The short answer
Austria's official routes in 2026: file a criminal complaint (Anzeige) at any police station (Polizeiinspektion), or call 133 in an emergency; report cybercrime to the Bundeskriminalamt at against-cybercrime@bmi.gv.at; report fake shops and phishing to Watchlist Internet, and online-purchase disputes to the Internet Ombudsstelle; check and report investment fraud via the FMA; report nuisance calls and SMS to RTR; and get free victim support from the Opfer-Notruf on 0800 112 112. Crucially, under the Zahlungsdienstegesetz 2018 (ZaDiG) your bank must refund an unauthorised payment and your liability is capped at €50 — but money you transferred yourself under deception is generally not refundable, because Austria has no UK-style mandatory-reimbursement rule.
If you have been scammed in Austria, two things matter most in the first 24 hours: stopping any further loss and creating a record while the evidence still exists. Everything downstream — which authority, which form, which refund argument — depends on getting those two right. The complication is that Austria, like Germany, has no single place to report, so the order below is built to be the fastest path through a system with several separate doors.
If you are reading this with a transaction you already regret, skip to if money has already moved. A same-day bank recall is sometimes the only thing that works.
The hard truth first: Austria refunds the hack, not the con
This matters most, because it sets your expectations correctly before you spend a week chasing the wrong outcome.
Austrian law draws a sharp line between two kinds of loss, through the Zahlungsdienstegesetz 2018 (ZaDiG) — the national implementation of the EU Payment Services Directive. If a payment was unauthorised — someone used your card or got into your account without permission — your bank must refund it, and your own liability is generally capped at €50 unless you were grossly negligent. That part works reasonably well.
But if you authorised the payment yourself because you were deceived — you logged in and sent the transfer because a convincing "bank officer" or "investment adviser" told you to — that is legally a valid instruction, and the ZaDiG refund does not apply. There is no Austrian equivalent of the UK rule that forces banks to reimburse this kind of authorised-push-payment fraud.
This is the same gap that strands victims across the EU and the United States — and the opposite of Britain's position. The UK's Payment Systems Regulator now
requires banks to refund deception-based transfers up to £85,000, as we covered in
the UK reporting guide. Austria has no such rule, and as of 2026 the EU-wide PSD3/PSR reform that might narrow the gap is still only provisional. So in Austria the realistic recovery levers for a deception transfer are speed (a same-day bank recall), the free banking conciliation body, or a civil claim — not an automatic refund.
There is no single front door — and the email channel is not a complaint
This is the detail that catches people out. Austria has a national cybercrime reporting address, but emailing it is not the same as filing a criminal complaint, and you usually want to do both.
—The criminal complaint — an Anzeige at any Polizeiinspektion. This is the report that can open an investigation. You file it in person at any police station; Austria does not yet accept a full formal complaint purely by email. In an emergency, or if money is moving now, call 133.
—The cybercrime channel — against-cybercrime@bmi.gv.at. The Bundeskriminalamt's Cybercrime Competence Center (C4) runs this email channel for reporting suspected internet crime and seeking guidance. It feeds the national intelligence picture, but on its own it does not file a formal complaint.
—The warning network — Watchlist Internet. Run by the non-profit ÖIAT, watchlist-internet.at is Austria's best-known public list of fraudulent shops, phishing and investment-fraud campaigns. Check it before paying a new shop, and report anything new.
—Keep the case reference. Whatever channel you use, note any reference number you are given — your bank or the conciliation body may ask for it.
The full Austrian reporting directory, by scam type
Different scams route to different specialists. Using the right one matters more than reporting to all of them.
—Any fraud where you lost money. File an Anzeige at any Polizeiinspektion (133 in an emergency), and report it to the Bundeskriminalamt at against-cybercrime@bmi.gv.at. The Anzeige is the criminal-side foundation; the BK channel feeds the national picture.
—A fake online shop, phishing email, or fraud platform. Report it to Watchlist Internet (watchlist-internet.at), which warns the public and tracks campaigns. Tell your bank too if a message impersonated it.
—An online-shopping or contract dispute. The Internet Ombudsstelle (ombudsstelle.at), also run by ÖIAT, mediates consumer e-commerce disputes — undelivered goods, dodgy subscriptions, refund refusals — for free.
—Investment, crypto, or fake-broker fraud. The FMA (Finanzmarktaufsicht). Check its investor warnings (Investorenwarnungen) before investing and report an unlicensed provider. The FMA cannot recover funds, but a warning flags the operation publicly.
