ARN

Australians lost $6 million to scams in 2019

Scamwatch recorded more than 22,000 complaints so far in 2019

Data collected by Scamwatch has revealed that Australians have so far in 2019 lost $6.2 million to scams with the intent to gain citizens' personal information.

Scamwatch is run by the Australian Competition and Consumer Commission (ACCC) and provides information to consumers and small businesses about how to recognise, avoid and report scams.

The amount of reported scams has increased by more than $2 million, if compared to the same period – January to May – last year when the reported amount lost reached $3.9 million.

The number of reports received by Scamwatch between January and May were however not that different with a total of 22,123 reports in 2019 compared to 21,923 in 2018.

According to Scamwatch only 4.1 per cent of reported scams incurred in a financial loss for the five months ending May 2019.

Under the attempts to get personal information scams are hacking, identity theft, phishing and remote access scams.

Hacking cost Australians $2.1 million during the first five months of the year amounting to 3,406 complaints. Remote access scams came second with a total loss of $1.8 million and 4,038 complaints, followed by identity theft which cost $1.7 million and resulted in 4,780 complaints and phishing had the largest amount of complaints, 9,898 but the lowest reported amount loss $505,000.

Both hacking and identity theft had a spike in May in amount lost.

Ransomware and malware, which fall under a different category, cost Australians $73,000 this year with 1,542 complaints.

Data breaches

Australian organisations have reported several breaches throughout 2019, one of the first was revealed in January when ASX-listed MOQ revealed that its subsidiary Skoolbag had detected and responded to a data breach related to the global, internet-wide security incident the Collection#1.

The technology provider stated that it became aware that encrypted login information from the SkoolBag platform was contained within the Collection#1 incident, previously reported by sister publication Computerworld.

Skoolbag is a communications platform used by schools and other organisations. In September 2018, Skoolbag had over 3,000 subscriptions.

In February, a Chinese contractor for Australian financial planner AMP was charged with stealing the confidential data of 20 of its customers. The findings was the result of an investigation after AMP's cyber security staff noticed suspicious activity on the company network in December.

On the same month, a Melbourne heart clinic was hit by a ransomware attack that has reportedly affected the medical files of 15,000 patients. The Melbourne Heart Group-owned clinic, which leased the unit from Cabrini Hospital, was allegedly hacked by a crime syndicate either from North Korea or Russia, according to The Age.

A spokesperson for Westpac confirmed in early June that the bank “detected mis-use” of the New Payments Platform’s PayID feature and “took additional preventative actions which did not include a system shutdown". This was followed by the Australian National University (ANU) revealing a breach in which 19 years’ worth of personal staff, student and visitor data has been accessed.

It is believed unauthorised access has been gained to a huge amount of data including names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, passport details as well as student academic records.

And lastly, the Australian Catholic University was hit by a cyber attack resulting in a number of systems being compromised and the theft of personal data.

In a speech in May, Australian information commissioner and privacy commissioner Angelene Falk stated that some Australian companies have failed to notify affected individuals of data breaches.

"But further regulatory action has been necessary, and I have issued a direction to compel notification where we uncovered a failure to notify individuals," Falk said.

It is worth noting that breaches usually take time, sometimes month to be detected and although the breaches mentioned above were reported in 2019 they did not necessarily took place this year.