Australians lost a record $3.1 billion to scams last year

The Australian Competition & Consumer Commission (ACCC) says Australians lost a record $3.1 billion to scams in 2022, an 80% increase over the total losses recorded in 2021.

Most of the losses concern investment scams, which accounted for $1.5 billion, followed by remote access scams that resulted in losses of $229 million, and payment redirection scams that cost victims another $224 million.

These figures are based on data collected by ACCC’s Scamwatch, ReportCyber, the Australian Financial Crimes Exchange (AFCX), IDCARE, and various other government agencies.

According to ACCC, the number of scam reports submitted to Scamwatch last year was just under 240,000, 16.5% lower than in 2021. However, the financial losses per victim rose by 50% to an average of $20,000.

ACCC’s Deputy Chair Catriona Lowe commented that this increase in the effectiveness of scams results from a growing sophistication in the themes used by the attackers, making the scams more believable.

“We have seen alarming new tactics emerge which make scams incredibly difficult to detect,” commented Lowe.

“This includes everything from impersonating official phone numbers, email addresses, and websites of legitimate organizations to scam texts that appear in the same conversation thread as genuine messages.”

“Hi Mom” and “toll/Linkt” text scams had an explosive growth of 469% in 2022, tricking Australians into losing almost $25 million.

The most significant driver, though, was data breaches, which had a record year in Australia in 2022. 

These security incidents are excellent opportunities for scammers who use them as bait for fraudulent communications with targets.

“In the weeks after the data breaches, there were hundreds of reports to Scamwatch, including reports of scammers impersonating government departments and businesses to carry out identity theft and remote access scams.” - ACCC.

A noteworthy security incident from 2022 that scammers abused was the breach of Optus in September 2022, which resulted in the leak of the personal data of 11 million customers of the telecommunications company.

In October 2022, the Australian Federal Police (AFP) arrested a young Sydney resident who attempted to extort thousands of Optus customers via SMS, demanding a payment of $1,300 not to sell their data to hackers.

The most notable data breach in Australia for 2023 is Latitude Financial, which impacted 14 million customers of the personal loans service provider.

The Australian state approved a bill that amends the country’s privacy legislation late last year, setting a maximum penalty of AU$50 million for firms that suffer large-scale data breaches.