—Nuisance calls and fraudulent SMS senders. RTR (Rundfunk und Telekom Regulierungs-GmbH) handles number misuse (Rufnummernmissbrauch). Report a fraudulent Austrian number or SMS sender to it.
—Misuse of your personal data. The Datenschutzbehörde (DSB) handles data-protection complaints. File the Anzeige as well if the data was used to defraud you.
—A scam you spotted but did not fall for. Still report it — to Watchlist Internet, to the FMA for fake investment offers. No-loss reports still build the intelligence picture that targets the operators.
—You need a human to talk to. The Opfer-Notruf on 0800 112 112 (WEISSER RING, on behalf of the Justice Ministry) — free, around the clock, German and English. For consumer questions, the Arbeiterkammer (AK) and the Verein für Konsumenteninformation (VKI).
If money has already moved — the first 24 hours
Speed is the whole game, especially in Austria where there is no automatic refund to fall back on for a transfer you authorised. This is the maximum-recovery order:
1Block the card through your bank's 24/7 hotline or app if your card or online banking may be compromised. Then call the bank's fraud line. If the transaction was unauthorised (you did not make it), say clearly you are disputing it under the ZaDiG, ask them to attempt a recall, and get a reference in writing.
2File an Anzeige in person at any Polizeiinspektion. In an emergency, 133. You will be recorded as the injured party and given a case reference — keep it.
3Document everything in one place. Screenshot the conversation, the scammer's numbers, emails and fake websites, and the transaction details (date, time, amount, recipient name and IBAN). Save it as a single PDF before the accounts vanish.
6Block the scammer everywhere and stop engaging. Any "recovery" offer that follows — a lawyer, an agency, someone claiming to be the police, the BK or the FMA — is the second scam. We covered the pattern in the recovery-scams piece. 7If the bank wrongly refuses to refund an unauthorised payment, escalate free of charge to the Gemeinsame Schlichtungsstelle der Österreichischen Kreditwirtschaft. For a deception-based transfer you authorised, conciliation and, if needed, a civil claim are the realistic routes.
8Call the Opfer-Notruf on 0800 112 112 (WEISSER RING) for free, confidential support — around the clock, German and English. A good first human call if the process feels overwhelming.
Within days of any public post or report about your loss, "recovery scammers" will find you. They will pose as a law firm, a "Rückbuchung" or fund-recovery specialist, or even the police, the BK or the FMA, and ask for an upfront fee or your banking details. Real Austrian channels — your bank, the police, the FMA, the banking conciliation body, the Opfer-Notruf — never charge upfront to recover money, and authorities never cold-call demanding payment. See
the recovery-scams piece for the full pattern.
The Austrian numbers — and why the "decline" is misleading
The Bundeskriminalamt's Cybercrime-Report 2024 is the most recent national picture. The headline figures, all from named sources — and one important caveat:
—62,328 cybercrime offences were reported in 2024 — down 5.4%. The first annual decline in a decade, after years of steep growth.
—But part of that fall is a counting change, not a real drop. A 2023 ruling by the Oberster Gerichtshof (OGH) held that withdrawals made with a foreign ATM card no longer satisfy §148a StGB (betrügerischer Datenverarbeitungsmissbrauch), so a whole category of cases left the statistics. The 'decline' partly reflects how offences are counted, not a safer year.
—Internet fraud is still the largest slice — 31,768 reports. Down 6.75% from 34,069 in 2023, but by far the most common cybercrime Austrians actually experience, centred on fraudulent online orders and fake shops.
—The clearance rate rose to 31.7%. About one in three offences was solved — better than before, but still a minority, which is why prevention matters more than the prospect of recovery.
—109 ransomware cases were reported, with LockBit prominent. Interior Minister Gerhard Karner has repeatedly described cybercrime as the fastest-growing area of the crime statistics, roughly doubling over five years — the long-term trend the single-year dip does not change.
The habits that keep you out of the reporting machinery entirely
Reporting is downstream. Prevention is upstream, and three habits stop most Austrian scams cold:
—Never transfer money or read out a TAN because of a call you did not initiate. Real banks, the real police, and real authorities never phone to demand an urgent transfer to a 'safe account' or a TAN to 'secure' your money. Hang up and call the institution back on the number from your card or its official site.
—Treat the fake-police and bank-officer scripts as automatic red flags. A caller claiming to be the police, a prosecutor, or a bank's fraud team, pressuring you to move money or hand over codes, is running a known script. The same voice-and-pressure playbook drives the shock-call and family-imposter scams covered in the family-impersonation piece. —Treat any money conversation that moves onto a messaging app as hostile until verified. Investment 'advisers', recruiters, and romance contacts in Austria overwhelmingly pivot to WhatsApp or Telegram. The move off a verifiable platform onto a private chat is the single most reliable scam signal.
