Australia Post, Linkt, and MyGov Scam Texts: How to Spot Them, What to Do, and the One Rule That Stops You Falling For Them

scam texts

If you've had a scam text from "Australia Post" claiming there's a problem with your delivery, from "Linkt" saying you've got an unpaid toll, or from "MyGov" telling you a refund is waiting, you're not alone. These three brands get impersonated more than any other in Australia. April and May 2026 saw a global smishing campaign push tens of thousands of fake Linkt texts onto Aussie phones, while the post-Christmas wave drove "Australia Post scam" searches to nearly 2,000 a month in January alone.

The good news is that there's now a dead-simple rule that catches every one of these scams. The four organisations being impersonated (AusPost, Linkt, MyGov, the ATO) have all officially removed clickable links from their SMS messages. So if you get a text claiming to be from any of them and there's a link in it, it's a scam. Full stop.

This guide covers what the three big scam text types look like in 2026, the one rule that catches them all, what to do if you've already clicked, and how to report them properly so the telcos can shut the dodgy numbers down.

Here's what we'll cover:

The one rule that catches every one of these scams

This rule is the single best protection you have, and it's almost embarrassingly simple. None of the four major organisations being impersonated in Aussie scam texts include clickable links in their SMS messages anymore. That's not a rule of thumb. That's the official position of all four.

Australia Post stopped including links in their SMS tracking notifications from 12 March 2025. They now send instructions instead, telling you to track your parcel on the AusPost website with your tracking number.

The ATO has been removing hyperlinks from all unsolicited SMS since Tax Time 2024. Their official statement is "we will never send an unsolicited SMS that contains a hyperlink."

MyGov only sends one type of SMS, the "you have a new message in your inbox" notification. It never contains a clickable link to log in.

Linkt has stated repeatedly that legitimate Linkt SMS messages do not include payment links. They tell you to log into the app or call them directly.

So the rule is this: if you receive an SMS claiming to be from Australia Post, Linkt, MyGov, the ATO, Centrelink, or Services Australia, and there's a tappable link in the message, it's a scam. Don't tap it. Don't even read past the first line. Just delete it.

This rule wouldn't have worked five years ago because all four organisations did used to send links. It works in 2026 because they've all changed their practice specifically to fight this exact wave of scams.

Why Australia Post, Linkt, and MyGov get impersonated more than any other

Three things make these the favourite targets for SMS scammers in Australia.

First, almost every Aussie has a current relationship with at least two of them. We all get parcels delivered. Most of us drive on tolled roads at some point. Everyone over 18 has a MyGov account linked to Medicare, the ATO, or Centrelink. The scammer doesn't need to guess whether the message will land. It almost always will.

Second, the brands carry built-in urgency. A parcel "couldn't be delivered" makes people anxious. An "unpaid toll" implies a fine. A "refund waiting" makes people want to act quickly. Scammers don't need to manufacture pressure when the brand itself does the work.

Third, the brands are trusted. People don't expect Australia Post or the ATO to scam them, so they're more likely to act before thinking. Combined with the urgency, that's the exact mental state a scammer wants you in when you tap the link.

You'll also see the same scam playbook with banks (Commonwealth, NAB, ANZ, Westpac), telcos (Telstra, Optus, Vodafone), and streaming services (Netflix, Disney+). The mechanics are identical and the same rule applies, but Australia Post, Linkt, and MyGov are the three biggest by volume.

The Australia Post scam text

This is the most common scam text Aussies receive. Tens of thousands a day during peak periods like the post-Christmas delivery wave or end-of-financial-year sales.

What it looks like in 2026

The text usually claims one of four things:

  • A parcel couldn't be delivered and you need to "confirm your address" or "pay a small fee"
  • A parcel is being held at customs and a fee is due
  • Your delivery requires a signature and you need to "select a delivery option"
  • A redelivery has been scheduled but you need to "verify your postcode"

The link in the message looks plausible. Common patterns we see include "auspost-redelivery.com", "auspost-tracking.net", "mypo.st-delivery.co", and variations using shortened URLs that hide the real destination.

