Reporting Cybercrime via ReportCyber and Scamwatch — Australia

Researched by , Head Researcher

Primary sources cited; not legal advice.

Last verified:

Source: ReportCyber (AFP + ACSC); Scamwatch (NASC, ACCC); Criminal Code Act 1995 (Cth) Part 10.7.

Sourced from Commonwealth Acts of Parliament, federal regulations, and official government guidance. State-level information reflects each state's own Acts and court decisions. Written in plain language for general understanding — this is educational content, not legal advice. Our editorial standards

Australian Federal Law

What is this right?

Australia uses a single national portal for cybercrime reporting: ReportCyber at cyber.gov.au, jointly operated by AFP and ACSC. Reports route to state / territory police for investigation. The statutory framework is the Criminal Code Act 1995 (Cth) Part 10.7 — Computer Offences.

Scamwatch at scamwatch.gov.au, run by NASC at ACCC, is the parallel scam-intelligence channel — it doesn't investigate but uses data for consumer warning and platform / telco enforcement.

When does it apply?

  • Online fraud, account takeover, identity theft, sextortion.
  • Investment / crypto / trading scam.
  • Phishing / impersonation of Australian entities (ATO, Centrelink, AusPost, banks).
  • SIM-swap fraud.

Filing a Cybercrime Report in Australia

  1. File at cyber.gov.au (ReportCyber).
  2. Add to scamwatch.gov.au for intelligence purposes.
  3. For SIM / telecom scams, parallel ACMA / TIO.
  4. Cross-reference case numbers for AFCA escalation.

What should you NOT do?

  • Don't expect a personal investigator for small cases.
  • Don't pay 'recovery agents' upfront.

About Scams, Fraud & Money Recovery in Australia

Australia's scam-recovery system runs across three institutions. ReportCyber at cyber.gov.au is the single national reporting channel run jointly by the Australian Federal Police (AFP) and the Australian Cyber Security Centre (ACSC). Scamwatch at scamwatch.gov.au, run by the National Anti-Scam Centre (NASC) at the ACCC, is the scam-intelligence and consumer-warning hub. For bank refunds, the ePayments Code — voluntary but adopted by all major Australian banks — sets unauthorised-transaction rules. If the bank refuses, the Australian Financial Complaints Authority (AFCA) resolves disputes for free; AFCA decisions up to AUD 1,236,000 (since 1 November 2024) are binding on the firm if you accept.

Emergency: 000.

Common Questions

Does ReportCyber replace state police?

No — ReportCyber is the intake channel; investigation happens at the relevant state / territory police force level (NSW Police Cybercrime Squad, Victoria Police E-Crime Squad, etc.). ReportCyber routes the report to the right jurisdiction.

What's the maximum penalty under the Criminal Code?

Part 10.7 of the Criminal Code Act 1995 (Cth) covers computer offences. Unauthorised access with intent to commit a serious offence — up to life imprisonment in extreme cases (s.477.1). Unauthorised modification — up to 10 years. Other Part 10.7 offences have varying penalties up to 10 years.

What is the role of TIO?

The Telecommunications Industry Ombudsman (TIO) handles telecom and internet service complaints — billing, service quality, contract disputes. For SIM-swap fraud and telecom-side scams, TIO is the right escalation. ACMA (Australian Communications and Media Authority) is the regulator that supervises telecom operators' compliance obligations.

What is the reporting cybercrime via reportcyber and scamwatch right in Australia?

Australia uses a single national portal for cybercrime reporting: ReportCyber at cyber.gov.au, jointly operated by AFP and ACSC. Reports route to state / territory police for investigation. The statutory framework is the Criminal Code Act 1995 (Cth) Part 10.7 — Computer Offences.Scamwatch at scamwatch.gov.au, run by NASC at ACCC, is the parallel scam-intelligence channel — it doesn't investigate but uses data for consumer warning and platform / telco enforcement.

When does reporting cybercrime via reportcyber and scamwatch apply?

Online fraud, account takeover, identity theft, sextortion.Investment / crypto / trading scam.Phishing / impersonation of Australian entities (ATO, Centrelink, AusPost, banks).SIM-swap fraud.

How do I report a cybercrime in Australia?

File at cyber.gov.au (ReportCyber).Add to scamwatch.gov.au for intelligence purposes.For SIM / telecom scams, parallel ACMA / TIO.Cross-reference case numbers for AFCA escalation.

What mistakes should I avoid with reporting cybercrime via reportcyber and scamwatch?

Don't expect a personal investigator for small cases.Don't pay 'recovery agents' upfront.

More in Scams, Fraud & Money Recovery

First 24 Hours After Being ScammedThree jobs in parallel. Call your bank's fraud line — under the ePayments Code, the bank must investigate unauthorised e...Read more →Recovering Money from an Australian Bank via AFCAAustralia's money-recovery framework is two-step. Step 1: Internal Dispute Resolution (IDR). The bank must investigate a...Read more →
← Browse all Scams, Fraud & Money Recovery

Last verified:

You came here to know your rights — help someone else know theirs.

Support This Mission