If you are unsure whether something is a scam before any money moves, the fastest second opinion is the Scam Checker on this site, or our free case review. Both are read by a human and answered within 24 hours.
From the field. The Austrian pattern we see most in 2026 is the fake online shop and the fake-delivery text — which is exactly why Watchlist Internet exists and is worth bookmarking before you ever need it. But the most damaging cases are still the shock-call and the bank-officer call: an older person is told their account is compromised or a relative is in trouble, and is walked, urgently, into authorising a transfer themselves. Because the victim enters the instruction, the bank treats it as authorised and the ZaDiG refund does not apply. That legal reality is precisely why the prevention rule below matters more than the entire reporting machinery downstream of it: once the transfer leaves on your own instruction, the law is rarely on your side.
One rule, end to end
If you take one habit from this piece, take this: any unsolicited call, message, or email that pressures you to move money or share a code is a scam until you have hung up and verified it by calling the institution back on a number you already trust. In a country with no automatic refund for a transfer you authorised, that one pause is worth more than the entire reporting machinery downstream of it.
In Austria and not sure where to start? Let's look at it together.
Describe the message, the call, the transaction. A real expert reviews every case and replies within 24 hours. Free, confidential, no pressure.
Common questions about reporting a scam in Austria
Is there one place to report all scams in Austria?
Not quite. You can report cybercrime to the Bundeskriminalamt (BK) by email at against-cybercrime@bmi.gv.at — its Cybercrime Competence Center (C4) — but that is an intelligence and advice channel, not a formal complaint. To open a criminal case you file an Anzeige at any police station (Polizeiinspektion), or call 133 in an emergency. On top of that, specific scams route to specialists: fake shops and phishing to Watchlist Internet, online-shopping disputes to the Internet Ombudsstelle, investment fraud to the FMA, and nuisance calls or SMS to RTR. The practical order: file the Anzeige, then add the specialist report that matches the scam.
Will my Austrian bank refund money I lost to a scam?
It depends on one distinction. Austria implements the EU Payment Services Directive as the Zahlungsdienstegesetz 2018 (ZaDiG). If the payment was unauthorised — someone used your card or accessed your account without permission — your bank must refund it, and your own liability is generally capped at €50 unless you acted with gross negligence. But if you authorised the payment yourself because you were deceived, that counts as a valid instruction, and Austria has no equivalent of the UK rule forcing banks to reimburse this kind of authorised-push-payment fraud. So it refunds the hack, not the con. Report it anyway — speed still matters for any chance of a recall.
How do I report a fake online shop or phishing message in Austria?
Watchlist Internet (watchlist-internet.at) is the Austrian reference point. Run by the non-profit ÖIAT, it maintains a constantly updated list of fraudulent online shops, fake-delivery and phishing campaigns, and investment-fraud platforms, and lets you report new ones. Check a shop against it before you pay, and report anything new you encounter. If you have already lost money, also file an Anzeige with the police and, for an online-purchase dispute, contact the Internet Ombudsstelle (ombudsstelle.at), which mediates consumer e-commerce disputes for free.
How do I check whether an investment platform is legitimate in Austria?
Use the FMA, the Finanzmarktaufsicht (Austrian Financial Market Authority). Before sending money, check the FMA's investor warnings (Investorenwarnungen) and confirm the firm is licensed to offer financial services in Austria. The FMA cannot recover your money, but its warnings are how a large share of fake-broker, cloned-firm, and bogus crypto-platform operations get publicly flagged. Fake crypto platforms and 'guaranteed return' tips that pivot onto WhatsApp or Telegram are the dominant Austrian investment-fraud pattern.
Where can a scam victim get free human help in Austria?
Call the Opfer-Notruf on 0800 112 112 — the victim helpline run by WEISSER RING on behalf of the Federal Ministry of Justice (BMJ). It is free, available around the clock, and offers professional legal and psychosocial support in German and English. WEISSER RING is Austria's central point of contact for crime victims and can guide you through reporting and the aftermath. For consumer and contract questions, the Arbeiterkammer (AK) and the Verein für Konsumenteninformation (VKI) advise consumers. None of these will ever charge an upfront fee to 'recover' your money.
Sources & further reading
Every figure in this piece is drawn from these authorities. Click any of them to verify.