Written by 
Reviewed by 
- The Savvy Promise
At Savvy, our mission is to empower you to make informed financial choices. While we maintain stringent editorial standards, this article may include mentions of products offered by our partners. Here’s how we generate income.
The Covid-19 pandemic has given scammers and hackers an advantage. As remote work pushes more Australians online, the jump in cybercrime hits record-high rates sparking major concerns for businesses and families. Savvy’s online scams report reveals the latest figures and what you can do to protect against cyber attacks.
- The top scam types by amount lost are investment scams ($48,845,514) and dating and romance ($8,101,643)
- New South Wales was hit the hardest with online shopping scams, followed by Victoria
- 43% of cyber attacks target small to medium businesses
- Currently, the total amount lost in scams for 2022 is $72,231,217
- 84% spike in scams since last year
- Top industries affected are education, government, healthcare, communications and software vendors
- Smartphones are the primary delivery method for attacks
- The estimated average cost of cybercrime to the global economy is $445 billion yearly
- One in four Australians have fallen victim to identity fraud
- Cybercriminals can penetrate 93% of company networks
We’re living in a digital era where information and data are more valuable than gold and oil. After 2 years of remote working, online vulnerabilities are escalating with cloud breaches, phishing, account takeover attacks and ransomware among the top concerns.
Optus data breach – October 2022 update
The September 22nd cyberattack on Optus, one of Australia’s biggest telcos, has affected an estimated 2.1 million customers.
According to Optus, some 9.8 million individual records have been exposed and are now reportedly in the hands of hackers.
What data was exposed?
While initially unclear, it has come to light that the data included a broad swathe of personal information, including:
- Names
- DOB
- Email addresses
- Phone numbers,
- Postal addresses
- Drivers’ license numbers
- Passport numbers
- Medicare numbers
It has been reported that 14,900 odd valid Medicare ID numbers were stolen in the breach. On top of that, a further 22,000 expired Medicare numbers were hacked.
In a worrying development, 10,200 individual customer's personal information was posted online by the hackers responsible, along with a ransom demand for some $1 million USD. The ransom has since been withdrawn, leading some to question the sophistication of the perpetrators.
What are the risks?
The main risk for those whose information has been stolen is identity theft. Bad actors would feasibly have enough information to apply for credit cards in the affected individual’s name. This would not only put them at risk of having debts accrued against their name, but also put their credit score in jeopardy, which would affect them for years to come.
How can I protect myself?
Anyone directly impacted should seek replacement documents as soon as possible. Furthermore, contacting credit score companies, such as Equifax, and putting a hold on credit score applications would be advisable.
Hybrid and remote work trend ensures another year of online vulnerability
The virus crisis is fuelling the growth in cybercrime as hybrid and remote work rises. Recent data shows Australians have lost more than $72 million in scams, and we’re only three months into 2022. Compared to this time last year that’s an increase of over $10 million in the first quarter.
Working from home and lockdowns have changed the way Australians use the Internet, with many people investing in their home office using savings or personal loans. The reliance on IoT devices, along with virtual classrooms, online communications, work, study and day-to-day life present new opportunities. But they also come with the responsibility to protect data from being accessed by unauthorised parties.
As malicious hackers switch their focus to online work, we must put stronger access controls in place to reduce scams and prepare for the future.
The sharp rise in cybercrime has targeted education, government, healthcare and medical research facilities. Other industries also at stake include business, communications, software vendors, financial and legal services, and real estate.
Now remote work and cloud use have become accepted in the workforce, it’s imperative that the security gaps within the system are addressed.
Small to medium businesses are most at risk
Small to medium businesses typically have less cybersecurity protection making them more vulnerable. 43% of cyber attacks target SME businesses, according to a report from Australian cybersecurity firm Kaine Mathrick Tech. Even more concerning, only 5% of businesses' data folders are protected.
Businesses of all sizes must have an extensive understanding of where their online threats are most likely to come from, with an action plan on the best way to handle them. Recent research shows that one cybercrime targets Australian businesses every 10 minutes.
Ransomware remains one of the top threats.
