MPM Logo
We're currently experiencing technical issues with our client portal (web and app). Rest assured our tech experts are investigating and we're working to fix it as swiftly as possible.
A padlock on a keyboard representing cyber security.

Scammers are getting more sophisticated in their attempts to steal your private information and divert National Disability Insurance Scheme (NDIS) payments into their own pockets.

This is done through a variety of tricks and techniques that are common in todayโ€™s technology-based world, where fraudulent activity is easily cloaked in a text message, email or phone call claiming to be from an NDIS participant or a legitimate company.

According to the Australian Government, the average cost incurred by a business from a single breach of cybercrime in this country is more than $276,000.

And thatโ€™s why getting scam savvy is vital for your business and your cashflow!

In this article, we outline a few of the more common tactics used by scammers today.

Phishing attacks

Phishing is a type of attack used to steal private information through fraudulent messages to conduct crime. Itโ€™s where a person receives a text message, email or phone call claiming to be from their bank or a company or individual asking them to click a link to transfer funds or provide information, like credit card numbers.

If you receive a text message, email or phone call from a person who claims to be a client, vendor or plan manager asking you to provide or confirm private information โ€“ like a clientโ€™s NDIS participant number โ€“ or make a payment, it could be a scam.

If you suspect it is, be sure to report it to the National Disability Insurance Agency (NDIA) by calling the NDIS Fraud Reporting and Scams Helpline on 1800 650 717 or by emailing fraudreporting@ndis.gov.au.

What to watch out for

  • Unexpected requests for information: Legitimate companies will never ask for private information, including passwords and PINs, in an unsolicited text message, email or phone call.
  • Urgency: If the text message, email or phone call creates urgency to act, itโ€™s likely a scam. Scammers create urgency because they want their target to act quickly and not think too much about what theyโ€™re asking.
  • Suspicious content: If a text message or email you receive contains spelling errors or incorrect details, or if it doesnโ€™t look quite right, it could be a scam.

Compromised email attacks, impersonation scams, and accounting fraud

A compromised email attack is a cybercrime that involves a scammer taking over the email account of a business and tricking a person into sending money or providing confidential information. This is a type of phishing attack that targets individuals, with the goal of stealing money or information.

For example, a vendor your company regularly works with may send you an invoice with updated bank account details โ€“ but they may have been hacked and the email may be from a scammer trying to get your payment diverted to their bank account. Or a scammer might hack your email account and email your clientโ€™s plan manager to say your banking details have changed, so any outstanding payments are diverted to them.

Note: If My Plan Manager receives an email or phone call requesting to add or change account information, including bank account details, we first send an email to the address we have on file for you, to confirm the request came from you. We donโ€™t ask you to divulge private information in this email.

When a scammer claims theyโ€™re someone theyโ€™re not to extract private information, money or funding, this is known as an impersonation scam.

Scammers are also known to set up fake email addresses that can look legitimate but arenโ€™t (and they can include the name of a well-known company), to convince a person to divulge information.

Email spoofing is when a scammer modifies an email template to make it appear the same as one from a legitimate sender, so they can extract private information or money.

When a criminal submits fake invoices to a clientโ€™s plan manager on their behalf, this is known as accounting fraud.

What to watch out for

  • Emails claiming to be from legitimate businesses (like a plan manager or vendor) that request private information or ask you to make a payment. These emails usually create urgency to act.
  • An email from My Plan Manager that confirms youโ€™ve requested to add or change bank account information and asks you to call us on 1800 861 272. Let us know immediately if the request wasnโ€™t made by you.

Remote access scams

This is where a scammer contacts a person via a text message, email or phone call, claims to be from a legitimate company, and convinces them to hand over control of their computer or devices remotely by installing malicious software or enabling remote login.

Remote access scams give the scammer access to the targetโ€™s personal information, like their NDIS participant or provider number, bank account details or a credit card number.

Frequently, the scammer will use intimidation tactics and technical words to confuse their target and create urgency. Remote access scams can be initiated via a phone call, email or pop-up ads which claim the user has a virus, and they include a phone number to fix it.

What to watch out for

  • Unsolicited contact: Remote access scams typically start with a text message, email or phone call to let the target know thereโ€™s a problem with their device or a payment.
  • A forceful or agitated caller: If the caller becomes noticeably frustrated or forceful when their target doesnโ€™t do what they ask, itโ€™s likely a scam.
  • Unusual requests: If the caller, email or SMS message asks you to log into a bank account, make a payment or disclose security codes, itโ€™s likely a scam.

More information about scams

If you receive a text message, email or phone call that asks you to share your information โ€“ and itโ€™s unexpected or doesnโ€™t look quite right โ€“ be sure to stop and think before you do anything.

The NDIA explains how to report suspicious behaviour here. Alternatively, you may wish to contact the NDIS Quality and Safeguards Commission.

You can also find further information on the websites listed below:

Featured: My Community

10 years. 10 clients. 10 stories.

As we wrap up our 10th year of service in the NDIS, we want to shine a light on those who’ve made it all possible – our incredible clients and the wider disability community.

Meet Jasmine

Jasmine is a caring person who’s taking steps towards her future. She volunteers as a barista, helps tutor her younger siblings and assists her mum Katrina.

Meet Wil

Wil’s a ‘soccerholic’ who’s turned sport into a career.
Featured: My Resources

NDIS plan ending with funding left over?

Managing your funding can feel a bit tricky – especially when trying to use it wisely. We explain what to do if your plan is ending with funding left over. 

The price of support

There's a new raft of NDIS pricing rules and we've netted all the need-to-know information to help you stay afloat.

Want to stay in control of your NDIS funding? Get a plan manager

No fuss, lots of security, and the burden of paperwork lifted from your shoulders - all while having control of your NDIS journey. That’s what plan management is all about.

You may also like...

NDIS plan ending with funding left over?

Managing your funding can feel a bit tricky – especially when trying to use it wisely. We explain what to do if your plan is ending with funding left over. 
A close-up of a person in a scarf and a jacket.

The price of support

There's a new raft of NDIS pricing rules and we've netted all the need-to-know information to help you stay afloat.

Want to stay in control of your NDIS funding? Get a plan manager

No fuss, lots of security, and the burden of paperwork lifted from your shoulders - all while having control of your NDIS journey. That’s what plan management is all about.
Two women sitting at a desk looking at a piece of paper with graphs on it.

NDIS provider registration – the current state of play

Currently there are three categories of providers earmarked for mandatory registration which is expected to start no earlier than 1 July 2025.
View all resources

Subscribe

Stay up to date with the latest information, updates and NDIS news. Sign up to our e-news today.
For disability sector participants, supporters and advocates.
Subscribe now
For service providers, intermediaries and industry partners.
Subscribe now
NDIS provider number: 405 000 1826

My Plan Manager acknowledges the objectives of the United Nations Convention on the Rights of Persons with Disabilities.

My Plan Manager acknowledges the Traditional Owners of Country throughout Australia, and their continuing connection to land, sea and community. We pay our respects to them and their cultures, and to Elders both past and present.
ยฉ My Plan Manager 2024 | Privacy & Dignity | Terms of Use
magnifiercrossmenuarrow-right linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram