Australia warns of scam surge during Prime Day sales
Mon, 6th Jul 2026 (Today)
Australian regulators and cybersecurity experts are warning of a heightened wave of scams as new prevention and identity verification rules coincide with major online sales events. The concerns centre on text and email fraud, brand impersonation, and the speed of real-time payments.
Amazon Prime Day and other major sales events have become prime targets for cybercriminals, who exploit spikes in digital shopping activity. Consumer groups, including Scamwatch, have flagged a rising volume of scams impersonating trusted brands, especially in delivery updates and promotional offers.
Security specialists say criminals now use artificial intelligence to generate convincing messages and websites that closely mimic legitimate retailers and service providers. That makes traditional warning signs, such as spelling errors or unusual formatting, less effective in helping users spot fraudulent communications.
"Major sales events like Amazon Prime Day are not just a busy time for shoppers. They are also a busy time for scammers. Cybercriminals know consumers are actively looking for deals, expecting delivery updates and engaging with promotional messages, making it easier for fraudulent emails, text messages and websites to appear genuine and catch consumers off guard," said Adam Marrè, chief information security officer at Arctic Wolf.
Marrè said AI is changing the scale and sophistication of consumer scams.
"With AI, cybercriminals can create personalised messages at scale that mimic trusted brands, making it increasingly difficult for consumers to tell the difference between a genuine offer and a scam," he said.
He urged shoppers to avoid clicking links in unsolicited messages about orders or deliveries, and instead verify activity directly through retailer apps or websites.
"Consumers should be cautious of messages claiming there is a problem with an order, payment or delivery, particularly if they create a sense of urgency or ask users to click a link. The safest approach is to go directly to a retailer's website or app to verify any activity rather than following links in emails or text messages," he said.
The consequences can extend far beyond a single purchase.
"A successful phishing attempt can have consequences that extend far beyond a single transaction. If scammers gain access to login credentials, they may be able to take over online accounts, access personal information, make unauthorised purchases or use stolen details in future fraud attempts. Taking a few extra moments to verify a message could help prevent a small mistake from turning into a much bigger issue, such as identity fraud or financial loss," he said.
Regulators are responding with new frameworks that place more responsibility on organisations across the communications and payments ecosystems. The Australian Communications and Media Authority has launched an SMS Sender ID Register to distinguish between verified and unverified business messages.
The scheme changes how brand names appear in text inboxes. Verified senders display as authenticated, while unregistered brands are labelled unverified, giving consumers a new signal when they receive unexpected texts from banks, delivery firms or government agencies.
"In 2025 alone, text message scams cost nearly $18 million and most Aussies will have experienced the moment of hesitation when they receive a text claiming to be from their bank, a delivery company or a government agency1," said Hugh Haley, senior director of partners and carriers for APAC at Sinch.
"By using trusted brand names to exploit everyday people, scammers don't just take people's money, they erode the confidence that government organisations and businesses have worked hard to build up with their customers. Trust in communications matters - it means that people receive and validate the hospital appointment they've requested, or the parcel they've paid for. When this trust is broken, people and businesses lose more than just money," he said.
"That's why the Sender ID Register is so welcome. Anything that makes it harder for scammers to exploit everyday people, and which will help organisations rebuild trust, is a step in the right direction," he said.
"At Sinch, we've long supported strong, industry-wide action on scams, and we'll keep working with regulators, telcos and businesses to build on this," he said.
Australia has also introduced a Scams Prevention Framework that changes expectations for banks, telcos and digital platforms, particularly around real-time payments through systems such as NPP, PayID and Osko. The rules increase scrutiny of how quickly institutions detect and interrupt suspicious transfers.
"The Scams Prevention Framework from 1 July marks a significant shift in how Australia addresses scams, moving from reaction to prevention and raising the bar for organisations across the scam ecosystem," said Trent Gunthorpe, general manager for the Pacific region at ACI Worldwide.
He said scams usually begin outside the banking system, but financial institutions are often the final gatekeeper once a victim initiates a transfer.
"Scams rarely originate inside a bank. They may start with a text message, social media advertisement or fraudulent investment website, but by the time a customer initiates a payment, the bank is often the last line of defence," he said.
Consumers increasingly expect a coordinated response across sectors, particularly as instant payments reduce the time available to stop fraudulent transfers.
"Consumers increasingly expect banks, telecommunications providers and digital platforms to work together to identify risks earlier and intervene before funds leave an account. Australia has also built one of the world's most advanced real-time payments systems through the NPP, PayID and Osko, meaning institutions have only a small window to identify suspicious behaviour, make decisions and stop fraudulent transactions before funds move," he said.
"The challenge from 1 July is ensuring scam detection and intervention can operate at the same speed as the payments themselves," he said.
The framework also puts new emphasis on documented, proactive measures.
"One of the biggest changes under the framework is the focus on demonstrating preventative action," he said.
"Organisations will need to show not only what protections existed, but how effectively those protections were applied before a scam occurred, because in a real-time payments environment accountability ultimately comes down to evidence," he said.
Artificial intelligence is emerging as a central tool in this environment, both for scammers and defenders.
"Artificial intelligence is becoming a critical part of that capability. According to ACI Worldwide's global survey on fraud and financial crime, 51% of organisations have already deployed AI for fraud prevention, while a further 47% are implementing AI capabilities expected to go live within the next 24 months. AI is rapidly shifting from a competitive advantage to a core requirement for effective fraud and scam prevention," he said.
Gunthorpe said collaboration across banks, telecommunications providers and digital platforms is now essential if organisations are to disrupt scams earlier in their lifecycle.
"Many scams begin well before a payment is initiated, whether through a text message, phone call, social media advertisement or fake investment platform," he said.
"The effectiveness of the framework will depend on whether intelligence can be shared quickly enough to disrupt a scam before a payment is executed. That's a very different challenge from investigating a scam after the money has already gone," he said.
International approaches in the United Kingdom and Singapore have already increased organisational liability for scam losses. Australia's approach reflects the same focus on outcomes.
"Internationally, regulators are increasingly making organisations accountable for scam outcomes, not just scam processes. The UK's authorised push payment reimbursement regime and Singapore's Shared Responsibility Framework have both raised the cost of failing to prevent scams," he said.
"Australia's framework reflects the same shift. The organisations that succeed will be those that can identify threats and intervene before money moves, because ultimately the measure of success is simple: fewer Australians losing money to scams," he said.