Scams bring out the worst side of human nature—and, unfortunately, too many Australians have been targets lately. The Australian Competition and Consumer Commission’s (ACCC) Scamwatch reports that Australians lost a record $323.7 million to scams in 2021. That’s an 84% increase from 2020. And the number of reports—286,608—is up 32% year over year.
The charts below detail the reported incidents and associated financial losses:
Figure 1. ACCC Scamwatch data showing scam trends from 2019, 2020 and 2021.
Figure 2. The amount Australians lost to all scams in 2020 compared with 2021, according to ACCC Scamwatch.
Phishing: the most reported scam type in 2021
Investment scams and data and romance scams cost Australians the most in 2021. Investment scams alone accounted for more than half of all the money lost to scams in 2021, setting a record $177 million from 9,663 reports. Also, the amount Australians lost last year to investment scams was 32% higher than 2020’s total.
Dating and romance scams ranked second in terms of the total financial loss, with Australians losing $56 million to these schemes—a 56% increase from 2020. These scams were also among the costliest, in general: 40% of all reports of these scams last year were incidents where victims lost money. The ACCC Scamwatch report also notes that social networking sites helped generate the highest amount of financial loss related to dating and romance scams last year, at $22 million.
Phishing scams attempting to gain personal information received the highest number of reports in 2021, representing one-quarter of all scams reported to the ACCC. Reports of phishing scams also significantly increased over the past year by 61%. These scams are all targeting people and their vulnerability. That’s why a people-centric approach to defending against attacks is essential.
Figure 3. Lists of the top 10 scams by money lost and number of reports, based on ACCC Scamwatch data.
When we look at delivery methods, phone scams were the most popular, constituting half of the total number of all scams reported in 2021. Text message scams emerged as the second most reported scam type in 2021, overtaking email scams. But they were also one of the least profitable scam types, accounting for only 3% of the money lost by Australians in 2021.
Social networking, internet and email are the costliest scams, and they collectively make up 48% of the total reported money lost. However, they only constitute 18% of the reported number of scams.
Figure 4. ACCC Scamwatch data about scam delivery methods observed in 2021.
Fraudster tricks that endure: previous findings by Proofpoint Threat Research
None of the scam tactics and lures listed above are new—but they’re effective, and they take advantage of people’s desire to communicate and connect with each other. For years, the Proofpoint Threat Research team has observed malicious actors using dating or romance lures in email or social networking sites to seize on the vulnerability of lovelorn individuals. We also recently saw a threat campaign where threat actors repurposed Hupigon and used dating to target faculty and students at colleges and universities.
False billing or redirected payments are common phishing schemes in today’s threat landscape. Fake invoices are often sent as email attachments or linked to from malicious URLs—even adapting to local languages and serving easy-to-buy (only USD $19.99!) commodity malware. Another recent example of this scam type is a false billing Amazon scheme encouraging users to “update payment information” in Amazon.
Cybersecurity’s evolved mission: protecting people
The numbers in the ACCC Scamwatch report only reflect the disruption from reported, successful attacks. Imagine the true reach and scope of the problem to the Australian public?
As cybersecurity professionals, we know firsthand how criminals use technology to exploit people. The increasing social significance of cybersecurity is an encouraging necessity, as the impact of cyberattacks on society will only continue grow as more of our lives operate on the internet.
Thus, the mission (if we choose to accept it) is to make the internet a safer place for people to operate—and, in turn, foster trust back into the technologies that we rely on every day. That’s why we’re building solutions at Proofpoint that feature a people-centric platform approach to cybersecurity and compliance.
Following are some ways that you can help your organization stay vigilant against cyber threats:
- Evaluate threat protections within and beyond your perimeter. Limit attackers’ tool sets by gaining visibility into the threat landscape and managing your digital footprint to reduce your personal and organizational attack surface. This includes introducing practices such as Domain Fraud Monitoring, which is managing relevant web domain registrations and taking down fraudulent sites (e.g., brand “lookalike” sites), as recommended by the Australian Cyber Security Centre (ACSC) Prevention and Protection Guidelines for Email.
- Implement email authentication as a powerful tool to combat email fraud. Getting started with DMARC can be rocky, but the journey can be made easier with help—and it’s well worth it.
- Ensure your plans to protect information in mobile and cloud apps are intact. Modern information protection needs to be device and infrastructure-agnostic. It also needs to work, whether it’s accessed on a mobile phone or a desktop web browser, hosted on-premises or in the cloud.
- Build security awareness everywhere—and with everyone. Security awareness needs to be more than the once-a-year training required by management. Normalize talking about cybersecurity with employees, customers and loved ones. Change user behaviour to recognize threats so that everyone is part of the solution.
Also, be sure to check out the tips that the ACCC offers on how to protect yourself from scams. You can also amp up your cybersecurity education journey with the Proofpoint Phishing Awareness Kit. And to learn more about recent trends in the threat landscape, view our free, on-demand webinar, “The Human Factor Report Findings: Cybersecurity, Ransomware and Email Fraud in a Year That Changed the World.”