BUPA spam, not a scam?

We were somewhat dubious when we received an e-mail from health provider BUPA with a promise to We’ll soon be sending you a payment of $364.00
the e-mail looks authentic and asks as do so many spam e-mails to upload your bank details. Hovering over the links in the e-mail the urls do not contain any recognisable links to a BUPA site, and it looked like a well thought out scam.
Also BUPA on its Security and fraud protection webpage

Please be aware that Bupa will never:

  • ask you to provide information such as your account details, password, banking information or myBupa login details on an unsolicited basis or unsecure channel such as email.

Whilst this does actually appear to be genuine, given these days of hacked health accounts and scams, I am not sure this is the best way to go about doing this in the current climate of distrust.


Welcome @tony.flaherty to the community.

You have come to the conclusion that as Bupa says they will not ask for any bank account details over email, then what you have received is a scam email.

Bupa were refunding money to members, but I suggest you give them a call about this, and do not respond in any way to the scam email.

In the email you received, the link to update bank details is very different to the secure link specified in the linked item from Bupa. Come on, seriously, bupa.oom?


Hi @tony.flaherty.
I’ve also received a ‘We’re returning Covid-19 claims savings back to you’ email from my private health insurer (not Bupa) but they’re going to do that:
‘Via a contribution on your policy…which covers your normal payment for…no need for you to do anything’
I would certainly call them before emailing any details :slightly_smiling_face:


It likely is a genuine attempt to communicate with you the member. One can never be too sure! Contact BUPA using the phone number listed on your membership card or annual statement.

BUPA is not alone in sending emails to its customers full of imbedded links to better serve us the customer. Over many years of doing so they’ve created an environment in which many of us have become accustomed to tapping on emailed links to transact business. These days it requires more than average ability to determine what is assured of being genuine.

Here’s a portion of what I received.

Two details in the remainder of the email suggest it may be genuine. They include the last 4 digits of my member number and last 4 digits of the bank account I previously linked to receive refunds. This suggested a genuine email, assuming it had not been tampered with. As I had no need to respond I simply checked the bank account and noticed a deposit several days on.

A very concerning observation on the reliance BUPA place on the integrity of email and users clicking it tapping on links. Hopefully always to a safe place.
I quickly counted 12 different opportunities within the email to click on links supposedly all provided by BUPA to help serve us better.”


I have had a quick look at the website, and it is silent in relation to the information you received in the email.

Try logging into your BUPA account and see if there are any messages/links indicating that they are reimbursing members.

If the account area also doesn’t contain any information, I would not be clicking on any links in the email or providing any personal information until such time its authenticity is substantiated with BUPA.

See if you can send a PM through your account login (I am not a BUPA member so don’t know if it is possible) or contact them using one of these methods:

It does seem strange to ask for bank details as if one has a direct debit payment with them, they already have your banking details. If one’s payment is by credit card, they should be able to refund the amount to the card. I can see that if you manually BPay or EFT each time a premium is due, they might not have the means to issue the refund.


On the first searching the BUPA website for “giveback” will provide the following. It took more than a quick look to work that one out.

On the second, being a BUPA member I can confirm that logging into one’s account or using your MyBUPA App will also find similar content. It’s as secure a method as any online these days. IE only as secure as the latest software updates and devices can be at the consumer end. Unfortunately security at the other end (multiple businesses) remains open to ongoing failures.


I think that the method used by my private health insurance, which is providing a credit instead of a refund for the Covid19 savings, would be the safest as far as online risks are concerned? It also prevents anxiety that the email asking for bank details is a scam?


Just received an email from my health fund, HCF, about my cashback.

Pleasing to see no links to click on about updating bank details.


I know some health funds are returning money to members - I have received a relatively small amount from mine and so has my partner.

However, your health fund probably already has your bank account details for the payment of refunds - why would they ask again?

We too received one from HCF and because they have our bank details they didn’t need to ask for anything. I noticed the amount in our account today.