How to spot a brand impostor

What a brand impostor is

A brand impostor is any account, domain, or page set up to look like a legitimate organisation. Common targets in Australia are banks (ANZ, CommBank, Westpac, NAB), exchanges (Coinbase, Binance, Independent Reserve), retailers (Amazon, eBay, Catch), and government agencies (Auspost, MyGov, ATO, Centrelink). The impostor uses the brand's logo, colours, and copy to build trust before asking for money or credentials.

Brand impersonation is the most common scam vector reported to ScamWatch. In 2024, ATO impersonation scams alone accounted for over $20M in reported losses across Australia.

The five signs

1. Wrong domain. Real ANZ is anz.com.au, not anz-au-login.com or anz.security-update.com. Real CommBank is commbank.com.au, not commbamk.com.au.
2. Wrong social handle. Real CommBank on X is @CommBank, not @CommBank_Au_Verify or @CommBank_Support. Big brands almost never use underscore-heavy handles or 'support' suffixes.
3. Asking for things the real brand wouldn't ask for. No real bank will message you for your full credit card number plus the security code. No real ATO officer will demand payment in iTunes vouchers or crypto.
4. Artificial urgency. 'Verify within 15 minutes or your account closes.' 'Pay within 24 hours or face arrest.' Real consequences don't have countdowns.
5. Small visual details that are off. Fuzzy logo, wrong shade of brand colour, footer with no proper company registration details (ABN, ACN, registered office address). Real businesses include this; impostors don't bother.

Three patterns to learn

Three lookalike patterns come up over and over. None of them are AVA-specific tricks: any human can learn to spot them in a domain or handle.

• Lookalike characters. The 'a' in anz might be a Cyrillic 'а' that looks identical to a human but is a different character to a computer. Hard to see by eye; if you have any doubt, type the real domain into your browser yourself.
• Near-misses on spelling. commbamk.com.au, comnbank.com.au, com-bank.com.au. One letter off. Slow down and read the part right before the .com or .com.au.
• Wrong top-level domain. Real ANZ is anz.com.au, not anz.com. Real CommBank is commbank.com.au, not commbank.online. Australian businesses end in .com.au; treat anything else as suspect.

For any of these, AVA combines multiple independent signals to score the entity from 0 to 100. See the public how-it-works summary for our methodology overview.

What to do

Type the brand's real domain into your browser yourself. Don't click links from unsolicited emails, SMS, or DMs. If you receive something that claims to be from your bank or a government agency, find the real customer service number through a search engine and call them.

If you've already given credentials or money to an impostor:

1. Change the real account's password on the real site immediately.
2. Call your bank's fraud line (the number on the back of your card, not from the message).
3. Report it at AVA's report form and to ScamWatch.