How to protect yourself

Check the platform: how have you been contacted? We’ll only contact you via phone, SMS, email, post or My Medibank push notifications (depending on your communication preferences). For external apps, we will only send you messages from our official Messenger accounts if you contact us on those platforms first. Some of these platforms are WhatsApp, Messenger, iMessage, WeChat, X (Twitter), Product Review and Xiaohongshu^* (“Little Red Book”). If you’re concerned about a message, you can contact us directly on 132 331.

Check the sender's ID: does the sender's name have “From Medibank”? We don’t use “From” as a first name. If you’re ever unsure about a number, call us directly on 132 331.

Check the spelling and grammar: do you notice poor grammar? Genuine communications from us will have correct spelling, grammar, and formatting.

Check the message content: are there unsolicited links, photos, or files? What is the message about? Scammers can embed malware (malicious software) in attachments, which can be downloaded onto your device as soon as you open them. Our messages will always relate to your relationship with us. This can include your health insurance policy, other types of insurance, claims, account matters, health-related services, Medibank partner offers or Live Better rewards.

Check the tone of the message: is it threatening? Is there a sense of urgency? Or are you being offered something that seems too good to be true? We'll never contact you to demand money, ask for your password or sensitive information, or call you outside our business hours unless we’ve previously arranged it with you. (If you have previously placed a security question or PIN on your Medibank account, we’ll use this to confirm your identity every time you contact us.)

Check the sender: what's the sender's email address? We’ll never use email addresses with outsourced domain names such as Gmail, Yahoo or Outlook. If you’re concerned, check the contact information against previous official communications or call us on 132 331.

Check the spelling and grammar: do you notice poor grammar? Genuine communications from us will be appropriately formatted and will have correct spelling, grammar, and formatting.

Check the content: what is the email about? Our messages will always relate to your relationship with us. This can include your health insurance policy, other types of insurance, claims, account matters, health-related services, Medibank partner offers, or Live Better rewards. Scammers are great copying things like official logos and titles. If you’re concerned about the email, log into My Medibank to check your profile, or call us on 132 331.

Check the tone of the message: we'll never pressure you to act quickly, threaten you, or offer you something that seems too good to be true. We'll never contact you to demand money, ask for your password or sensitive information, or call you outside of our business hours unless we've previously arranged it with you. (If you have previously placed a security question or PIN on your Medibank account, we'll use this to confirm your identity every time you contact us.) If you receive any suspicious emails claiming to be from us, report them to Scamwatch.

Check the caller: use caller ID on your phone to verify the number and an Australian location. Calls from us will always go to your mobile or home phone. If you don’t have an Australian number we can video call you via Microsoft Teams if you have provided us with your email address. We won’t call you on external apps like WhatsApp, Messenger, iMessage, WeChat, X (Twitter), Product Review or Xiaohongshu^* (“Little Red Book”). We will only send you messages (not make calls) from our official Messenger accounts if you contact us on those platforms first. 

Check the reason for the call: what is the call about? Make sure it relates to your relationship with us. This can include your health insurance policy, other types of insurance, claims, account matters, health-related services, Medibank partner offers or Live Better rewards. Have you been asked to provide your password? There may be times we call you and need to verify your identity before discussing any details about your account, but we’ll never ask for your passwords. (If you have previously placed a security question or PIN on your Medibank account, we’ll use this to confirm your identity every time you contact us.)

Check the tone: does the caller create a sense of urgency or pressure for you to provide information or make decisions quickly? We will always give you time to think about your response. If you’re unsure about the identity of the caller, hang up and call us directly on 132 331.