In 2022, a ransomware attack occurs every 11 seconds. Last year, the ransomware industry shot up to a whopping $20 billion. A report by Privacy Australia revealed mobile ransomware attacks are also up by 33%.
Phishing, hacking, remote access scams and malware are ongoing concerns too – on and offsite, in the office and at home. Scamwatch data shows the main delivery methods for these attacks are smartphones and email.
The problem is, many SME businesses don’t have the budget for cybersecurity. A quieter than expected economy could be to blame for the lack of spending, making business owners increasingly worried about the emerging threats.
Hackers and scammers are getting more ambitious and bolder in their attempts, targeting online activities to take advantage of people in all occupations and from all walks of life. It’s no longer only necessary to set security measures and forget about them. Preventative actions, multi-layered approaches and regular assessments are key to staying ahead.
The true costs of cybercrime
According to Scamwatch, the highest scams are investment scams and dating and romance, totalling over $56 million. Followed by false billing ($3.5 million), online shopping scams ($1.8 million) and identity theft ($800k).
New South Wales ($21 million) and Victoria ($16 million) are the states most impacted by online shopping scams, with Queensland ($12 million) and Western Australia ($11 million) not far behind.
Australians aged over 65 reported the greatest losses to scams since January totalling over $17 million. Other age groups most at risk are 25 to 34 and 35 to 44 year olds. Scams and reports by Australians under the age of 18 also increased by over 50%. Women lost more money to scams totalling over $36 million, compared to $35 million lost by men.
Who’s behind data breaches?
The majority of cyber attacks are triggered by insiders, outsiders, business partners, organised crime groups and affiliated groups.
According to a data breach report by Verizon, outsiders are the biggest culprit (70%) followed by organised crime groups (55%) and insiders (30%).
Zero Trust
2022 is the year of deep suspicion. Zero trust is an approach that shifts people away from the classic, ‘trust but verify’ cybersecurity adage. Over the years it’s evolved to the opposite – ‘never trust, always verify’, reminding people that no one is safe from cybercrime in this digital age.
These safeguards use an initial authentication, under an additional layer of security requiring multiple factors to access. All users inside and outside of an organisation are required to authorise their access with a zero trust strategy, allowing the least privileged entry.
This approach is critical to:
- Mitigate financial impact
- Reduce the average cost of data breaches
- Prevent identity theft
- Restricts access controls, without compromising performance and user experience
Cyber risk management should be a top priority in 2022
If 2021 has taught us anything, it’s that cybersecurity continues to be one of the biggest challenges of our era.
With the everyday obstacles of Covid-19, cyber risk management has taken a backseat. 2022 will still see many people working remotely making it a top priority for businesses and households to identify, understand and manage security concerns.
How to stay safe from financial scams
As the cost of cybercrime continues to rise, more organisations will need to invest in cybersecurity to protect their in-house and remote teams.
People can expect more attacks on their smartphones, home computers and networks with cybercriminals taking advantage of security holes. The rush to the cloud and increase of IoT devices will also cause challenges.
Businesses and families can protect themselves by managing their biggest risks and the culprits that make people vulnerable, such as a lack of established protocols and unsecured networks.
Implement prevention-based security solutions in your home, business and on the go. Make sure you:
- Know what devices you have and the vulnerabilities that can be exploited
- Understand what data is regulated, private and sensitive
- Provide comprehensive and current cybersecurity training and education to staff
- Update hardware and software regularly
- Revisit risks and priorities
- Secure all networks
- Use multifactor authentication and control access
- Watch for SMS phishing and lookalike sites
- Check for data leaks with software
- Download carefully
Did you find this page helpful?
This guide provides general information and does not consider your individual needs, finances or objectives. We do not make any recommendation or suggestion about which product is best for you based on your specific situation and we do not compare all companies in the market, or all products offered by all companies. It’s always important to consider whether professional financial, legal or taxation advice is appropriate for you before choosing or purchasing a financial product.
The content on our website is produced by experts in the field of finance and reviewed as part of our editorial guidelines. We endeavour to keep all information across our site updated with accurate information.
