If you live in Australia, there's a decent chance you've copped at least one of these this year, a text about an unpaid toll from "Linkt," a parcel stuck at the AusPost depot waiting on a $2.99 delivery fee, or a myGov message warning that your account has been locked. Three different stories, one playbook: impersonate an organisation most Australians already deal with, tack on a small amount of money or a short deadline, and include a link that leads to a near-perfect copy of the real login page.
The three of these now sit at the top of the Scamwatch and ACMA reporting lists, and the numbers keep climbing. This guide walks through what the current 2026 versions actually look like, how the real Linkt, AusPost and Services Australia communicate, and what to do before tapping any link in a text that claims to be from them.
1. Linkt "Unpaid Toll" Scam Texts
Linkt is one of the most-impersonated brands in Australian SMS scams right now, and for good reason, millions of drivers have a Linkt account for Sydney, Melbourne and Brisbane toll roads, and almost nobody knows their exact account balance off the top of their head. A message saying you owe $4.86 is hard to dismiss outright.
These are based on messages actually reported to Scamwatch and ACMA in early 2026. I've swapped the URLs but kept the wording close to what people are actually receiving.
"Linkt Toll": "Final notice: Your vehicle was recorded on a toll road on 14/04. Amount due $7.32. Pay now to avoid penalty: [link]"
"Linkt": "Your account has been suspended due to an outstanding balance. Update your payment details to restore access: [link]"
The tells are consistent once you know what to look for. The dollar amount is small and oddly specific, scammers know that big numbers make people pause, while $4.86 feels too ordinary to question. The deadline is short. And the URL, once you look at it, is never linkt.com.au. It is always something like linkt-au-payments.com or linkt-toll.support, close enough to look right in a glance, but a completely different domain.
How the real Linkt contacts you: Genuine Linkt SMS reminders go to customers with a registered account, use the short code or number listed on linkt.com.au, and direct you to log in through the Linkt app or the site you typed yourself. Linkt does send trip summaries and statements, but they will not threaten account suspension within hours, and they will not ask for full card details through an SMS link.
2. AusPost Redelivery Scam Texts
The AusPost redelivery scam has been running for years and somehow keeps working, because online shopping never stops and there is always a plausible parcel somewhere in transit. A friend of mine who genuinely had six active AusPost orders during the Black Friday sales nearly tapped one of these, the timing was just too coincidental.
"Australia Post": "A $2.99 redelivery fee is required to release your parcel. Pay here to schedule delivery: [link]"
"AusPost": "Tracking update: Your parcel is waiting at the depot. Confirm your address to reschedule: [link]"
"Australia Post": "Parcel delivery failed. A customs fee of $4.50 is required for release: [link]"
The redelivery fee is the giveaway. Australia Post does not charge customers a small fee over SMS to release a parcel. If there are genuine import duties on an international parcel, they are handled through the AusPost app or an official letter, never a random $2.99 request over text. The small amount is deliberate: it is low enough that people will pay it rather than argue, and the real prize is not the $2.99. It is your card number, which is what gets charged for much larger amounts a few days later.
How AusPost actually contacts you: Real AusPost SMS notifications reference a tracking number you can look up in the official app, and they point you to auspost.com.au/track. If the text uses a shortener like bit.ly or a lookalike domain, assume it is not AusPost.
3. myGov Scam Texts
myGov is the front door to Centrelink, the ATO, Medicare, the NDIS and a long list of other services, which is exactly why scammers target it so hard. A compromised myGov account can potentially expose payment details, tax returns, health records and identity documents all at once.
"myGov": "Your tax return has been processed. A refund of $1,872.40 is pending. Confirm your bank details: [link]"
"ATO": "You have an outstanding tax debt of $624.18. Avoid legal action by paying now: [link]"
"myGov": "Identity verification is required to continue receiving your Medicare benefits: [link]"
The myGov variants are the most dangerous of the three because they can cascade. Once someone is inside a myGov account, they can potentially link new services, change contact details, redirect payments, and pull up enough identity information to open accounts elsewhere. The standard playbook still applies, urgency, small plausible amount, near-real URL, but the stakes are higher.
