Every 10 minutes, cybercriminals are preying on Australian businesses and individuals, leaving some people tens of thousands of dollars worse off.
Max, who doesn’t want to use his real name, lost $66,000 when he transferred money to what he thought was a legitimate bank account.
The 65-year-old self-funded retiree said he contacted a dealership about buying a 2019 Ford Mustang GT Fastback, and soon after received an email that appeared to be from the sales manager with instructions on how to pay.
“I got an email with the invoice and the bank details were attached to that email,” he said.
“Everything looked OK and authentic.”
Max transferred the money, but when he contacted the dealership the next day, he was told they hadn’t received the cash.
“I then questioned them about their bank details and was told their bank was Westpac in Melbourne, I had sent the money to ING in Sydney,” he said.
There are a number of ways this could have happened.
It’s possible a cybercriminal got into the dealership’s computer network and sent the email, or Max’s email account could have been hacked.
Max contacted his bank and it launched an investigation, but he said someone had already taken the money.
“They are probably on the Riviera eating caviar and drinking champagne.”
‘There are more spiders than ever on the world wide web’
Stories of online criminals sending emails that look legitimate are all too common.
There have been more than 13,500 reports of cybercrime from individuals and business to the Australian Cyber Security Centre (ACSC) in the past three months, which equates to one case being referred every 10 minutes.
The actual figure is thought to be even larger, because the data is based on victims self-reporting.
The head of the ACSC Rachel Noble said the threat is “pretty high,” and the perpetrators vary but that “there are more spiders than ever on the world wide web”.
“They can be anything from young teenagers to highly organised criminals who are using the same sort of method of operations,” she told the ABC.
It’s the first time figures have been released under the new system, which replaced the Australian Cybercrime Online Reporting Network in July this year.
“We’re able to get a much clearer picture than we ever have before on where these reports are coming from by state and territory, the nature of the types of reports … so that we can start to see patterns.”
“That’s going to be powerful to try and fight this, to go after the offenders.”
What crimes are being carried out against individuals?
The most common type of cybercrime reported was online fraud, which includes romance and bank scams.
Romance scams involve a criminal building an online relationship with a person over several months before convincing them to transfer money for medical treatment or necessary goods.
Bank scams in this case refer to when a person is sent a text or email that appears to be from their bank, requesting login details to fix a problem.
If the person obliges, it allows the cybercriminal access to the account so they can steal money.
Identity related offences were the second most common type of cybercrime reported: where a criminal opens a bank account in someone else’s name.
A recent survey by the ACSC found people lost $700 on average to cybercrime, and two thirds of those victims were aged between 25 and 34 years.
Ms Noble said the ACSC will take a look at why that is the case.
“I am concerned there is a target age group there, it might be that younger people use the internet more than older people,” she said.
Problems facing businesses
Ms Noble said “email compromise” is one of the top issues being reported to the ACSC by businesses.
“This is when a criminal hacks into a corporate email account and pretends to be a legitimate employee and sends an email to another employee who might be in the finance department whose usual business is to make online transfers or online payments and trick them into making an online payment to the criminal,” she said.
Ms Noble said ransomware is also a large problem for many organisations.
“That’s when criminals stop your business from being able to run by seizing up your computer system and making you pay a large sum of money to get your computer system running again.”
It is estimated that cyber security incidents cost Australian businesses up to $29 billion every year.
‘Be cynical’
As today marks the beginning of Stay Smart Online week, Australians are being urged to be more aware of what they do online.
Ms Noble said there are simple steps that everyone should abide by.
“When your iPad or iPhone sends you a link saying ‘would you like to update your software now?’, click yes and do it now.”
“Also using different passwords in different apps and making sure that those passwords aren’t easy to guess.”
“Try to be a little bit cynical and a little bit suspicious when you are shopping online or when you purchase offers that actually sound too good to be true.”