In 2020, Australians struggled to stay safe and survive a pandemic that was devastating the world population. As citizens tried to navigate lockdowns and restrictions, scammers increased their efforts to prey on vulnerable targets to access personal and financial data. Criminals used sophisticated methods to impersonate government officials, health experts, business owners and service providers to drain bank accounts and wreak havoc on individuals and businesses. Government agencies, financial institutions and cybersecurity experts have banded together to bring awareness of the scamming activity to the general public. Examining how the illegal activity skyrocketed during the pandemic and which sectors were targeted the most can help improve security and protect the public.

Investment Scams

The shocking headline from the on June 8th, 2021, reads “Taken for $850m Ride”. Scammers stole nearly a billion dollars from Australians in 2020, and the ACCC believes several scams were never reported. The total loss from scammers is expected to be much higher. Of all the crimes reported, investment schemes were the most prolific and accounted for $328 million in losses.

As lockdowns shuttered businesses across the country, more Australians went online to find work, connect with people and research data related to the pandemic. Unfortunately, criminals used social media platforms extensively to lure people into investment scams. Online investment crimes are challenging to prosecute since most attacks are linked to overseas accounts, but the Victoria Police E-crime Squad with help from ASIC were able to arrest a man in Melbourne who had stolen over $370,000 from victims by using stolen passport data and opening several bank accounts.

Romance Baiting

Online dating sites were also highly lucrative for criminals. Romance baiting in 2020 accounted for $131 million in losses. Apps such as Tinder, Badoo and TanTan were used by scammers to connect to victims and convince them to invest in fraudulent enterprises. A brief courting period allowed scammers to gain their victim’s confidence with daily messages and posts on legitimate dating apps. Eventually, the criminal would insist on communicating only on encrypted services like WhatsApp. They would promote investment opportunities and persuade their target to pull funds from their account until it was emptied. The group that suffered the highest losses were 25 to 34 years old, and they reported nearly $7million in losses in 2020.

Payment Redirection Scams

Although individuals suffered the highest losses from hackers, businesses reported significant losses, totalling over $128 million, from payment redirection scams also referred to as business email compromise scams. A company’s mailing list, with email contacts for customers, is a potential goldmine for scammers. A diverse group of companies, including universities, sports clubs, real estate, construction and law, were targeted for contact information.

In one instance, a hacker infiltrated a worker’s email account and stole invoice emails before they were received by the intended recipient. The criminal changed the company’s account numbers on the invoice to their own account in order to receive payments from the company’s clients.

Hackers have also used a fake email address, resembling the address of a company’s president or CEO, to send messages to employees urging them to invest in a new opportunity before it’s too late. Until the slight email mistake is recognised, scammers can grab a considerable sum from the duped workers.

Chinese Authority Scams

Like many of the online schemes that increased by 2020, Chinese authority scams relied on people’s fears of the pandemic to persuade and often threaten victims into sending money. Some hackers impersonated authorities from the Chinese Embassy in Australia, the Chinese Centre of Disease Control in Beijing and Chinese courier companies. The scams would often begin with robocalls directing victims to an online account where a hacker would persuade their targets to pay for medicine, fake vaccines or testing equipment. The reported losses from authority scams totalled $7,044,098 in 2020.

Superannuation Scams

In March 2020, the Australian government announced that individuals under 65 could access funds from their superannuation. After the announcement, Scamwatch reported a drastic increase in phishing scams targeting account information for superannuation. Australians lost $6.4 million from the scams.

Puppy Scams

Although puppy scams are not a new form of theft, the pandemic accelerated the schemes. The isolation experienced from lockdowns persuaded many Australians to find comfort in a new pet. Criminals took advantage of the steep increase in online pet sales and established fake breeding sites and social media ads to attract their victims. Because of the ongoing restrictions, scammers told their victims that they couldn’t meet in person and only provided online pictures of the animals.

After receiving their initial payment for the pet, hackers often contacted their targets repeatedly for more funds. They insisted the animal couldn’t be transported during quarantine orders unless the buyer sent several thousand dollars for virus insurance and safe transportation.

Vehicle Sale Scams

Similar to the puppy scams, vehicle sale scams occurred frequently during quarantine orders. After placing fraudulent ads on social media and publications, scammers would claim that lockdown orders prevented them from showing the vehicle in person. A victim was resigned to sending a deposit to an online account without seeing or driving the vehicle. Autotrader and Facebook Marketplace were often used to place fake ads to make the offers seem legitimate, and cars, campervans and caravans were the most common vehicles listed.

Bushfire Scams

If handling a pandemic wasn’t difficult enough, Australians struggled to control the raging bushfires in 2020. Fake charity websites and online donation sites rose up quickly, and many selfless Australians were tricked into sending relief funds to hackers. After hundreds of reports, the ACCC acted quickly to shut down many of the fraudulent sites.

Mitigation Efforts

The scamming activity in 2020 not only drained accounts but disrupted and devastated ordinary people just trying to survive the pandemic. The ACCC along with law enforcement agencies, financial institutions and security firms have doubled their efforts to bring awareness about scams to the public, minimise threats and increase prosecutions of scammers.

You can increase your online security and protect your financial data by contacting Future IT Services. For Business owners, Future IT Services offers an exceptional cyber awareness training programme to educate employees about cybersecurity and prevent payment redirection scams.