In February 2026, the security company MailGuard intercepted a wave of fake AusPost emails using the subject "Parcel Awaiting Instructions" that asked recipients to pay a token $1.99 AUD delivery fee. The fee itself isn't the point. The form harvests your full card details, your mobile number, and your one-time SMS verification code, then uses them for fraud worth far more than $1.99.

How the scam actually works

Tapping the link takes you to a page that looks almost identical to the real Australia Post website. It will ask you to enter your address, your card details to pay the "fee", and a verification code that arrives by SMS while you're filling the form in.

That verification code is the catch. The scammer is using your card details to log into your real bank app or to push through a transaction. The SMS code they're asking you to enter is the one your bank just sent to authorise the dodgy transaction. By "verifying" yourself on the scam site, you're actually authorising the fraud.

In more sophisticated versions of the scam, the page will install malware on your phone that captures every subsequent banking app login, every SMS verification code, and your contact list. Some variants also push Android apps that can take full control of your device.

How to verify a real Australia Post message

The simplest way is the AusPost app. Download it from the official App Store or Google Play, sign in with your MyPost account, and turn on push notifications. Any genuine delivery update will appear in the app. Anything by SMS that asks you to tap a link is a scam.

If you do want to track a parcel from an SMS, ignore the link in the message entirely. Open a fresh browser, type auspost.com.au into the address bar yourself, and use the tracking number from the SMS to look up the parcel directly. Same outcome, zero risk.

The Linkt scam text

April 2026 saw the biggest global Linkt scam wave on record. Cybersecurity company Bitdefender uncovered a coordinated campaign that's sent more than 79,000 fake messages across 40 separate campaigns since December 2025, hitting Australia and eleven other countries.

What it looks like in 2026

The typical Linkt scam text reads something like:

  • "Linkt: Your toll remains unpaid. Pay now to avoid recovery action."
  • "LINKT Reminder: You have an unpaid toll notice overdue for over 30 days. Please arrange payment immediately to avoid E-tag cancellation."
  • "Linkt: Your account has been suspended due to a failed auto top-up. Make a payment now to avoid extra charges."

The scammers spoof the sender name so the text often shows up as "Linkt" in your messages app. In some cases the scam SMS lands in the exact same thread as legitimate Linkt messages, which makes it look genuine.

The link in the message usually points to a fake site like "linkt-au.com", "linktoll.net", or a shortened URL that hides the destination. The site mimics the real Linkt login page closely enough that even regular Linkt users can be fooled if they're not paying attention.

Why you got one even if you don't drive on tolled roads

This is what catches people off guard. Plenty of Aussies who live in Adelaide, Perth, Hobart, Darwin, or anywhere else without major tolled roads are getting Linkt scam texts. We've seen Whirlpool posts from WA users saying they've never been in the Linkt system and they're getting these texts every few days.

The reason is simple. The scammers are sending mass texts to randomly generated mobile numbers across Australia. They don't know who you are. They don't know if you've ever used a tollway. They're playing the numbers, and they only need a small percentage of recipients to click for the operation to be profitable.

So if you get a Linkt scam text and you've never used a toll road in your life, that's actually a useful confirmation it's a scam. Real Linkt only contacts customers who have an actual account with them.

How to verify a real Linkt message

If you're a Linkt customer and you're genuinely unsure whether a message is real, do not tap the link. Open the Linkt app on your phone or go to linkt.com.au directly in a fresh browser tab. Log in with your normal credentials and check your account. Any real overdue notice will be visible there.

You can also call Linkt directly on 13 33 31. Don't call any number from the SMS itself, because some scams now include a fake phone number too.

The MyGov, ATO, and Centrelink scam text

The MyGov scam wave was the biggest single-month jump we've seen in 2026. Searches for "MyGov scam" went from 50 a month in April 2026 to 660 in May 2026, a tenfold increase in a single month. That tells us a fresh wave landed.

What it looks like in 2026

MyGov scam texts and emails typically claim one of these:

  • A refund is waiting and you need to click to claim it
  • Your MyGov account has been suspended or frozen and you need to "verify your identity"
  • You've made an unauthorised change to your account and need to "secure it"
  • You're eligible for a one-time cost of living payment, energy rebate, or similar government payment
  • Your taxable income has been recalculated and you're owed compensation
  • An identity verification document needs updating

The fake messages often reference the ATO, Medicare, or Centrelink to add legitimacy. Some include the real MyGov logo and use wording copied directly from the genuine MyGov website.

