The information in the email is often obtained from the internet from previously-known data breaches.
If the email includes a password that you recognise, or is similar to one you are currently using, you should change all accounts that use this password. Make sure to use a strong password and don’t reuse passwords across different accounts. Follow advice in our Small Business Cyber Security Guide.
If you still have concerns, then lodge a report to the Office of the eSafety Commissioner, who will provide further advice and support.
To find out where your email may have been included as part of a data breach, visit Have I Been Pwned.
Refrain from giving the scammer money and cease all contact.
If you have concerns about your physical safety, call Triple Zero (000) or contact your local police.
Further information on securing your online accounts can be found in the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC) Easy Steps Guides.
The ASD's ACSC manages ReportCyber, a place for individuals, businesses and large organisations to report a variety of computer-enabled crimes to law enforcement, including online frauds, ransomware, identity theft, romance scams, online image abuse and business email compromise.