Go to top of page

Loss of personal information or passwords as a result of fraudulent invitations

The theme of the 2015 National Consumer Fraud Week was Get smarter with your data. The week was designed to raise awareness of consumer fraud and the need for individuals to protect themselves, their personal details and their passwords against fraudulent invitations. This section discusses participants in the 2014 survey who had been exposed to, or had been victimised as a result of, fraudulent invitations. It focuses on phishing, or frauds where victims lost personal information and/or details. As fraudulent invitations involving phishing tactics were a specific category in the 2014 survey, some details have already been discussed. However, this section aims to explore in greater detail the loss of personal information, passwords and details as a result of a fraudulent invitation, looking not just at phishing invitations but other forms of invitations.

Use of phishing invitations

Phishing involves the use of deceptive websites that have been copied from real websites in order to trick victims into supplying personal or account information (Smith 2011). Misuse of personal information and/or passwords can lead to a range of criminal activity, including various forms of identity crime (ACCC 2014). Credit card or bank card fraud is another type of identity-related crime, and skimming is one method of gaining card details from the magnetic strips located on the back of credit cards and bank cards (Smith 2011). Smith and Hutchings (2014) found that the most successful way to dishonestly obtain personal information is through fraudulent invitations or phishing. With the rise of online transactions and the importance of identity-related information in commerce, identity is now a legal concept as well as a commodity (UNODC 2011). The ACCC (2014) noted in its 2013 Targeting scams report that phishing, while the most common method of obtaining personal information and passwords, was just one approach used by fraudsters. Other methods may include using malicious software or spying using social networking forums.

A total of 473 participants had received a fraudulent invitation with phishing characteristics in the 12 months before completing the survey. The most frequent method was via email (see Table 20). Some 207 had received phishing invitations through more than one mode of delivery.

Email was the most popular way to deliver fraudulent phishing invitations, with 81 percent of respondents who received such an invitation receiving at least one this way. It should be noted that respondents may have received multiple phishing invitations via a variety of delivery methods. However, as noted previously, the telephone is growing in popularity as a delivery method of fraudulent invitations.

All Australian jurisdictions and New Zealand participants reported receiving phishing invitations. Forty-one survey participants responded that they had sent personal details or passwords as a result of a fraudulent invitation and 20 participants advised that they were victims of phishing invitations. The highest number of victims of a phishing invitation lived in Victoria (10%), with none living in Western Australia, Tasmania, the Northern Territory or New Zealand. One participant did not disclose their location.

Of the 473 respondents who had received a phishing invitation in the 12 months prior to completing the survey, those aged 17 years and under (n=3, 0.6%) and those aged 18–24 years (n=19, 4.0%) received the least invitations of all the age categories. Those aged 17 years and under were the least likely to receive a phishing invitation with only 25 percent (n=3) of respondents within that age category receiving an invitation of that nature. Respondents aged 45–54 years received the most phishing invitations—26.6 percent (n=126) of all phishing invitations. Of those who received a phishing invitation, six chose not to disclose their age.

Table 20 Mode of delivery of phishing invitations and the number of times they were received (n)
1–5 times 6–10 times 11–20 times 21–50 times More than 50 times
Mail 15 3 3 4 3
Email 181 73 47 42 41
Telephone 83 25 17 8 3
SMS 44 7 2 1 0
Internet 26 11 4 2 4

Source: ACFT Consumer Fraud Survey 2014 [AIC data file]

Table 21 Locations where phishing invitations were received and loss of personal details (n)
State/territory or New Zealand Received phishing invitation Sent personal details or passwords to an invitation (any invitation) Sent both personal details and money to any invitation Victim of a phishing invitation
New South Wales 122 11 11 5
Victoria 84 10 4 8
Queensland 123 8 6 2
Western Australia 30 1 1 0
South Australia 38 4 0 2
Tasmania 15 3 0 0
Australia Capital Territory 48 4 1 2
Northern Territory 4 0 0 0
New Zealand 3 0 0 0

Source: ACFT Consumer Fraud Survey 2014 [AIC data file]

Loss of personal information through phishing frauds and other fraudulent invitations

A victim for the purposes of the 2014 survey was defined as someone who had sent money or personal details, or both money and personal details, to a fraudster as a result of a fraudulent invitation.

Forty-one participants (5% of the total sample and 47% of those identified as victims) reported in the survey that they had sent personal information or passwords as a result of a fraudulent invitation (both phishing and other types of invitations). Twenty-four participants (3% of the total sample, 27% of all victims in the survey) had sent both money and personal details in response to a fraudulent invitation. Twenty-five respondents requested further information from the fraudster.

Some of the examples supplied by respondents in the ‘other’ category provided further clarification about how they came to lose both personal details and money. One respondent explained how selling items online led to the loss of bank account information and other personal details. In another example the respondent explained how a false computer support centre representative was able to remotely access their personal computer and gain access to information and photos stored on the computer.

Losses

Twenty-eight of the 41 participants who had sent both money and personal details in response to a fraudulent invitation indicated that more than $150,000 had been lost to fraudsters. The money sent by respondents, along with personal information, ranged from a minimum of $74.99 to a maximum of $38,000. Two victims of phishing frauds also sent money as well as personal details following a fraudulent invitation. Those amounts were $165 and $900.

Victim demographics

Of the 20 victims of a fraudulent phishing invitation, five were males (25%) and 15 were females (75%). The highest number of female victims were aged over 45 years (75% of females who identified as phishing victims). The largest percentage of males was aged over 55 years (80%). No victims of fraudulent phishing invitations were aged 17 years or younger.

Responding to victimisation

Participants were asked if they had reported the fraud to anyone. They could nominate family and friends, the police, SCAMwatch, the Australian Competition and Consumer Commission or another regulatory agency, the business represented in the fraud, an internet service provider or a lawyer or Legal Aid representative. In the 2014 survey, seven of the 20 victims of a phishing fraud reported their experiences to another person or organisation. Respondents were able to indicate if they had reported the victimisation to more than one person or organisation. When asked why respondents reported the phishing frauds, the main reason they selected was they ‘wanted to prevent others being scammed’ (n=10).

Last updated
3 November 2017