Scam awareness

The information on this page will help you recognise, and protect yourself against scammers. 

It explains some of the most regular occurring scams and data breaches and shows you what to do if you suspect you may have been scammed or your information stolen. 

What is a scam?

A scam is an illegal trick, usually with the purpose of getting money from people. A scam is a type of fraud.

COVID-19 Scam alerts

Invoicing scam

Scammers are currently sending false billing emails. They look genuine and ask you to pay an invoice into an account that is different to the usual account you pay money in to for that provider or supplier.

If you receive one of these emails, you should:

  • call your provider and ask whether they sent this email with the change of bank account details, if they did not;
  • contact the NDIS fraud reporting hotline on 1800 650 717 or email    

If you have paid the invoice already, you should:

  • change your email account passwords
  • contact your bank or financial institution and report the scam 
  • ask your bank whether they can reverse the payment, freeze the scam account and/or recover the funds 
  • check your NDIS records for any unauthorised payments, withdrawals or updates
  • report the incident to the NDIS fraud reporting hotline on 1800 650 717 or email

Unauthorised access 

Reports of unauthorised access to the provider portal has led to false payment claims, using participant identities.  

If you see unusual claim activity, report it to the fraud reporting hotline by calling 1800 650 717 or emailing

Charity scams 

In the current climate, we have seen an increase in charity scams relating to COVID-19. These involve being contacted by somebody claiming to be from health related charities and services, contact can be made by phone, mail, email or face-to-face. 

Before you donate to any charity you should check if they are a registered charity on the Australian Government’s Australian Charities and Non-for-profit Register website.

Contact the NDIS fraud reporting hotline on 1800 650 717 or email if you believe you have been scammed by a fake charity.

Phishing scams 

Viruses or malware are sent via links in emails, documents, or on websites. They claim to provide information on how to protect yourself against COVID-19, or how to claim a payment. When you activate the link or open the document, the virus or malware collects personal information and data. 

Phishing scams often take the form of emails impersonating government organisation such has the Department of Health, Services Australia, NDIA, the Australian Taxation Office, or even the World Health Organisation. 

Contact the NDIS fraud reporting hotline on 1800 650 717 or email if you suspect your personal information has been stolen.

Data breaches

A data breach happens when personal information is accessed or disclosed without authorisation or is lost.

Most data breaches happen through a malicious or criminal attack, human error or a system fault. 

How will I know about a data breach?

The Privacy Act 1988 (Cth) requires an organisation, to tell you if their systems have been breached and it is likely to cause you serious harm.

An organisation may tell you about a data breach in an email, text message or phone call. If the organisation is unable to notify everyone, they may put a notice on their website, through social media, news articles or advertisements.

The notification should include:

  • the organisation’s name and contact details
  • the kinds of personal information involved in the breach
  • a description of the data breach
  • recommendations for the steps you can take in response to the breach.

What do I do if I’ve been told of a data breach?

For participants

If you are a participant and your personal information has been breached, please call 1800 650 717 or email We can help you take steps to protect your NDIS records.

We can add some extra security to help protect your NDIS funding, supports and records. We can also give you some advice and next steps.

Just because your information has been breached, does not mean that it is being misused. Taking steps to protect your information helps prevent someone from using it.

IDCARE  has general advice about data breaches, scams and identity fraud.

Further information can  be found at the Office of the Australian Information Commissioner website.

For providers

Providers may have legal obligations in relation to data breaches, and should consult the Office of the Australian Information Commissioner  for guidance.

If you have experienced a data breach, we strongly encourage you to tell us about it so that we can help to minimise the impact on our participants. 

Contact the fraud reporting hotline on 1800 650 717 or

What to do next

The NDIA has zero tolerance for fraud. Participants, their families and carers should feel confident the Agency is preventing, detecting, and responding to fraud, including scams.

We want to know if you feel someone has taken advantage of you, your plan budget or used your information in a way you have not given them permission to.

The NDIS has teams who can provide support and assistance to you if you have been scammed, or if you are concerned that your personal information has been stolen. 

Contact the NDIS fraud reporting hotline on 1800 650 717 or email if you have witnessed, or suspect fraudulent behaviour.

Keep an eye on the Scamwatch page  for up-to-date information about new scams. 

This page current as of
13 May 2020