ATO impersonation scams are a sub-category of this and tend to spike heavily around tax time, July to October. The classic line is "You are due to receive an ATO Direct refund" with a link to claim it. The ATO will not, under any circumstances, send you an unsolicited SMS with a link to claim a refund.

How the scam tries to access your government accounts

The MyGov scam is more dangerous than the parcel or toll scams because what's at stake is bigger. The scammer's goal is access to your MyGov account, which is linked to:

  • Your ATO records, including your tax file number and bank details
  • Your Medicare account
  • Your Centrelink payments
  • Sometimes your superannuation, your child support, or your veterans' affairs records

Once they have your MyGov login, they can redirect tax refunds, claim benefits in your name, file fraudulent tax returns, and steal your identity in ways that take months or years to unwind.

The fake login page is the dangerous part. It looks identical to the real MyGov sign-in page. You type your username and password in. The scammer captures both, then immediately uses them to log into the real MyGov, request an SMS verification code (which arrives on your phone), and asks the fake page to display "enter the code you just received". You enter it. They're in.

How to verify a real MyGov, ATO, or Services Australia message

The official position is that no government agency will ever ask you to log in, verify your identity, or claim a payment via a link in an SMS or email. If you want to check whether something is real, do this:

  1. Don't tap the link.
  2. Open a fresh browser tab.
  3. Type my.gov.au, ato.gov.au, or servicesaustralia.gov.au into the address bar yourself.
  4. Sign in with your normal credentials.
  5. Check your MyGov Inbox or relevant agency message centre.

If the message was genuine, it will be sitting in your MyGov Inbox waiting for you. If it isn't there, the SMS or email was a scam.

You can also call the agency directly. ATO is 1800 008 540. Services Australia is the number on the back of your Medicare or Centrelink card. Don't ever call a number that arrived in the suspect SMS.

What to do when you receive one

You don't need to do anything complicated. The right sequence is:

  1. Don't tap the link. Don't even long-press it to "see where it goes" unless you genuinely understand how to inspect a URL safely.
  2. Don't reply. Replying confirms to the scammer that your number is active and you'll get more.
  3. Forward the message to 7726 (which spells SPAM on a keypad). This sends a free copy to your mobile carrier's scam team, who can block the sending number across their network.
  4. Delete the message.
  5. Optionally, report it to Scamwatch at scamwatch.gov.au/report-a-scam. This helps the ACCC track scam wave volumes.

That's it. Two minutes of effort, and you're not just safe yourself, you're contributing to shutting down the scam operation for everyone else too.

What to do if you clicked

If you've already tapped the link, don't panic, but do act quickly. The window between you clicking and the scammer using your details is usually minutes, not days.

The first thing is to work out what you gave them. Three possible scenarios.

You tapped the link but didn't enter anything

Best case. The page loaded but you closed it before typing anything in. You're probably fine, but check your phone for any new apps you don't recognise, especially on Android. If there's malware, it will sometimes pretend to be a useful app like a "system update" or "delivery tracker".

You entered personal details but not card details or a password

Things like name, address, email, mobile number. These are useful to scammers for further phishing attempts, but they don't let the scammer take money directly. Expect more scam SMS and emails to follow. Change passwords on any account that uses the email you provided.

You entered card details, MyGov credentials, or an SMS verification code

This is the worst case. Act immediately:

  1. Call your bank and ask them to freeze your card and review any recent transactions. Most major Australian banks have a 24/7 fraud line on the back of the card.
  2. If you entered MyGov details, go to my.gov.au directly and change your password. Do the same for the ATO and any linked accounts.
  3. Run a full antivirus scan on your phone or computer, especially if you tapped the link on Android. For PC and Android, our best antivirus Australia guide covers the options worth using.
  4. Call IDCARE on 1800 595 160. They're Australia and New Zealand's national identity and cyber support service, they're free, and they'll walk you through what to monitor and how to limit the damage.
  5. Watch your accounts for any unfamiliar transactions for at least the next 30 days.

If you're worried your device might have malware or you want a tech to check it properly, give us a call on 131 546. We see these scenarios every week and we can usually have your device cleaned and secured the same day.

