When she queried the instructions, Hiroko was reassured that her laptop contained a unique code known only to Microsoft and that the three keystrokes opened a screen that would confirm the code. Hiroko still wasn’t sure, but the caller was insistent and his warnings sounded plausible. When she asked where he was calling from, he told her Melbourne, although the voices in the background made it sound like an overseas call centre.

A highly skilled professional, Hiroko didn’t know what to do. She asked to speak to a supervisor, who sounded annoyed and kept repeating the same instruction to type a sequence of three keys. She started to panic. Scammers trade on panic. Through the use of spyware and keylogger software, they attempt to steal passwords and other personal information for the purpose of identity theft or to break into a victim’s bank accounts.

In the end, Hiroko did what she was told – but a friend arrived while she was still on the phone and quickly turned off the laptop. The thwarted scammer punished Hiroko by locking her out of her machine. Her new laptop was rendered useless, but it could have been worse.

More than 60,000 scams have been reported to the Australian Competition and Consumer Commission’s Scamwatch website, one of the agencies that receives reports; more than $35 million in losses has been recorded already in 2019.

“This is organised crime,” says Dr Stephen McCombie, a senior lecturer in cyber security at Sydney’s Macquarie University. “It is highly profitable, with minimal risk of arrest. Russian and Ukrainian groups mastered the use of cyber for committing fraud back in 2003.” Retail bank customers were their first target. “Since then the Nigerian fraud gangs and others have joined in but the early work was done by the Eastern Europeans, who had both the skills and the money- laundering networks.”

The ACCC’s Scamwatch website tracks reports made to it on a monthly basis and provides information to consumers and small businesses about how to spot, avoid and report scams. Its website shows that in 2019 phone scams were far more prevalent than any other form, although the total financial value of email scams was higher.

Not surprisingly, perhaps, investment scams represent the largest category (accounting for more than $14 million already in 2019), far ahead of online shopping scams, identity theft and “remote access scams” like the one that almost caught out Hiroko.

McCombie, who spent 14 years in the NSW Police as a detective and played a key role in setting up its first computer crime investigation team, says that Australians have long been a favoured target for overseas scammers. “The reason Australia was targeted in the early days was that we only had four major banks, so the chances of spam getting to a customer of one of them was high,” he says.

McCombie says that Australian bank customers were among the first to transfer money via the internet, which made them an attractive target for scammers.

An early paper on the subject, co-authored by McCombie and entitled “Russia, Ukraine and Global Cybercrime: The Australian Perspective”, notes that “with the entire internet connected world to choose from, Eastern European cybercriminals chose Australia as their first target”.

In recent years Australians have been scammed out of huge sums. The ACCC’s new Targeting Scams report revealed that reports to all agencies showed Australians had been ripped off to the tune of $489 million in 2018 – a jump of $149 million over the previous year. Launching the report, the ACCC’s deputy chair, Delia Rickard, said that scammers were “adapting old scams to new technology, seeking payment through unusual methods and automating scam calls to increase their reach to potential victims”.

In April more than 40,000 Australians were targeted by overseas-based phone scammers pretending to work for the Australian Taxation Office. The scammers demanded payment for fictitious debts (such as taxes, hospital bills and utility bills) in App Store and iTunes gift cards.

According to the ATO assistant commissioner, Gavin Silbert, the scammers were using commercially available “spoofing” technology to mimic ATO phone numbers, so that when people who missed the calls rang back they were put through to the ATO’s offices.

Coles and other major retailers put up signs at cash registers warning customers about the scam, while Apple’s Australian website even described the scammers’ modus operandi: “The victim receives a call instilling panic and urgency to make a payment by purchasing App Store & iTunes Gift Cards or Apple Store Gift Cards from the nearest retailer... after the cards have been purchased, the victim is asked to pay by sharing the code(s) on the back of the card with the caller over the phone.”

A sign in the Coles Supermarket at Dee Why in Sydney warning customers not to become a victim of gift card scammers.

Individually, the amounts stolen were small, but the scammers raked in more than $1 million in total. Older Australians, often perceived to be wealthier and less internet-savvy than younger people, are especially at risk of being scammed. Scamwatch shows that victims in the 55-64 age group are robbed of significantly more money than those in other age groups.

While women report many more scams than men, when it comes to the amount of money stolen the proportions are reversed, with men accounting for around 53 per cent of losses in 2018.

Few internet users have not opened their inbox at some time or other to find that they have “won” a lottery and need only to type in their bank details in order to receive the prize. Last year, Scamwatch documented losses of nearly $3 million in “unexpected prize and lottery scams”. But this figure was dwarfed by the $25 million plundered in “dating and romance” scams, often originating in West African countries such as Nigeria, Ghana and the Ivory Coast.

One well-known scam involves emailing an unsuspecting recipient about “winning” a lottery in an attempt to extract their bank details.

“The police, both state and federal, do not have the resources to investigate all these crimes”

Known as “catfishing”, this type of scam typically starts with a meeting on an online dating site.

The scammer might spend months establishing an online relationship, perhaps promising to visit (but never boarding the plane), before asking the victim for money or credit card details, usually on the pretext of a personal emergency. To the scammer, the sole purpose of the “relationship” is to extort money, but for the victim the emotional cost of the betrayal can be even more traumatic than the financial loss.

Australian police are aware of such scams but have little power to stop them. “The police, both state and federal, do not have the resources to investigate all these crimes,” McCombie says, adding that the international nature of cyber crime “makes prosecutions difficult if not impossible”. Fraud, he points out, has always been an area where police resources have lagged behind, with the public preferring to see police investigating violent crime. “Policing is about prioritisation,” he says. “But of course the criminals know this too.”

Personal vigilance remains the best protection against scammers. Jeff*, a Sydney-based IT consultant who acted as treasurer of his local cricket team, received an unexpected email last year from a fellow club member asking him to confirm the club’s banking details. “I had spoken to him earlier that day and the subject of banking details had not been mentioned,” he says. “It was only when I looked more closely at the email that I noticed a single wrong letter in the sender’s address.”

This time the scammer didn’t get away with it.

*Names have been changed

-

Content produced in association with Commonwealth Bank. Read The Australian’s policy on commercial content here.

More related stories

Technology

Disney axes cultural content warnings for Australian viewers

The 102-year-old film studio has dumped content warnings before its classic animated movies as it seeks to align itself with Donald Trump’s anti-diversity policies.

Read more

Leadership

AI trailblazer shaping the future of work

Paul Chan’s journey from waiting tables in his father’s famous Chinatown restaurant to the futuristic world of agentic AI is a story of bold reinvention.

Read more