Protecting yourself from scams

At GIO, stopping scammers from stealing your money or personal information is our priority. Scammers are becoming  increasingly sophisticated and they are always finding new ways to gain your trust, including by impersonating us via:

  • fake emails that look authentic
  • fake SMS messages that appear to come from us
  • digital platforms pretending to be us, or 
  • unexpected phone calls telling you they represent us. 

This page can help you recognise these attempts and take action to protect yourself.

If you clicked a link or shared details

  • Contact us:
  • Update your passwords for your Suncorp accounts and any other accounts where you use the same password.
  • Monitor your accounts for unusual activity and notify us at scams@suncorp.com.au if concerned. For information on how we collect, use and share your personal information, please refer to our privacy statement privacy statement.

How you can spot a scam

We recommend the “Stop, Check, and Protect” approach:

  1. Stop for a moment when something seems urgent or unusual.
  2. Check and verify details using a trusted contact method.
  3. Protect yourself by reporting and taking the right steps.

Here are some things to look out for:

  • The sender feels off:
    • Email: Check the sender's address carefully, not just the display name. Scammers use addresses that mimic ours (e.g., security@suncorp-support.com instead of @suncorp.com.au).
    • SMS: The message may come from an unknown number.
    • NEVER provide your payment card details through email or SMS.
  • It requests sensitive information: Any request for your passwords, PINs, one-time codes, or remote access is suspicious. Suncorp Group will never ask you for this kind of sensitive information.
  • The links are suspicious: Hover your cursor over any link (without clicking) to see the true destination. Beware of misspelt URLs or links leading to non-Suncorp websites.
  • It has unusual attachments: Do not open unexpected attachments, especially .zip, .exe, or .scr files, even from what seems like a known contact.
  • The greeting is generic: Correspondence from us will usually address you by your name. Be suspicious of messages starting with "Dear Customer" or "Dear Valued Member".
  • Requests to change payee details or invoice bank accounts: If someone claims their payment details have changed, verify verbally using a number you already know. Do not rely on contact details inside the email.
  • Ensure your device is protected with regularly updated anti-virus and anti-spyware software.
  • You receive email notifications of a login attempt or changes to login details that were not made by you.

While many scams contain spelling mistakes, an increasing number are grammatically perfect due to the use of AI and professional translators. Do not rely on this alone.

What GIO will not contact you about

There are also things that we do, from our end, to protect you from scams. We invest in advanced fraud monitoring systems to help protect your data. As part of this commitment, we will:

  • Never ask you (by email, SMS or phone) for your password, PIN, multi-factor authentication codes, or to provide remote access to your device.
  • Never ask you for business or personal information through social media.
  • Continue to monitor for suspicious activity and work with authorities to detect and shut down scams.

What to do if you receive a suspicious message

If you receive a suspicious message:

  1. DO NOT click any links or open any attachments.
  2. DO NOT reply or call any phone number provided in the message.
  3. Let us know by emailing us at scams@suncorp.com.au or calling the Fraud Hotline on 1300 881 725.

For information on how we collect, use and share your personal information, please refer to our privacy statement.

Report a scam to us

Email us at scams@suncorp.com.au to report suspicious contact. This helps us investigate and protect others.

For information on how we collect, use and share your personal information, please refer to our privacy statement.

Type of scam

What it is

How to spot it

Product & Service Scams

Scammers pretend to offer genuine insurance policies or services under the GIO brand, or claim to be authorised partners.

  • Promises that conflict with published terms or PDS.
  • Vague claims of authorisations, licences or endorsements that cannot be independently verified.
  • “Limited time offers” demanding upfront payment without formal documentation.

Impersonation Scams

Scammers pretend to be GIO or another insurance brand to trick you into sharing personal information, making payments, or clicking on a link. Caller IDs and SMS threads can be spoofed, so impersonation messages may appear alongside genuine ones.

  • Message urges immediate action or threatens negative consequences.
  • Slight variations in sender name or email address, or links to non-official websites.
  • Contact is received from a phone number that cannot be validated as belonging to your insurer

Misrepresentation Scams

You are misled by someone pretending to be Suncorp, or given false or misleading information to get you to sign up or make a claim. Motor customers should be wary of third party companies claiming to arrange vehicle repairs on behalf of an insurer after an accident.

  • Contact comes unexpectedly (one call/SMS/door knock/social media ad) and pressures you to book repairs or pay immediately.
  • Claims to be “authorised by your insurer” but cannot provide verifiable identification (e.g. work order, job number, brand specific paperwork).
  • Uses generic greetings, unusual sender addresses, or links that do not lead to official Suncorp websites.

Account Takeover Scams

Someone gains control of your online accounts – such  as claim portals, email, social, or other services.

  • Unusual sign ins, password resets, or changes to your contact details you did not initiate.
  • Messages prompting you to share one time codes or install “support” software. 
  • Links to lookalike login pages found via search ads or emails.
  • You receive One Time Password (OTP) messages you did not initiate.

Identity Theft

Your personal information, such as your name, address, date of birth or document numbers, is stolen or used to gain benefits, open accounts, redirect communications, or commit fraud.

  • Missing mail, unexpected deliveries, or account notices for services you did not request. 
  • Identity documents or personal mail stolen from your letterbox or household rubbish.

Payment Card Fraud

Unauthorised use of your credit or debit card.

  • Transactions you don’t recognise, card declines, or alerts about card activity
  • Messages asking you to update card details via a link or provide CVV/PIN to verify a payment.

Direct Entry Fraud

Money is taken from your account without permission using your BSB and account number.

  • Unauthorised direct debits appear on your account
  • Expected payments such as a claim settlement or policy refund are not received into your account

External Resources

Here are some other trusted resources for up-to-date scam alerts and practical guidance:

Disclaimer:

The information is intended to be of a general nature only. Subject to any rights you may have under any law, we do not accept any legal responsibility for any loss or damage, including loss of business or profits or any other indirect loss, incurred as a result of reliance upon it – please make your own enquiries.