How myGov actually contacts you: The official Services Australia guidance is unambiguous, myGov will not send you a text with a link asking you to log in or verify your identity. Real myGov SMS messages tell you there is a message in your myGov inbox and ask you to sign in through the app or by typing the address yourself. That is the whole interaction. Anything more than that is not myGov.
For the Centrelink-specific angle, we have a separate walk-through of the current scam texts: Common Centrelink Scam Texts in Australia, 2026 Update.
The Pattern Behind All Three
Once you have seen a few of these, the same structure shows up every time:
- A recognised Australian brand, Linkt, AusPost, myGov, Telstra, Medicare, the ATO, because trust has already been built.
- A small, specific dollar amount, $2.99, $4.86, $7.32, low enough to feel ordinary and not worth arguing about.
- A tight deadline, 24 hours, "final notice," "within today", to push you past the moment where you would stop and check.
- A lookalike URL,
linkt-au-payments.com,auspost-parcel.support,mygov-verify-au.com, built to scan as real in a half-second glance. - A card-entry form at the end, either to "pay" the small amount or to "verify" a refund by providing the account it should go into.
Every legitimate organisation in Australia already knows this pattern is in the wild. That is why none of them communicate this way any more. If a text asks you to log in or pay through a link, the answer is the same regardless of which brand it claims to be: do not tap the link, and go to the real site or app yourself.
How to Check a Link Before You Tap It
There are three quick checks that cover almost every scam text, and none of them take more than thirty seconds.
1. Look at the domain, not the message. On iPhone, long-press the link to see the preview. On Android, long-press and copy the link, then paste it somewhere you can read it. The bit that matters is the part just before the first single slash, that is the real domain. linkt.com.au/something is Linkt. linkt-au.com/something is not.
2. Go to the real app or site yourself. If you actually have an outstanding toll, parcel or myGov message, it will be visible in the official app. If there is nothing there, the text was a scam.
3. Run the link through a scanner. If you are still not sure, paste the URL (or the whole text message) into a free SMS or URL checker. ScanTotal's SMS analyser and URL scanner check the link against Google Safe Browsing, look for the structural patterns above, and probe the destination page without you having to visit it. If you want the longer explanation of how link-checking actually works, we have a companion post: How to Check If a Link Is Safe Before Clicking.
What to Do If You Already Paid or Entered Details
It happens, and the goal now is damage control.
- Ring your bank immediately using the number on the back of your card, not a number from any text message. Ask them to block the card and dispute the transaction. Most banks can issue a new card within a few business days.
- Change any password you entered, starting with the service you were impersonated to (myGov, Linkt, AusPost). If you reuse that password anywhere else, change it there too, attackers will try the same combination on banks, email and social media.
- Turn on two-factor authentication on the compromised account and on your email. This is the single biggest thing you can do to prevent re-entry.
- Watch your statements for about 60 days. Scammers often start with a small amount to test a stolen card, then attempt a larger transaction two to four weeks later if the first one goes through.
- Report it. Forward the original text to 7226 (the ACMA spam reporting short code), file a report with Scamwatch at scamwatch.gov.au, and if money was taken, report to your state police via the Australian Cyber Security Centre at cyber.gov.au/report.
Helping Family Members Who Are Targeted More
The messages above land hardest on the people most likely to be managing a pension, a regular prescription or a fixed delivery routine, which is often older family members. Our guide on protecting parents from online scams covers the practical side: filtering unknown-sender messages, long-pressing a link to preview it, and agreeing on a family rule that no one ever taps a link from a text without a quick phone call first. Five minutes of that conversation is worth more than any scanner.
The scammers behind these campaigns are professional operators, not kids in a bedroom. Falling for one is not a sign of carelessness or age, these messages are engineered to beat a careful reader on a busy day. Treat every unexpected text with a link as suspect until proven otherwise, and the odds move decisively in your favour.