Most NDIS scams fall into one of two categories: someone pretending to be the NDIA to get your details, or a provider — real or fake — charging for support you didn't get. Knowing which one you're dealing with changes what you do next.

This guide covers both: what to watch for, how to check a provider is legitimate before you sign anything, and exactly who to call if something's already gone wrong.

The Two Kinds of NDIS Scams — And Why the Difference Matters

There are two different things people mean when they say "NDIS scam," and mixing them up makes the advice confusing.

The first is impersonation — someone pretends to be from the NDIA, a provider, or a government department to get your personal details or money directly from you. The second is dodgy provider billing — a real or fake business that's already working with you (or trying to) charges for support you didn't get, or inflates what they deliver.

They need different responses. Impersonation scams call for caution before you say a word to anyone. Provider billing issues call for checking your invoices against what actually happened.

This article walks through both in order — starting with the one that needs the fastest reaction.

Spotting an Impersonation Scam Before You Hand Over Anything

If someone contacts you out of nowhere asking to "verify" your NDIS number, bank details, or Medicare number, that's the scam. Hang up, don't click the link, and don't reply.

The NDIA will never call, text, or email threatening to cancel your plan unless you pay a "debt" immediately. It won't ask for your password or PIN over the phone. And it won't pressure you to act in the next ten minutes.

Common tactics to watch for:

• Calls or texts claiming your plan is under review or about to be cancelled
• Requests for your NDIS number, date of birth, or bank details "to confirm your identity"
• Unexpected home visits from someone claiming to represent the NDIA
• Pressure to act immediately, before you have time to check with anyone

Here's a pattern that comes up often: a participant receives a text saying their plan funding has been frozen over a "compliance issue," with a link to "verify" their details. The link leads to a page styled to look like the NDIS portal but isn't. Nothing about the message — the urgency, the request for banking details, the generic greeting — is something the real NDIA would send.

If you get contact like this, hang up and reach out to NDIS directly using a number you already trust, not one given to you by the caller. You can also check your plan status yourself through the myplace portal.

Q: Will the NDIA ever ask for my bank details over the phone?

A: No. The NDIA will never call, text, or email asking for your bank account details, NDIS number, or passwords. If you're asked for this information unprompted, treat it as a scam and don't respond.

How to Check a Provider Is Actually Legitimate Before You Sign Anything

Before you sign anything or hand over your NDIS number, take five minutes to check the provider is real.

1. Search the NDIS Provider Register. It lists every currently registered provider, plus any that have had registration suspended or revoked.
2. Confirm their ABN. A legitimate business has a registered ABN you can look up independently — it should match the name on any invoice or agreement.
3. Ask for a written service agreement before you commit. It should set out what's delivered, what it costs, and how cancellations work.
4. Start from a verified list, not an unsolicited contact. If a provider has approached you out of nowhere — a cold call, a text, a social media ad — it's worth checking them against a directory that verifies its listings before you reply.
5. 
   

A pattern that turns up often: a participant finds a provider through a social media ad promising fast availability, almost signs on the spot, then pauses to check the Provider Register first. The business isn't listed, and the ABN on the invoice template doesn't match the business name. That five-minute check is usually all it takes.

Registered vs. unregistered — does it change your risk?

	Registered providers	Unregistered providers
Oversight	Audited and regulated by the NDIS Commission	Not audited, but still bound by the NDIS Code of Conduct
Who can use them	Anyone — required for NDIA-managed plans	Plan-managed or self-managed participants only
Verification	Listed on the official Provider Register	No central register — verify ABN and service agreement directly

Unregistered doesn't automatically mean risky. Plenty of solid providers choose not to register because of the cost and admin involved. It does mean the verification step sits with you, not a regulator.

What a legitimate service agreement should actually include

Service agreement: A written document between you and a provider that sets out what supports will be delivered, how much they cost, and the terms for changes or cancellations.

A proper one names the provider's ABN, lists specific support items and rates rather than vague bundles, and spells out cancellation and complaint processes. If a provider is reluctant to put any of this in writing, that's worth pausing on.

Billing Red Flags to Watch Once You're Already Working With Someone

Even with a legitimate, registered provider, billing mistakes — and occasionally deliberate overcharging — happen. It's worth checking invoices against your NDIS portal regularly, not just at plan review time.

Watch for:

• Invoices for support you didn't receive, or for days you weren't actually supported
• Charges that don't match the rate in your service agreement 
• 
  
• Vague line items instead of specific support codes and dates 
• 
  
• Pressure to accept extra services you didn't ask for, especially with incentives attached
• A provider who avoids explaining a charge when you ask directly
• 
  

A pattern that turns up reasonably often: a participant's plan manager flags a duplicate invoice — the same support coordination session billed twice in one fortnight, under slightly different line item descriptions. On its own it could be an admin error. The participant raises it, the provider can't produce notes for one of the two sessions, and it turns out to be a genuine billing issue rather than a one-off slip.

If you're not sure whether a charge is even allowed under your plan, SupportSearch's Rulebook Explorer breaks down NDIS billing and cancellation rules in plain English.

What to do if a charge looks wrong

Don't assume it's deliberate. Raise it directly with the provider first and ask them to explain or correct it. If they can't, or the pattern repeats, that's when it moves from a billing error to something worth reporting.

What to Do If You Think You've Been Scammed

If you're worried you've been targeted, call the NDIS Fraud Reporting and Scams Helpline on 1800 650 717, Monday to Friday between 9am and 5pm AEST, or email fraudreporting@ndis.gov.au. A family member, friend, nominee, or your NDIS partner can lodge a report on your behalf if that's easier.

If the issue is overcharging rather than outright fraud, that goes to the NDIS Commission specifically — a slightly different process from the fraud helpline, so it's worth knowing which door to knock on.

Reporting doesn't put your own plan or funding at risk. The taskforce coordinating this work — the NDIA, the NDIS Commission, and several other government agencies — has already removed more than 2,500 providers showing patterns of incorrect or non-compliant claims, so reports genuinely lead somewhere.

Before you call, it helps to have ready:

• Dates and details of contact (calls, texts, emails)
• Any invoices, service agreements, or bank records involved
• The provider's name and ABN, if you have it

SupportSearch's Resources page links directly to the official NDIS Commission and fraud reporting pages if you'd rather go straight to the source.

Start With a Verified Search

The easiest way to avoid most of this is to start from a checked list, not whoever contacts you first. Search 20,000+ verified NDIS providers on SupportSearch by location and service type, and know who you're dealing with before you hand over any details.