Cybercrime Australia: Hack Victim Shares Warning as Reports Rise

Cybercrime Reports Surge in Australia, Driven by Credential Compromise

Australians are increasingly falling victim to cybercrime, with reports surging to an average of one incident every six minutes in the 2024-25 financial year, according to recent data. While financial losses continue to climb – exceeding $33,000 per individual victim and $202,000 per business – experts warn that the emotional and mental toll on those targeted is often overlooked.

The escalating threat isn’t necessarily due to more sophisticated hacking techniques, but rather a shift in how criminals gain access. According to the Australian Signals Directorate (ASD), networks are increasingly breached through compromised or stolen credentials, rather than direct hacking. This means usernames and passwords, often reused across multiple platforms, are the primary vulnerability.

Ash Raso, a 29-year-old entrepreneur, experienced this firsthand when hackers gained access to her accounts prior to launching her clothing label. “I basically fell to the floor when it happened because I was like ‘Whoa, what the hell do I do?’” she told triple j hack. The hackers had been monitoring her activity for months, accessing her emails, social media, and even banking details through her camera and keyboard interactions. Although she refused to pay a $705 ransom, Raso faced a lengthy process of identity recovery, needing to replace her passport, driver’s license, and Medicare card.

Raso’s experience highlights a growing trend. In 2024-25, the ASD responded to over 1,200 cybersecurity incidents, an 11% increase from the previous year. The sheer volume of reports – 84,700 in total – underscores the widespread nature of the problem, though experts believe the actual number of incidents is significantly higher due to underreporting.

Youthful Complacency and the Rise in Vulnerability

While older Australians are demonstrating stronger cybersecurity habits, new research commissioned by the federal government reveals a concerning trend among younger demographics. Despite high confidence in their online safety skills, over half of 18 to 24-year-olds admit to reusing passwords across multiple accounts, and 59% are comfortable using passwords they know are weak. This complacency makes them particularly vulnerable to credential-based attacks.

Lieutenant General Michelle McGuinness, Australia’s national cyber security coordinator, expressed concern over these findings. “Many young Australians believe they won’t be the victim of cybercrime, and I think the bottom line is this can happen to anyone,” she said. She emphasized that this isn’t about blaming young people, but rather about equipping them with the knowledge and tools to protect themselves.

In contrast, Australians over the age of 65 are proving to be more cautious online, with 90% carefully considering links before clicking, compared to 68% of those aged 18-24. This demonstrates the importance of consistent cybersecurity practices, regardless of age.

Simple Steps to Strengthen Online Security

McGuinness outlined three key steps Australians can take to improve their online security: using unique and complex passphrases, enabling multi-factor authentication, and keeping software on phones and laptops updated. Multi-factor authentication, in particular, is crucial, adding an extra layer of security beyond a simple username and password.

Raso, having experienced the devastating consequences of a cyberattack, now advocates for increased online security awareness. “Cybercrime does not discriminate and trust me, you could be next, and when it happens to you there is no worse feeling in the world,” she said. She urges others to learn from her experience and take proactive steps to protect their digital lives.

As cybercrime continues to evolve, vigilance and proactive security measures are essential. Australians should remain aware of the risks and prioritize protecting their credentials to avoid becoming the next victim. The ASD’s Australian Cyber Security Hotline is available 24/7 at 1300 CYBER1 (1300 292 371) for those seeking assistance.