Australia’s new scam prevention draft is welcome – but it needs to be broader in scope
- Written by Mohiuddin Ahmed, Senior Lecturer of Computing and Security, Edith Cowan University
The federal government is stepping up its fight against scams, which last year cost Australians more than A$2.7 billion.
On Friday, the federal treasury released a draft scam prevention framework. The government said the plan is:
an economy‑wide reform to protect the Australian community from scams. It takes a whole‑of‑ecosystem approach to reduce gaps which scammers can exploit.
Many of the measures it includes are designed to put more responsibility onto social media companies, banks and telecommunications companies. This is a welcome move which favours the victims of scams.
However, the increasing sophistication of scams using artificial intelligence (AI) technologies presents an ongoing challenge. The framework also needs to be broader in scope if it is to achieve its aim.
A popular target for scammers
A scam is a criminal scheme designed to deceive someone and steal their personal information and money.
Australia is a popular target for cyber criminals from all around the world. In 2023, there were more than 600,000 scam reports in Australia. This was an 18.5% increase from the previous year.
In total, these scams cost Australians more than A$2.7 billion.
However, this figure is only from reported scams. There are certainly many more unreported ones, too.
Worryingly, new technology is being weaponised by scammers. Recent advances in AI and deepfakes will continue to bring newer variants of scams.
A focus on organisations, not victims
The proposed scam prevention framework in Australia seeks to encourage organisations to stop scams before they happen.
The framework applies to banks, social media platforms and telecommunication companies and requires them to identify, filter and stop scam-related content and transactions.
For example, search engines and social media platforms would be required to authenticate and verify the identity of business users and advertisers. This is aimed at preventing the proliferation of scam advertisements and scam accounts.
Companies that fail to prevent scams would incur a maximum A$50 million penalty.
The proposed framework doesn’t include a requirement for banks to reimburse scam victims. However, the framework imposes a transparent dispute resolution system.
Even before announcing the new anti-scam framework, the federal government was emphasising the importance of cyber security.
This government was the first in the country’s history to introduce a minister for the cyber security portfolio (a position currently held by Tony Burke). It has also launched initiatives such as the $58 million National Anti-Scam Centre.
Other jurisdictions have also been upping their efforts to tackle the problem of scammers. For example, in the United Kingdom banks are supposed to refund scam victims. However, recent changes will favour banks by reducing the maximum reimbursement amount from £415,000 to £80,000 (A$812,000 to A$156,000).
Will it work?
The A$50 million penalty will force banks, telcos and social media companies to improve their scam-fighting tactics, techniques and procedures.
However, in the event of a scam, just blaming these three types of organisations without a transparent investigation will not necessarily help scam victims. Instead, it may just become a courtroom drama in which government prosecutors and corporate lawyers battle it out over whether a fine should be imposed.
It is important to focus on the entire ecosystem of scams. Most start by criminals accessing the contact details of a person, such as their mobile phone number.
Text message-based scams were the most reported in 2023 and scam calls resulted in the highest reported losses of all scams (A$116 million).
Criminals get access to mobile phone numbers in several ways. The most common methods include the dark web, automatic random number generators and simple Google searches.
For example, well-respected members of the community who provide voluntary services – such as Justices of the Peace – have their mobile numbers publicly accessible. Some of these people are senior citizens who are often targeted by scammers.
It’s also possible for scammers to access personal data shared with and stored by various companies in today’s digital economy. So, we cannot just say it is always the responsibility of a bank, social media platform or telco to fight scams.
Instead, we need to look at the entire end-to-end pipeline of scams – and hold everyone who is a part of that accountable.
Immediate steps
The federal government’s draft scam prevention framework is open for public consultation for the next three weeks. In the meantime, there are steps people can take now to ensure they are better protected against scammers.
Above everything, be very careful with sharing your personal contact details, such as your phone number or email address. You can also access many resources which will help you be prepared and avoid becoming a scam victim. They include the following quizzes:
Authors: Mohiuddin Ahmed, Senior Lecturer of Computing and Security, Edith Cowan University