Amid evolving cybersecurity threats during the pandemic and the fear of compliance audit failure, a research released in October 2020 by cybersecurity firm Thycotic had highlighted that 66% of organizations in Australia were planning to increase their cybersecurity budgets in the coming 12 months. Although this may still be in the implementation phase, a new report from the Australian Competition and Consumer Commission (ACCC) for the year 2020 has sounded the alarm for immediate recognition of these cybersecurity gaps. It revealed an 84% surge in identity theft scams and 75% in phishing scams, respectively.
The ACCC Scams Report 2020
According to the report, Scamwatch, one of the official reporting mechanisms for any scam, recorded a total of 444,164 scam reports in 2020, costing Australian citizens and businesses a total of AUD 851 million. Out of this, AUD 128 million was lost to business email compromise (BEC) alone. The other significant scams included losses of AUD 8.4 million to remote access scams and AUD 3.1 million to identity theft.
When it came to determining the most common payment method used in these scams, bank transfers topped the list with AUD 97 million losses. However, with blockchain technology been proven effective for secure online transfers and used extensively for cryptocurrency payments, Bitcoin and other cryptocurrency payment methods ranked second on this list with losses amounting to AUD26.5 million.
Another target-specific revelation from the report was that scammers were mainly focused on scamming the elderly people owing to their lesser knowledge of the latest technologies and their corresponding SOPs. Those aged above 65 years reported losses of nearly AUD 37.7 million.
Phishing and Impersonation Scams Spread Faster than Bushfire
In Australia, bushfires are a common phenomenon and take place every year despite concentrated efforts from the government to solve this issue. However, in 2020 the country saw one of the worst bushfire seasons where 33 lives were lost, around 3,094 houses destroyed, and nearly three billion animals impacted by this raging river of fire.
Therefore, to help the people fighting it out on the frontline, many organizations set up online donation gateways on their respective websites. However, scammers took advantage of this situation too. They intruded on the legitimate donation collecting websites and compromised them by inserting MageCart scripts and exfiltrating donors’ payment information. The ACCC’s Scamwatch report confirms these incidents from last year as it also reportedly received over 330 bushfires-related Scamwatch reports through its website.
Compared to 2019, remote access scam-related losses increased to more than 74% to AUD 8.4 million and threat-based scam reported losses increased more than 178% to AUD 11.8 million. The reporting to Scamwatch in 2020 saw 8,691 scam reports attributed to hacking, 3,885 to ransomware and malware, and 44,079 reports of phishing.
Although an increase of 11.3% in phishing scams was recorded during the reporting period, the most impersonated entities in 2020 remained more or less unchanged in 2019: Telstra, NBN Co, government organizations, the big four banks, and package delivery companies like Amazon. Online payment platforms like PayPal and OTT platform Netflix also made to this list.