act now or else!"
  • Emails that include links asking you to click on them.
  • Addressing you as "Dear Customer" instead of using your name.
  • Little things like unusual spelling, odd spacing, or grammar that feels off.

Remember: We'll never send you emails with links asking for your password or verification codes. That's not how we do things at MyState.

Protect yourself from being ‘hooked’

Here's how to protect yourself from these scams:

  • Trust your gut. – if an email feels even slightly off, it probably is.
  • Take a breath. – Scammers count on you panicking and acting fast. Don't let them rush you.
  • Go the long way round. – Instead of clicking links, open your browser and type in the official domain yourself, example: Type in mystate.com.au yourself, or use our official app.
  • Call us. – If you're unsure about an email claiming to be from us, just give us a ring. We'd rather chat with you than see you scammed.

What to do if you spot a ‘fishy’ email

Don't click anything, or respond
Forward it to alerts@mystate.com.au so we can investigate.
Delete it from your inbox including your deleted inbox.
Phishing scam
"I now tell everyone, if you get an urgent email from your bank, stop and pick up the phone instead. Those few minutes could save you thousands, it was an expensive lesson to learn." Jenny