Rocky breach

The first quarter of 2023 has seen a rocky start for cyber safety. It has felt sometimes that you could not open a news source without a headline screaming ‘scam’ or ‘Beware! Online predators’. 

The ABS researches the prevalence of scams and our responses to it however, they are a year behind. We have only just received the report that analyses personal fraud data for 2021 – 2022 financial year.

In that year, 2.7% of the Australian population (not including people under 15) were exposed to a scam, which was up 10% from the previous year of reporting. However, scam victim numbers had decreased which suggests that maybe, as a population, we are improving our ability to detect a scam. 

Scams come under the personal fraud banner and are close neighbours with identity theft, card fraud and online impersonation. But in this piece, we are focussing on a recent uptick of particular scams, those that are detrimental to a functioning society built on trust, that is beelining for technology that brings convenience and order to our busy lives. We want to trust online services and apps but we need to practise discernment and caution over mindlessness and flippancy. 

Let’s focus on the brushing scams that have infiltrated letterboxes over the last few months. A brushing scam, as reported by the ABC website, “… is when online retailers send unsolicited items to real people to generate reviews and boost their online presence.” When people were receiving unsolicited, fake luxury items, like a #Cartier ring or a #Burberry scarf that they did not expect or order, alarm bells started ringing. Usually, the gift has come from a third party retailer using big name online platforms, like Amazon or Ebay, to solicit a favourable review, that will help push their brand presence to the top of a product search. It’s scam meets fraud because they have your name and address details and are using them fraudulently to create brand recognition. Which is almost harmless but is also a potential red flag for future scams and a warning for criminal activity being done in your name. 

Anecdotally, my friend received a scarf in the mail. She didn’t think much of that however, that unsolicited gift was followed by her name and Google profile being used for a negative, online review in a big retail store, claiming sexual harassment. It was slander for the brand of the store and the store did not know it was fake and called the customer to apologise and check if they were okay. They asked if they would like to submit a formal complaint in response. The “complainant” had no idea that there had been a review in their name and their actual name was publicly displayed on the store’s Google profile. This same person is a frequent online shopper and also had identifying details stolen in both the Medibank and the Optus privacy breaches. It is difficult to know which of these sources of data is responsible for the scarf or the online review. The real issue here is that she can’t start over, her address remains the same, her name hasn’t changed. Yet other people are using it for all sorts of activity without her consent. 

You can report a cybercrime, incident or vulnerability for an individual or a business at The Australian Cyber Security Centre’s website here and you should if you can because according to those previously accessed stats from the ABS, 40% of cybercrimes are going unreported and we won’t know or understand the damage, financially or psychologically if we don’t have the true data to analyse in the future.