How to report scam texts properly

There are three reporting paths, all free, and you should use the ones that make sense for your situation.

The 7726 SMS forwarding shortcut

7726 spells SPAM on a phone keypad. Forwarding scam texts to 7726 is the single most useful thing you can do for the broader Aussie public, because it lets your mobile carrier block the sending number across their network and trace the campaign.

The process is:

  1. Open the scam SMS.
  2. Long-press the message bubble.
  3. Tap Forward.
  4. Type 7726 in the recipient field.
  5. Send.

It's free on Telstra, Optus, Vodafone, TPG, Aldi Mobile, Boost, Belong, and most other AU carriers. Some carriers will respond with a follow-up SMS asking for the sender's number, which you forward back.

Scamwatch (ACCC)

Scamwatch is the ACCC's official scam reporting site. Reporting here adds to the national database and helps the ACCC track scam volume, target enforcement, and warn the public.

Go to scamwatch.gov.au/report-a-scam and fill out the short form. It takes about three minutes and you don't need to create an account.

Direct reporting to AusPost, Linkt, ATO, and MyGov

Each of the four impersonated organisations also accepts direct scam reports:

Reporting directly helps these organisations get the fake sites taken down faster, which protects future victims.

Why you’re getting more of these in 2026

If it feels like you're getting more scam texts than ever, it's because you are. The number of fake-website domains set up to support SMS and email scams globally has been climbing every year. In the last quarter of 2024 alone, security researchers detected more than 989,000 phishing websites in operation globally.

Three things are driving the increase in Australia specifically:

The big data breaches. Optus in 2022 (9.8 million customers), Medibank in 2022 (9.7 million customers), Latitude in 2023 (14 million customers), plus smaller breaches every year since. Your name, mobile number, email, and often your address are now circulating on criminal marketplaces, which is why scammers know enough about you to make the texts feel personal.

AI tools dropping the cost of running a scam. Generative AI lets scammers write convincing English copy, build convincing fake websites in minutes, and personalise messages at scale. What used to take a human a week now takes a few hours.

Spoofing technology getting cheaper. It costs scammers nothing to make their sender ID say "Linkt" or "myGov" or "Australia Post". The technology to do that is widely available and not specifically regulated in most countries.

The combination of all three is why your inbox and message app are busier with this stuff than they were two years ago. None of it is going away. Knowing the simple rule (no links from any of these orgs equals scam) is what saves you.

If you're managing the family's devices and worried about parents, kids, or anyone less tech-savvy falling for one of these, that's something we help with regularly. A device security review with the right settings, a decent antivirus product, and a quick training conversation about what to look for goes a long way.

Clicked a Dodgy Link? Get Your Device Checked Today

Get your phone, tablet, or computer properly checked by a real tech across Australia. We deal with the aftermath of scam clicks every week, removing malware, locking down accounts, helping with bank disputes, walking you through identity restoration, and setting up your devices so the next scam attempt has nowhere to land. Call us today on 131 546 or fill out the form on this page and we'll get back to you ASAP.

Frequently Asked Questions

How can I tell if a text from Australia Post is real or a scam?

Real Australia Post SMS messages do not contain clickable links anymore. AusPost removed links from all their tracking SMS from 12 March 2025. So if you receive a text claiming to be from Australia Post and there's a link in it, it's a scam.

The only legitimate way to track an AusPost parcel is the AusPost app or by typing auspost.com.au into your browser and using your tracking number directly.

What does a Linkt scam text look like?

Typical Linkt scam texts say things like "Your toll remains unpaid" or "You have an unpaid toll notice overdue for over 30 days. Please arrange payment immediately to avoid E-tag cancellation" followed by a link to pay.

Real Linkt messages don't include payment links. If you're a Linkt customer and you're worried about a real overdue toll, log into the Linkt app or linkt.com.au directly. Don't tap any link from an SMS.

Why am I getting Linkt scam texts if I've never used a toll road?

Because the scammers are sending mass texts to randomly generated mobile numbers across Australia. They have no idea who's actually a Linkt customer. They're playing the percentages, hoping enough recipients click without thinking.

If you've never used a tollway, that's actually proof the SMS is fake. Real Linkt only contacts customers with existing accounts.

