Australians lost A$176m to scams in 2020

Australians lost A$176.1m to scams in 2020, up 23.1% from the A$142.9m reported in 2019, according to the Australian Competition and Consumer Commission’s Scamwatch.

The total number of scams rose to 216,089 in 2020, 28.8% higher than the 167,795 recorded in 2019.

More money was lost in December than in any other month in 2020. The last month of the year saw a combined loss of A$22.4m, up 19.7% from the A$18.7m lost in November.

Some 20,241 scams were reported in December across the country, down 16.3% from the 22,122 reported in November.

The most damaging types of scam over the past year in terms of money lost were investment scams (A$66.4m), dating and romance scams (A$37.2m), false billing (A$18m), threats to life or arrest (A$11.5m) and online shopping scams (A$8.4m).

Phishing was once again the most reported type of scam, but with much larger numbers than in 2019. Over the past year, Australians reported 44,084 phishing attacks, up 75% from the 25,168 reported the previous year.

In 2020, the most “profitable” delivery method used by scammers was via phone calls and emails.

Australians lost A$48m to illegitimate phone calls in 2020, up from A$32.6m lost in 2019. Phone calls were also the most prevalent delivery method, with a total of 103,153 attacks in 2020, significantly higher than the 69,521 reported in 2019.

Email attacks also went up from 40,277 reported attacks in 2019 to 47,502 in 2020. Money stolen via emails also rose from A$28.4m in 2019 to A$34.3m in 2020.

Crispin Kerr, Proofpoint’s area vice-president for Australia and New Zealand, said: “After the consistently high level of scam activity we’ve witnessed month-to-month throughout 2020, these annual statistics paint the real picture of the unfortunate growth we’ve seen.

“The huge rise in phishing scams is perhaps the most concerning statistic of all in terms of sheer volume. However, as a tactic used by scammers, it’s not surprising to see that phishing was again so popular. It has a low entry barrier for cyber criminals with a high-value return. Phishing emails are very easy to create, require little technical knowledge and, most importantly, depend solely on one user clicking to succeed.

“Unfortunately, threat actors have actively been using social engineering to convince people to click a link or open attachments, by playing on people’s fears relating to Covid-19, throughout the year.”

Kerr added: “As we enter 2021, with promising news of vaccine roll-outs taking place, we would advise people to remain vigilant against these types of phishing attack as scammers will follow the news cycle closely to adapt their tactics and lures to topical themes.

“Individuals should never click on links, open attachments, or disclose sensitive/financial information in response to unsolicited communications.”

Earlier this month, scammers claiming to be from the Australian Cyber Security Centre (ACSC) were reportedly tricking Australians into revealing their passwords and other personal information.

In an alert issued on 6 January, the ACSC said the scammers had used its name to send emails to individuals claiming that their computers were compromised, along with a malicious link requesting they download an “antivirus” software to resolve the issue.

If clicked on, the link downloads and installs malicious software onto the individual’s computer.

The ACSC also warned of reports of cyber criminals calling individuals from a spoofed Australian phone number, requesting that they download remote access tools such as TeamViewer or AnyDesk onto their device to resolve malware issues.

The scammers then attempt to persuade recipients to take actions, such as entering a URL into a browser and accessing online banking services, which then compromises their computer to reveal banking information.