What is Australia doing about scams? The ACCC’s 3 pronged approach

The Australian Competition and Consumer Commission (ACCC) has proposed a “three-pronged approach” to ensure Australia will no longer be an attractive target for cyber criminals and to enhance operations designed to disrupt and prevent scams.

In a keynote address to the Law Council of Australia’s 2022 Consumer Rights Forum, Gina Cass-Gottlieb, current chair of the ACCC outlined the ACCC’s three-step plan:

• Disrupting the means by which scammers contact would-be victims – whether through phone calls, SMS, email, social media.
• Better educate consumers so that if a scam contact makes it through to them, they are able to recognise it as a scam.
• Put measures in place so that if a consumer is convinced to attempt to transfer funds to a scammer, there is a safety net there to prevent this from happening.

What is the size of Australia’s scam problem?

The ACCC reports that in 2021, Aussies lost almost $1.8 billion in combined scam losses according to data from financial organisations, other government agencies, ReportCyber and Scamwatch.

Once we consider the fact that about a third of scam victims don’t report their losses, the real figure lost to scams in 2021 was well over $2 billion.

This financial figure does not take into account the emotional toll and the life changing consequences that can result from these scams and their impacts on individuals, families, and businesses. Scams target people of all backgrounds, ages and income levels.

However, according to the ACCC, it is Australia’s most vulnerable who are at most risk. Indigenous Australians, older Australians, people from culturally and linguistically diverse communities, as well as people with a disability, have lost “far more than ever before” to scams.

Australia’s most popular scams

The most recent scam report  from the ACC details more than 20 different scam types, primarily based on reports made to its Scamwatch agency.

Some scams are perennials. Topping Scamwatch’s list are investment scams, dating and romance scams, false billing, remote access scams (convincing you to allow access to your computer or phone), and threats or blackmail.

Leveraging trusted brands for scams

A recent Checkpoint report (Q2 Brand Phishing Report) pointed to the use of fake branding for trusted sites to trick people into providing credentials that could then be used for identity theft.  Social media platform LinkedIn topped the list, continuing its reign as the most imitated brand after entering the rankings for the first time in Q1.

Scams are initiated by imitating the style of communication from LinkedIn with malicious emails using subjects like: ‘You appeared in 8 searches this week’ or ‘You have one new message’ or ‘I’d like to do business with you via LinkedIn’,” the CPR researchers said

According to CPR researchers, while LinkedIn’s share has dropped slightly, down from 52 per cent in Q1 to 45 per cent of all phishing attempts in Q2, it is “still a worrying trend” that has revealed the ongoing risks facing users of the trusted social media platform.

Other trusted brands in the top 10 for misuse include DHL, Microsoft, Netflix, Adidas, Adobe, and HSBC.

What can be done to prevent scams?

The ACCC has been working closely with the telecommunications sector, to help stop known scammers sending SMSs.  They are also trialling a website takedown project, based on identified and verified phishing web sites.

The ACCC has also been very active in the education space making a range of information available.  It maintains a Scamwatch website which helps consumers  learn how to recognise, report and protect themselves from scams.

Scamwatch contains information for consumers and small business including:

• the most common scams
• victims’ stories
• golden rules to protect yourself
• sign up for email alerts
• where to report a scam.

Some of their advice for consumers is pretty straight forward:

• If something seems too good to be true, it probably is. If you have any inkling you may be being scammed, the best advice is to stop and think.
• If you are being asked to move money, make an unexpected payment or send personal information to someone, stop.
• If you are being asked to provide information or take some action, contact the organisation involved using a number you already have (bank statement, credit card etc) or find the number yourself.

There are also signs of other new ‘best practices’ emerging in scam-prevention initiatives.  These include:

• implementation of live-video verification that customers’ match their photo identification documents, such as licences or passports, that they’re providing as part of know your customer checks.
• mandatory phone calls from company representatives to senior Australians opening accounts on cryptocurrency exchanges to ensure they are not being coached or scammed into transferring money to the exchange.

Conclusion

Of course, responses will need to continue to evolve, just as the scammers continue to evolve in their approaches and tricks.

To truly take on scammers, a combined effort is required, between government, consumer groups, the financial services sector and the telco sector. Emphasising it is a community effort to disrupt scammers, “so the losses don’t occur in the first place”, direct protection of consumers is Cass-Gottlieb’s main priority as cyber attacks and scam activity continue to rise.

Reach out if you need help with cybersecurity or privacy awareness training for your organisation. We’d love to help.