Earlier this month, the ACCC issued a stark warning to consumers following ‘alarming reports of Australians losing their life savings to a highly sophisticated banking impersonation scam’. The warning comes whilst the general population struggles to tell fact from fiction when managing unsolicited communication. But what of our more vulnerable citizens, those that increasingly rely on phones or the internet to keep them connected to essential services, how do they cope in these complex times?
‘It was my fault, I’ve only myself to blame.’ Margaret reflects on the online scam that took $10,000 of her life savings. Since succumbing to the ‘Hi Mum…’ scam on the 25th January, house-bound with a spinal fracture and recently widowed, Margaret has had much time alone to reflect. As is typical of victims of coercive control, Margaret blames herself. That’s the insidious nature of such abuse, online or otherwise—it leaves victims feeling vulnerable, powerless, and isolated.
‘Hi Mum…’ is a online scam designed to manipulate an older demographic, specifically one with adult children. A type of phishing attack, the scam coerces the victim into transferring funds to a fraudulent recipient. According to Scamwatch, phishing attacks cost Australian citizens circa $5 million in losses in the first two months of 2023 alone.
Vulnerable citizens—including the elderly, people with disabilities, and social services recipients—are at a higher risk of falling victim to cybercrime, such as online scams, identity theft, and other types of cyber crime. They’re targeted by cybercriminals because they may be more trusting, have limited access to information, or are unaware of the risks associated with using technology.
One group of particularly vulnerable citizens are National Disability Insurance Scheme (NDIS) participants.
The NDIS provides government support to people with disabilities. Many NDIS participants have complex care needs and rely on technology to manage their daily lives. However, their reliance on technology comes with commensurate risk, as their personal data and financial information may be stored online and shared between multiple third-party support service providers.
The effect of cybercrime on vulnerable citizens can be devastating. For NDIS participants, a cyberattack could result in the theft of sensitive information, including medical records, banking details, and other personal information.
Such cyberattacks or data leakage could lead to financial loss, reputational and relationship damage, and emotional distress. It could make NDIS participants, already vulnerable, at greater risk of exploitation. It could also make it more difficult for them to access the services and support they need, whilst eroding their confidence in support systems and exacerbating a sense of disempowerment and isolation.
Margaret is smart and articulate; she does not identify as ‘vulnerable’. But her story of seeking help in the wake of the crime highlights the insurmountable barriers faced by those less able to navigate the system.
Despite the same bank holding both Margaret’s and the scammer’s accounts, no help was forthcoming. A police record was filed and the loss accepted. Margaret is resigned: ‘There’s nothing more to be done, it's my fault’.
With such scams on the rise, governments and organisations are taking steps to protect vulnerable citizens from cybercrime. For example, the UK, US and Australia all have initiatives to increase the knowledge of older citizens regarding cybercrime, typically emphasising cyber awareness and self-protection. But for many, it’s only in the aftermath of an incident that they access these resources.
It’s evident that those involved in the NDIS are likely, and attractive, targets. To mitigate that risk, there are several measures the Australian government could consider. For example, ensuring that all NDIS service providers adhere to strict data security protocols. Government may also require that all NDIS Service Providers regularly refresh their knowledge and ability to comply with the Privacy Act.
Such requirements are not without challenge. Many NDIS Service providers are small businesses without the funding, time, and know-how to meet their obligations. It will take a mixture of government support, incentives, and where appropriate, mandates, to improve their capability.
Fortunately, the Cyber Minister, Clare O’Neil, is well-acquainted with the use of mixed levers to accelerate positive change. In their 2015 book, “Two Futures: Australia at a Critical Moment”, Clare O’Neil and Tim Watts articulate how they see the role of government in protecting citizens from digital marginalisation; “Left to their own devices, many of the dynamics of the Digital Revolution will exacerbate inequality in our society. Government interventions will be most beneficial if they are designed to be collaborative, not obstructive”.
Margaret is a strong lady. She talked of self-help following the attack. But finally, when asked how did the scam make her feel, her voice shook. “I wake every morning so upset. How could I have been so stupid? It was $10,000; that’s a lot of money. Imagine what I could have done with that $10,000. But somebody just took it, and that’s the end of it’.
The forthcoming Cyber Strategy offers the government a further opportunity to help protect its most vulnerable from the growing threat of cybercrime, while recognising all need to be able to fully engage freely and fearlessly in our digital society. As Margaret is aware, there is no turning the clock back; rather we need to ensure some foundational principles to prevent the vulnerable slipping into digital isolation.