Every story of hard-earned savings being lost to a scammer is heartbreaking; the paychecks lost and the difficulty in telling family and friends.
Scam victims should know that behind their stories is a sophisticated operation of tech savvy, white collar criminals who are creating an attack chain across the different services Australians use every day.
To tackle organised crime, we need to understand how it operates and, as the Assistant Treasurer Stephen Jones said in his National Press Club Address on Wednesday, find the gaps in our defences.
Step one for a scammer is to build infrastructure to receive funds, through offshore or onshore bank accounts, as well as cryptocurrency or other financial platforms.
Step two is to create a believable fake persona or business to create legitimacy in the eyes of their target. It requires layers of deception, through fake social media profiles, business websites, and even ABNs.
Step three is to make contact with potential victims. According to Australians’ reports to Scamwatch in 2023, text message remains the most popular method of choice for scammers (34 per cent), followed by phone call (27 per cent).
The Assistant Treasurer is right to identify that social media companies play a critically important role. Yet a closer look at the ACCC’s data reveals that 5.8 per cent of contacts came from ‘online forums’, which includes a much wider range of websites including professional trading websites, of which social media is a quantifiably unknown subset.
That is to say, we must focus on social media but a singular focus will not be the scam-busting silver bullet that we all desperately seek.
While scammers will move seamlessly across limitless numbers of online forums, their final step always involves theft through financial services, after securing the victim’s financial information. In 2023, bank transfer was the most reported payment method with $212 million in reported losses, followed by cryptocurrency at $171 million, compared to $10.4 million on credit cards.
Scammers must be stopped at every step of their game, on every service across the economy they exploit.
That’s why, last week, the Digital Industry Group Inc (DIGI) released the Australian Online Scams Code, a new code that creates a blueprint for anti-scam best practice in the digital industry. So far it has been adopted by Discord, Google, Meta, Snap, TikTok, Twitch, X and Yahoo, and is open to any relevant company, large or small, that wants to join the fight against scammers.
While the code was not acknowledged in the speech, it includes the same measures that the Assistant Treasurer said are needed. Signatories to the code are committing to detect and block suspected scams, provide a simple and quick route for users to report them, and quick action to take down verified scam content and scammers. There are also commitments related to the verification or authentication of financial services advertisers, and the screening of advertisements for suspicious or changing content.
Signatories’ work in these areas long predates the new code, but it represents a direct declaration on scams from global companies to protect the Australian public.
With still no firm timetable for the introduction of government’s anti-scam legislation, the code is an important – albeit voluntary – step towards the promised pre-election social media scams code, when a mandatory code is unlikely to be in place until late 2025. While the scope of the voluntary code broadly aligns with the government’s intended mandatory code, it adds email in an evidence-driven approach that reflects its 22 per cent prevalence as a contact method.
DIGI provided relevant offices with opportunities for feedback on the draft code, and will continue to work constructively with the government in the fight against scammers. Signatories have also committed under the code to contribute to broader counter-scam efforts with Australian law enforcement and intelligence sharing with the government’s National Anti-Scam Centre.
A wide lens of the online environment, and the scams ecosystem, is needed to protect Australians. While most mainstream digital services are committed to removing scams, not all online forums have that inclination.
Today, ASIC has takedown powers over only investment scams; expanding this scheme to other scams such as impersonation and employment scams is a no-brainer for the upcoming legislation.
Communications Minister Michelle Rowland’s Sender ID Registry to prevent imitation of trusted brands and services via phone could be a gamechanger. As scam losses always occur through financial services or the exchange of cryptocurrency, other countries like the UK have focused their interventions on banks for the widest consumer impact.
Blame shifting to different players in the attack chain won’t save Australians from scammers. But if every industry in scammers’ sights steps up their efforts, and they also work collaboratively to bolster our collective defences, we can help make Australia a harder target for scammers.
Sunita Bose is the managing director of the Digital Industry Group Inc (DIGI)
Do you know more? Contact James Riley via Email.