Latest security alerts

Metro Finance is aware that some of our customers have been receiving suspicious communications purporting to be from Metro Finance. Do not click on any links or reply to any emails that are not from Metro Finance. These emails are designed to lure you into providing sensitive information such as usernames, passwords, banking and credit card information.

How to identify phishing emails?

Please find below a few examples of phishing emails that may have been received.



Using the example above, here are a few signs the email you received may be a phishing email.

1. Sender address

The sender address might be unusual, misspelled or slightly different from the correct address. It’s important to always check who the email domain belongs to, – legitimate Metro Finance emails are always sent from an email address ending in @metrofin.com.au.

2. Generic greetings and sign offs

Phishing emails are sent out to hundreds of people at once and usually include generic greetings and sign-offs.

3. Poor grammar and spelling

Email content with poor grammar and spelling is a common sign of phishing or spam like emails however, it isn’t always the case. Remember, criminals can use spell check too.

4. Suspicious links and fake websites

Often an attachment will appear to be a PDF, image or Office file, but when you try to open the document, it tries to run a program or script intended to infect your device with malicious software.

5. Malicious attachment

Often an attachment will appear to be a PDF, image or Office file, but when you try to open the document, it tries to run a program or script intended to infect your device with malicious software.

6. File sharing phishing

Increased use of file-sharing services such as Dropbox, Google Drive and OneDrive has led to an increase in fake emails pretending to be links to documents. These emails contain links to lookalike file-sharing websites designed to steal your credentials or download malicious software on your device.

7. Do a sense check

Phishing emails are often received unexpectedly. Ask yourself; were you expecting an email from us? Were you waiting on a response? Is the email relevant to any previous communications? Was the email sent within usual business hours?

What to do if you get 'phished'

If you are suspect of an email or text message, don't respond to requests for information and don’t click on any links or open attachments. Contact the organisation the communication is purporting to be from on an externally verified contact source such as Google.
If you have potentially provided personal information to the scammer, there are steps you can take to help prevent further misuse of your information:
  • Update and run anti-virus software on all Internet-enabled devices.
  • Reset all passwords and PINs.
  • Contact your financial institution and let them know what's happened.
  • Review where you keep your personal information on your devices, such as emails and hard drive and remove unnecessary items.
  • Check your credit report to see if someone is accessing credit in your name. There are 3 credit reporting bureaus in Australia which are listed below.

Helpful resources:

You can obtain a free copy of your credit report from each of the consumer Credit Reporting Agencies. Please ensure you are using a device that uses anti-virus and that the anti-virus is updated.
Learn more about protecting yourself online by visiting www.idcare.org


To confirm the legitimacy of any email or communication, or if you have clicked the link and provided your details, please call our customer service team on 1300 362 627.