Scam Alerts
This page explains how to spot a scam, current scam examples and what you should do if you suspect you may have encountered a scam. Additional resources included at the bottom of the page.
What are scams, how to stay safe and where to get help?
What is a scam?
Scams are malicious acts by online criminals to collect information about customers which can then be used to steal an individual's money, personal and/or financial information. Your personal information could potentially be used to steal your identity, sold on the dark web and in some cases used to demand a ransom. It can be a frightening experience and even the most scam savvy customers can fall prey.
What to look for
Scams are designed to look authentic, copying features from our branding, such as our logo and colour scheme. At Woolworths, we want our customers to be equipped with the right information to know what to look out for and how to spot the difference between legitimate communication from us and communication distributed by scammers.
Be careful of links
Links embedded in scam messages will often direct you to a fake website which may look real, but will have a different web address not associated with Woolworths or any of our brands. The differences may be very subtle, such as www.wollwoorths.com.au instead of www.woolworths.com.au
If in doubt, please email us
If you receive any suspicious communications that appear to be from Woolworths, please forward them directly to hoax@woolworths.com.au for further investigation by our Cyber Security team.
Top tip
Stay vigilant, think before you click!
Current scams
Social media scams
Scammers are leveraging social media in attempts to collect personal information and personalise their communications with you. Be careful what content you engage with online and verify what you are engaging with is from Woolworths’ legitimate channels.
Be suspicious of:
Newly-created profiles with limited content
Grammar and spelling errors
A profile you thought you were already connected with. It could be a cloned account
A profile of someone you have never met and do not know
Profiles with a description you would find on a dating website
Contain a different URL address than the one you would expect when you hover over it
SMS scams
Smishing or SMS scams are a popular way online criminals persuade you to tap on a link. SMS scams are often specifically crafted to look like they are from a legitimate organisation and encourage you to verify your details to claim a prize by tapping a link contained within the message. The link may take you to a website that asks you to verify your account details by entering them on the website or even compromise the information on your phone by downloading malicious software.
Be suspicious of messages that:
Contain instructions to click on a link, pop-up, or attachment
Create a sense of urgency by attempting to rush, scare or entice you
Request sensitive, personal and/or financial information
Are from individuals or organisations that don’t usually contact you
The following images are some examples of recent scams attempting to lure customers by getting them to click on links to claim prizes. There are not legitimate messages sent from Woolworths and customers should take care to avoid clicking on links such as these or any links from unverified sources.
Always remember, if in doubt, do not click. Call the service or product provider instead.
Email phishing scams
Phishing is a socially engineered attack designed to trick users into clicking malicious links or giving up personal information. Phishing emails are designed to look like they’re coming from a credible source or website, but they’re actually sent by online criminals.
Be suspicious of emails that:
Contain instructions to click on a link, pop-up, or attachment
Create a sense of urgency by attempting to rush, scare or entice you
Request sensitive, personal and/or financial information
Contain branding or spelling that doesn't feel quite right
Are from individuals or organisations that don’t usually contact you
Contain a different URL address than the one you would expect when you hover over it
Phone scams
Telephone-based scam callers often claim to be from organisations you know, such as Woolworths, the Government, or other well known brands. These scam callers leverage the good brand and reputation of businesses in an attempt to trick you into sharing your personal or financial information, or even giving them access to your computer remotely.
Be suspicious of calls that:
Are from an unknown or blocked number
Request sensitive, personal and/or financial information
Imitate well known organisations or Government organisations
Urge you to pay for bills via gift cards
Imitate support staff looking to access your computer remotely
Gift card scams
Scammers are claiming to work for government agencies, such as the Police, and instructing victims to urgently purchase gift cards to repay fines. After the cards have been purchased, the victim is asked to share the 16-digit code on the back of the card. Governments will never request gift cards as a form of payment. If you ever receive a call like this, hang up the phone immediately.
Be suspicious of people or organisations that:
Ask you to pay for items or fines with gift cards, such as iTunes gift cards
Ask you to share the 16 digit code on the back of a gift card over the phone
Archive - previous scams
Responsible disclosure
Security is core to our values, and we appreciate the input of security researchers acting in good faith to help us maintain a high standard for the security and privacy of our customers, team, business partners, and the communities we serve.
Woolworths expects security researchers to act with integrity and does not condone the engagement of the following activities:
Security research that involves potential or actual damage to Woolworths users, systems, applications, customers or partners.
Testing and research activities that violate laws and regulations, or in a way that would adversely affect our systems and data.
Woolworths expects security researchers to keep any findings confidential and to provide us a reasonable amount of time to resolve the issue before you disclose it publicly.
To report a potential security vulnerability associated with Woolworths Supermarkets, Countdown Supermarkets, Big W, or our Rewards brand, email vulnerabilitydisclosure@woolworths.com.au
For more information about how we handle your personal information in regards to Security Vulnerability Disclosures please see our collection notice here
Additional resources
To find out more information on scams, or how to get help should you fall victim to a scam, visit the following websites:
Be Connected empowers Australians to thrive in a digital world by providing online learning resources that help people develop their online skills and confidence.
Scamwatch is run by the Australian Competition and Consumer Commission (ACCC), and provides information to consumers and small businesses about how to recognise, avoid and report scams.
The Australian Cyber Security Centre (ACSC) is the lead government agency for cyber security. They provide advice and information about how to protect yourself, your family and your business online.
IDCARE is Australia and New Zealand’s national identity and cyber support service. They help individuals and organisations reduce the harm from cyber crime by providing effective response and mitigation.
The ACCC is a government regulator to protect consumer and business rights and obligations, promote competition and fair trade, and prevent illegal anti-competitive behaviour.
eSafety is Australia’s national regulator and educator for online safety. They help safeguard Australians at risk of online harms and work to promote more positive experiences online.