The State Debt Recovery (SDR) website and all online services will be unavailable between 7.00am on Saturday, 11 March and 7.00pm on Sunday, 12 March due to scheduled maintenance. We apologise for any inconvenience.
Email a link to this pagePrint this pageReduce font sizeIncrease font size


Prevent fraud and scams

You can check the validity of the fine by entering the penalty number at myPenalty on our website.

Latest scams

To keep informed of the latest scams and how to protect your online safety and security, subscribe to the Stay Smart Online Alert Service.

Updated 13/02/2015:

Enforcement order

Email scams

Scam emails (also known as 'phishing') seek to trick people into giving out personal or financial information, such as credit card details, to enable fraud and identity theft. These fake emails are designed and written to look as though they come from legitimate businesses, and often contain a corporate logo and link to a fraudulent copy of the real website.

Important: State Debt Recovery Office do not issue fines by email in the first instance. They may send you a reminder by email or SMS for a fine you have already received by post, in person or on a vehicle.

If you think you received a scam email:

  • Report the scam to Scamwatch immediately
  • Advise SDR on 1300 655 805
  • Delete it immediately from your inbox and sent folder if you have forwarded it
  • Do not click on any links, open any attachments (as they may contain viruses) or call any numbers.

How to spot a scam email

  • NSW government email addresses always end in * Please treat any communications about penalty notices with an address containing *.org, *.com, *.net, *, * or other variations anywhere within the address as suspicious
  • Does it ask for sensitive financial information?
  • Does the email have poor grammar and punctuation?
  • Are words spelt wrongly?

If you have clicked on an attachment in a suspicious email

If you believe your security has been compromised, you should contact your local computer service provider. Do not use online payment until you have up-to-date security software on your computer. If you don’t have such software, we suggest you install one of the free security tools available online, then perform a thorough scan of your system.


The examples below show some things to look for:

Scam email incorrect email domain example

Scam email incorrect email capitalisation and spelling example

Scam email incorrect domain example

Malicious software

Malicious software (also known as Malware) is an intrusive program that fraudsters try to install on your computer or device. Malware, such as a virus or Trojan, can disrupt or slow down operation, gather personal and financial details, extract funds or perform other fraudulent activities under your name.

Malware is often sent as a link to a website or as an attachment to emails claiming to be from a trusted source, or disguised as genuine software.

What to do if you think you have malware

  • Trust your instinct if something feels suspicious. If it doesn't look quite right, assume it's not
  • Stop what you are doing - close the browser or exit the app, do not open attachments
  • Update security software and scan your PC/device to remove threats
  • Seek assistance from your computer service provider
  • Use another device, check for anomalies and payment history
  • Report any suspected fraud to Scamwatch and us immediately.

Ways to spot a malware infection

  • Unusually slow loading of pages or the appearance of strange error, pop-up or "Please Wait" messages
  • Incorrect SMS Protect payment confirmations
  • Requests for personal information like credit card details, phone numbers or driver licence
  • Unfamiliar processes such as requests to verify payments, enter SMS or token codes where you did not add payee(s)
  • Unusual changes to the usual payment pages, e.g. displaying upgrade or 'under maintenance' messages
  • Irregular webpage layout such as missing fields or additional buttons
  • Your web browser starts on a different homepage than normal
  • Random error messages appear or
  • New toolbars and icons have been installed.

Install online security

It is preferable that you have a commercial security product installed (i.e. AntiVirus package), however at a minimum there are free security tools available online. If you believe your system has been compromised, or notice a transaction you did not make, contact your financial institution and refer to information on either Scamwatch or Stay Smart Online.


Protect yourself

  • Identify and delete hoax emails – SDRO does not send fines in the first instance by email or SMS. Fines are issued by post, in person or on a vehicle. We will never send you an email asking for sensitive financial information. Do not open attachments or click on links within hoax emails as they may contain viruses
  • Delete SPAM - don't open emails from a source you don't trust. Even better, check if your Internet service provider offers a spam filtering service
  • Phishing filter - the latest browsers offer a built-in filter that scans web pages you visit for characteristics associated with known online web fraud or phishing scams, and warns you that such sites might be suspicious
  • Always access by typing the address into your browser, checking that you're connected to the legitimate SDRO website. And always close the site or payment page when finished
  • Protect your identity - never provide your personal or security details, including credit card or bank account details, in response to any email, even if it looks legitimate
  • Confirm that your data is encrypted - by ensuring a symbol of a lock appears within the browser
  • Regularly check your bank statements for any transactions that look suspicious.

Protect your family

  • Create different user accounts - admin access for parents, and restricted accounts for children
  • Block inappropriate content with an internet content filter.

Protect your business

  • Keep data safe: implementing a regular backup procedure is a simple way to safeguard critical business data. Setting permissions and using encryption will also help
  • Set rules for Internet usage at work - unscrupulous web sites, as well as pop-ups and animations, can be dangerous. Set rules about Internet usage to protect your business and your employees
  • Remote access may be a business necessity, but it is also a security risk you need to closely monitor. Use strong passwords and be especially cautious about wireless networks
  • Protect your website with a controlled 3rd party 'ethical hack', which can help assess and mitigate the risks for Internet security, independent of any vendor.

Protect your software

Updating your operating system on a regular basis is the first line of defence in keeping your computer secure. Updates (see if they can be automated) help prevent data loss, viruses and other potential risks. Microsoft Windows and Apple Mac OS are the most common operating systems.

Updating your browser on a regular basis to the latest supported version is also strongly recommended.

Last updated: 24 November 2016