Fraud
Latest scams, phishing messages and fraud alerts
How to report suspicious messages
Forward (then delete) suspicious emails to phish@stjohn.org.au
How to spot a scam
Think before you respond. Is St John really contacting you?
- We’re stopping the use of links in unexpected texts.
- Verify unexpected invoices or bills sent to you from St John.
- If you get an unexpected text message claiming to be from us, don’t click on the link.
- We’ll never ask you to download programs directly from our site. We’ll always direct you to the appropriate download source.
- When sending phishing emails, criminals sometimes set the sender’s name as “St John Ambulance”. This doesn’t mean our systems have been breached, it simply means a criminal is impersonating our brand.
Example of a fraudulent message 1
Overdue invoice scam
These screenshots demonstrate how criminals attempt to phish St John customers by sending emails that appear to come from a legitimate St john email address.
Criminals will often use language that creates a sense of urgency to trick the recipient into taking action.
The examples shown encourage the recipient to view a fake overdue invoice. If the recipient clicks the ‘View Invoice’ link, they are asked to login with their Microsoft account credentials to view the fake overdue invoice. The criminal would then take a copy of the Microsoft credentials entered by the recipient and may use them to gain access to other online services.
Example of a fraudulent message 2
Medicare Kit Prize Scam
This message entices recipients to click a link in order to claim their exclusive prize of a Medicare Kit. The scammers have built an online shop that appears legitimate and encourages recipients to complete a survey and then enter their credit card details.
Example of fraudulent social media
Facebook Container Scam
The Facebook account claiming to be Peter Campbell, mimics St John and encourages recipients to click a link in order to purchase a shipping container for a low cost. This account has repeatedly been reported and removed, however we are unable to prevent replicas. Should you be contacted by this account, or any like it, please ensure you report, block, and not engage in conversation, or click any links.
If you come across a fraudulent St John page on social media, follow this process:
- Report the page or profile directly within the social media platform.
- Email phish@stjohn.org.au with details including the name and URL of the page or profile.
- Our team will conduct an internal review to confirm whether the page or profile is fraudulent.
- If confirmed, we will escalate the case to Meta Support for removal or further action.