Will the ATO or MyGov ever text me with a link?

No. The ATO has publicly stated they will never send an unsolicited SMS containing a hyperlink. MyGov only sends one type of SMS, the "you have a new message in your inbox" notification, which never contains a clickable login link.

If you get a text claiming to be from the ATO or MyGov and there's a link in it, delete it. To check whether the underlying claim is real, type my.gov.au or ato.gov.au into your browser yourself and log in to check your inbox.

What should I do if I clicked the link in a scam text?

Don't panic, but act quickly. If you only loaded the page and didn't type anything, you're probably fine. If you entered any details, especially card numbers, passwords, or an SMS verification code, call your bank straight away, change your passwords, and contact IDCARE on 1800 595 160 for free identity protection advice.

If you're worried your phone or computer might be infected with malware, call us on 131 546 and we'll check it properly.

Can a scam text infect my phone if I just tap the link?

In most cases, just tapping the link loads a fake website but doesn't install anything. The damage usually only happens when you type information into the fake page.

The exception is Android phones where some scam links can trick you into installing a malicious app, often disguised as a "system update" or a "delivery tracker". If you tapped a link on Android and any new app appeared on your phone afterwards, don't open it, and get the device checked.

iPhones are generally safer because Apple's App Store restrictions make it much harder to install apps from links. But it's still not zero risk.

What is the 7726 number and how do I use it?

7726 spells SPAM on a phone keypad. It's a free service offered by most Australian mobile carriers (Telstra, Optus, Vodafone, TPG, Aldi, Boost, Belong, and others) that lets you forward scam SMS messages directly to your carrier's scam team.

To use it: long-press the scam message, tap Forward, type 7726 in the recipient field, and send. Your carrier can then block the sending number across their network, which protects other customers from the same scam.

How do I report a scam text to the ACCC?

Go to scamwatch.gov.au/report-a-scam and fill out the form. It takes about three minutes and you don't need to create an account. Scamwatch is the ACCC's official scam reporting site and your report helps the ACCC track scam waves and target enforcement.

For maximum impact, report scam texts both to 7726 (which blocks the number) and to Scamwatch (which feeds the national database).

Are these scams getting worse?

Yes. The number of phishing websites set up globally to support SMS and email scams has been growing every year, with more than 989,000 detected in operation in the last quarter of 2024 alone. In Australia specifically, the Optus, Medibank, and Latitude data breaches put millions of mobile numbers and email addresses into circulation on criminal marketplaces, and generative AI has made it much cheaper for scammers to write convincing fake messages at scale.

The simple "no links from these orgs equals scam" rule is what protects you, regardless of how convincing the message looks.

Should I install antivirus on my phone?

For Android, yes, especially if you ever tap unknown links or download apps from outside the Google Play Store. A decent antivirus app catches most malware and warns you about dodgy websites before they load. Our best antivirus Australia guide covers the options worth using.

For iPhone, traditional antivirus apps don't really exist due to how iOS handles app sandboxing, and they're not necessary in most cases. What does help on iPhone is enabling "Filter Unknown Senders" in Settings then Messages to push scam texts into a separate inbox.

Can Jim's IT help if I've already been scammed?

Yes. We help Australians every week who've clicked a dodgy link and are worried about malware on their device, identity theft, or unfamiliar transactions appearing in their accounts. We can do a proper device check, remove any malware we find, help you lock down your MyGov and bank accounts, and set things up so the next scam attempt has nowhere to land.

Worth a call before you lose more sleep over it.

Book Your Device Security Check Today

Get your phone, tablet, or computer properly checked by a real tech across Australia. We deal with the aftermath of scam clicks every week, removing malware, locking down accounts, helping with bank disputes, walking you through identity restoration, and setting up your devices so the next scam attempt has nowhere to land. Call us today on 131 546 or fill out the form on this page and we’ll get back to you ASAP.

Adrian Andreucci

Adrian is based in Morphett Vale, South Australia. He studied IT after leaving school and, despite working various roles along the way, has always stayed hands-on with technology through personal projects and ongoing learning. He has experience providing IT support in professional services environments and enjoys helping customers across the Jim’s network with practical, real-world tech solutions.

Scroll to Top