A Sydney couple purchasing an investment property were scammed close to a million dollars in the final stages of settlement by way of an email pretending to be from their own lawyer.

The unsuspecting couple transferred the funds at the request of the impersonators, believing the payment necessary to finalise their ownership of the property.

It was only when the payment failed to appear in their lawyers bank account did they realise they had been swindled.

Only a small fragment of the funds have been recovered.

This scam is known as a business email compromise (BEC) scam.

BEC scams are an increasing and prevalent form of Cybercrime in Australia.

Cybercrime in Australia

Cybercrime refers to a range of criminal activity which involve computers and computer networks.

Crimes include fraud, identity theft, dealing with the proceeds of crime, and stalking and intimidation.

The global economy's dependence on information technology platforms has increased the scale and sophistication of malicious cyber activity.

The cost to the Australian community is measured conservatory at over $ 3.5 billion dollars a year according to a report commissioned by the Australian Institute of Criminology.

What is Cybercrime?

The term 'cybercrime' covers both criminal activity that is directed at computers or other information and communication technologies; and crimes where such technologies are used for an offence like online fraud or abuse.

Examples of activity that is directed at machines include hacking, spreading viruses and other malicious software and denial-of-service attacks.

These are 'pure cybercrimes'.

Whereas crimes using the machine are typically crimes that are possible without the use of computers - such as fraud, stalking and harassment, identity theft etc.

These are 'cyber-enabled' crimes.

The focus of this article however is the former : pure cybercrimes.

Pure Cybercrime

There are various types of cybercrimes which target individuals, businesses, even the government.

There are three primary categories of pure cybercrime.

  1. Computer Access Crimes.

These occur where cybercriminals are able to access a computer or network without permission, and subsequently obtaining one's personal information such as address, credit card numbers, documents or personal photos or videos.

  1. Computer Disruption Crimes.

This activity targets computer systems and networks in such a way to cause them to slow down or cease working completely.

Someone may even be blocked from using their device or files through encryption techniques.

These attacks may include a ransom message demanding payment in exchange for the system to be restored.

  1. Computer Malfunction Crimes.

This involves a malfunction of the computer or its network that does not involve a complete disruption to the computer system.

What are the Most Common Forms of Cybercrimes ?

  1. Phishing

Phishing is the most common form of cybercrime.

It is a form of online fraud that almost everyone has encountered at one point or another.

It involves scammers posing as large organisations such as the Australian Taxation Office, or financial intuitions by sending emails or texts which contain a link to a fake website.

If you follow the link and the prompts, cybercriminals can steal your personal information.

  1. Identity theft

Identity theft has become a common occurrence in Australia.

This is where cybercriminals are able to gain access to someone's personal information. Often this information is on-sold to buyers over the dark-web. Those buyers use then use the personal information to open bank accounts and apply for credit.

  1. Hacking

'Hacking' is also one of the most common offences and involves unauthorised access to computer systems.

This usually leads to ransomware, which some business will pay to avoid the shame of reporting that their systems where successfully hacked.

  1. Denial-of-service

Denial-of-service or DOS attacks are usually targeted at high-profile organisations such as banking, media or government agencies.

They are intended to shut down networks or deny access to its users.

In 2020, Australian businesses and governments were targeted by DOS attacks.

The level of sophistication required is much higher, thus leaving the Prime Minister accusing a foreign Government to be behind it.

Transnational Cybercrime

Cybercrime is transnational and requires international co-operation between authorities if it is to be prevented and offenders apprehended and prosecuted.

The Convention of Cybercrime of the Council of Europe, more commonly known as the 'Budapest Convention' , provides an international standard to prevent, deter and detect cybercrimes.

The treaty places a binding obligation on its member countries to develop and implement domestic laws that are built upon the standard which the Convention has laid down.

As each member of the treaty adopts the Convention's policies into their own domestic laws their legal powers become aligned.

This makes it easier for countries to meet their obligation to cooperate with each other on criminal investigations and prosecutions and to ensure that law enforcement extend their reach across most jurisdictions.

Who Investigates?

The responsibility to detect, prevent, disrupt and respond to cybercrime rests with the Australian Federal Police (AFP) and State and Territory police.

The AFP is concerned with investigating threats against Commonwealth Government departments, and information systems of national significance such as the banking and finance sector.

For investigations relating to individuals, it is the responsibility of state police to investigate these crimes.

Where there is a cross over between fraud against an individual and an organised attack against banking systems the AFP and state police will work together.

Are Cyberattacks Frequent?

Since the Australian Cyber Security Centre launched ReportCyber on 1 July 2019 there have been more than 59,806 reports of cybercrime.

That is 164 reports per day.

This figure represents:

  • 39% fraud crimes
  • 32% identity crimes
  • 22% cyber abuse
  • 3% online image abuse
  • 2% devices

Protecting yourself against Cybercrime

The total economic impact of pure cybercrime in 2019 was approximately 3.5 billion dollars.

As cybercrimes grow in scale and sophistication it is important to do all that you can to practice good cyber security.

There are a number of things you can do to protect yourself against cybercrimes:

  1. Ensure you have strong passwords and never use the same password across multiple online accounts;
  2. If you are connected to a public wifi do not visit online banking websites;
  3. Limit the amount of personal information that you post online, including identifying friends and family;
  4. Never allow someone to access your computer remotely;
  5. Be cautious with unsolicited requests for personal information, over email phone or SMS;
  6. Research websites and reviews before making payment for goods and services online.

Is it possible to get my money back?

The AIC reported that in 2019, victims of cybercrime lost $1.9 billion dollars.

Of that, only $389 million was recovered.

Getting your money back is rarely an option; however you may be able to mitigate further loss if you act quickly.

  1. Report the scam to the authorities
  2. Contact your financial institution and explain the situation
  3. Change your online passwords
  4. Recover your stolen identity - contact iDcare
  5. Apply for a Commonwealth Victims' Certificate

Reporting

You should direct your report to the relevant authority depending on the nature of the incident.

Banking Your bank or financial institution
Government scams Department of Human Services Scans and Identity Theft
Cybercrime ReportCyber
Financial and investment scams Australian Securities and Investments Commission
Fraud and theft NSW Police
Cyberbullying Office of the eSafety Commissioner
Tax related Scams Australian Taxation Office

You should not report if there has been no loss of personal information or money.

If you have identified a scam website, phone call or email you can make a report at Scamwatch or the ACMA.

You can contact a criminal lawyer to speak about the further specifics of cybercrimes and the law in Australia.

If you would like to report fraudulent, incorrect or misleading online content from an Australian business, or a website purporting to be an Australian business you should report it to the ACCC.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.