Government cybersecurity authorities have been warning about increased COVID-19 related scam activity for months, but new figures suggest that – despite surging scam volumes – Australians are actually less concerned about cybersecurity than they were at the beginning of the pandemic.

Ongoing social-support initiatives, such as early superannuation withdrawal and the government’s JobKeeper and JobSeeker programs, have made many Australians more receptive to purported government guidance – and recent policy changes will likely perpetuate the situation.

Scammers have pounced on the opportunity, ramping up their spoofing of myGov services to the point where the Australian Cyber Security Centre (ACSC) warned about a flood of new scams circulating around Australia that use emails or SMS text messages trying to convince the recipients to click on links.

Click on one of the links, and you’ll be taken to a fake website that will ask for your login credentials ‘for verification purposes’ – but they will actually be harvested by scammers and used to collect saleable personal information.

A recent warning from the Australian Competition and Consumer Commission (ACCC) said its ScamWatch service had received over 7100 reports of government impersonation scams this year, with associated losses of $1.26m.

Two types of “quite convincing” threats – including phishing scams and ‘fake government threats’ – had predominated, with ACCC deputy chair Delia Rickard noting that “scammers are increasingly taking advantage of the financial difficulties and uncertainty generated from the COVID-19 pandemic to trick unsuspecting Australians”.

Tax scams are particularly common given their seasonal nature and the fact that most Australians have some level of engagement with the ATO – and this makes them a natural target for scammers seeking to gain access to personal information.

Australians lost $12.7m in June to 15,491 reported scams, according to ScamWatch figures.

That was down from a peak of $16.4m and 17,701 reports in April, when the pandemic was escalating and major government initiatives like JobKeeper were being finalised – and spoofed.

Scams attempting to gain your personal information peaked in May, with $1.6m lost in 4,127 reports – nearly three times the levels at the beginning of the year – but the number of scams increased by over 27 per cent in June, to 5,693 reported incidents.

This parallels a surge in the overall cybersecurity threat climate, with 94 per cent of Australian security professionals in one recent study saying the volume of attacks had increased to “unprecedented levels” during the pandemic and 88 per cent saying attacks have become more sophisticated.

Feeding off COVID stress

In offering advice about how to avoid such scams, the ACSC advised the ATO will never send an email or SMS asking recipients to access online services via a specific link.

Citizens are advised to increase their online security by turning on two-factor authentication (2FA), reporting scams, and monitoring their government interactions by logging onto the myGov portal directly.

This advice has become a familiar refrain of late, with no less than Prime Minister Scott Morrison pleading with employees and businesses to use 2FA.

Yet many Australians continue clicking on malicious URLs and falling for well-timed scams – and newly released analysis of national sentiment may explain why.

Australians, the new Unisys Security Index 2020 report found, are more concerned about natural disasters this year (cited by 57 per cent of respondents) than they are about cybersecurity while working from home – which was cited by just 26 per cent of respondents, making it this year’s area of least concern.

By contrast, the 2019 survey found identity theft, bankcard fraud, and hacking or viruses were Australians’ top three concerns.

Months of home working had led to “a level of apathy and a lack of awareness when it comes to securing the home environment,” Unisys chief information security officer Mathew Newfield said, noting anecdotal reports that employees are performing worse in cybersecurity testing now than they were before the pandemic.

The figures marked the first time in the survey’s 14-year history that natural disasters topped the list – no surprise, given the double whammy of this year’s bushfires and the ongoing pandemic – and it was accompanied by a 15-point jump in concerns about personal safety, which was cited by 47 per cent of respondents.

Personal safety, the figures suggest, has become such a focus for stressed-out Australians during the pandemic that they are embracing “blasé” attitudes that are “out of step with reality”, the report warned.

The change “is a consequence of people being so focused on health and personal safety” during the pandemic, observed Unisys Asia-Pacific cybersecurity director Ashwin Pal, “and frankly that’s one of the things that scammers count on.”

“They hope they can fly into the right app because people are too worried about their health.”