AI-Powered Scams: What Every Australian Needs to Know in 2026

Scammers have always been clever — but in 2026, they’ve got a powerful new tool in their kit: artificial intelligence. AI is helping cybercriminals craft more convincing phishing emails, clone voices, and even impersonate people on video calls. If you think you can spot a scam because the email has bad spelling or a dodgy logo, think again.

Here’s what’s happening, and more importantly, what you can do to protect yourself and your business.

The New Face of Scams

1. AI-Generated Phishing Emails

Phishing emails used to be easy to spot — poor grammar, generic greetings, obvious fake logos. AI has changed that. Scammers now use large language models to write highly personalised, grammatically perfect emails that reference your real name, your employer, or even recent transactions. They look exactly like they come from your bank, the ATO, or even your own boss.

What to watch for: Even if an email looks perfect, don’t click links. Go directly to the website by typing the address in your browser, or call the organisation on their official number.

2. Voice Cloning (“Vishing”)

Scammers can now clone a person’s voice from just a few seconds of audio — taken from a social media video, a voicemail, or a public recording. They’ve used this technique to call employees and pose as their CEO, asking them to urgently transfer funds or share login credentials. This is sometimes called a “voice phishing” or vishing attack.

What to do: If you receive an unexpected urgent call — even from someone who sounds exactly like your manager — hang up and call them back directly on a number you already know.

3. Fake MyGov, ATO, and Bank SMS Messages

SMS scams impersonating the ATO, MyGov, Medicare, and the big four banks remain among the most reported scams in Australia. Scammers use “SMS spoofing” to make their message appear in the same thread as a legitimate message from your bank. They’ll tell you there’s a problem with your account, a refund waiting, or unusual activity — and provide a link to a convincing fake login page.

Golden rule: No legitimate Australian government agency or bank will ever ask for your password, PIN, or one-time code via SMS or email.

4. Remote Access Scams

These remain extremely common, particularly targeting older Australians. A caller claims to be from “Telstra,” “Microsoft,” or “the NBN” and tells you your computer has a virus or your internet is about to be cut off. They ask you to install remote access software (like AnyDesk or TeamViewer) so they can “fix” it — and once in, they drain bank accounts or install malware.

Remember: Microsoft, Telstra, and the NBN Co will never call you out of the blue about a problem with your computer or internet connection. Hang up immediately.

5 Steps to Protect Yourself Right Now

Turn on Multi-Factor Authentication (MFA) — Enable MFA on your email, banking, and Microsoft 365 accounts. Even if a scammer gets your password, they can’t log in without the second factor.
Keep software and devices updated — Security patches close the vulnerabilities scammers exploit. Set Windows and your apps to update automatically.
Use a password manager — Unique, strong passwords for every account mean one breach doesn’t compromise everything.
Back up your data — Ransomware attacks are on the rise. A good backup (ideally offsite or cloud-based) means you can recover without paying a ransom.
Talk to your family and staff — Awareness is your best defence. Make sure everyone in your household and your team knows these tactics exist.

Already Think You’ve Been Scammed?

Act quickly:

Contact your bank immediately to freeze your accounts or reverse transactions.
Change your passwords, starting with email and banking.
Report it to Scamwatch (run by the ACCC) and the Australian Cyber Security Centre (ACSC).
If you gave someone remote access to your computer, call us — your device needs to be checked and cleaned before you use it again.