Security & Authenticity
Verify Communications
This page documents every channel, domain, and message type that Claims Passport uses to contact you — so you can confidently distinguish genuine communications from phishing attempts.
⛨ Official Authenticity Record
| Operator | ClaimFinder.com |
| Primary domain | claims.au |
| Verification method | Magic link (no numeric code) |
| Contact channels | SMS · Email |
| Coming soon — not active | |
| Report suspicious messages | security@claims.au |
Official Domains
Every genuine Claims Passport link or sender address uses one of these domains. If you receive a message from any other domain, do not click it.
claims.auPrimary public site and API*.claims.auAny subdomain — same parent domain@claims.auEmail sender domain⚠ Lookalike domains to watch for: claim-passport.com, claimspassport.net, claims-au.com, and similar variations are not affiliated with us. Treat any message from these as suspicious.
How Magic Links Work
Claims Passport uses magic links — not numeric codes. When you need to access your Passport, we send a single-use link directly to your registered mobile or email. There is no code to type.
🔗 What a genuine link looks like
Starts with https://claims.au/
Contains a long, random token — not your name or ID
Single-use and short-lived (expires within minutes)
Sent only when you requested access
⚠ Signs a link may be fraudulent
Domain is not claims.au
Link was unsolicited — you did not request access
Asks you to enter a code or confirm a number
Uses a URL shortener (bit.ly, tinyurl, etc.)
Before clicking: hover over or long-press the link to preview the destination URL. If it does not begin with https://claims.au/, do not proceed.
What Claims Passport May Send
- ✓ A magic link by SMS or email when you request access to your Passport
- ✓ A matter update or notice from a participating service, delivered via your Passport inbox and optionally forwarded to your registered contact
- ✓ A confirmation message when you register for a new matter
- ✓ A security notification if your preferences or contact details change
What Claims Passport Will Never Ask
If you receive a message requesting any of the following, it is not from us.
- ✗ A numeric code to enter or confirm via SMS or email
- ✗ Your password, PIN, or security question answer
- ✗ Government-issued ID, passport, or driver's licence details
- ✗ Payment card number, bank account, BSB, or tax file number
- ✗ To call a phone number to verify your identity
- ✗ To install an app or browser extension to access your Passport
- ✗ Personal details beyond a preferred name and one contact method (Stage 1)
How to Check a Suspicious Message
- Do not click anything. If you are uncertain whether a message is genuine, do not interact with any links or buttons.
- Check the sender domain. For email: look at the full From address — not just the display name. For SMS: the link must start with https://claims.au/.
- Log in directly. Go to claims.au directly in your browser and use the "Access my Passport" link. If the action is real, it will be visible in your Passport inbox.
- Report and delete. Forward the message to security@claims.au then delete it. If it was an SMS, you can also forward it to 7726 (SPAM) — the Australian carrier spam-reporting shortcode.
Report a Suspicious Message
Forward the message to security@claims.au with the subject line Suspicious message.
💬 Contact page
Use the contact page to send a report. Include as much detail as possible — sender, date, message text.
🚩 Report to Australian authorities
If you believe you have been the target of a phishing or scam attempt, you can report it to: