The industry speaks: Scams Awareness Week 2025

Despite this progress, the challenge is far from over. The growing use of AI and large language models has given cyber criminals more sophisticated tools, enabling highly convincing phishing scams, deepfakes, and other deceptive tactics. Veeam’s Data Resilience Maturity Model research shows that 74 per cent of organisations still fall short of best practices, with many operating at the lowest maturity levels. Alarmingly, over 30 per cent of CIOs in the least resilient organisations overestimate their data resilience capabilities, leaving them more exposed to scams and cyber attacks.

To strengthen protection, organisations and individuals should maintain a zero-trust mindset, implement multifactor authentication, and actively watch for the warning signs of scams. Vigilance and preparation remain our best defences in an increasingly complex threat environment. This also means ensuring secure, reliable backups so data remains accessible and restorable in the event of an attack. Following the proven 3-2-1-1-0 backup rule can help organisations quickly resume operations and enable individuals to recover lost data with minimal disruption.

Professor Craig Costello
School of Computer Science at QUT

As tech continues to evolve, so do cyber criminal tactics. Scams are becoming increasingly sophisticated, exploiting computing and algorithmic advances to bypass traditional security measures, making them convincing and harder to detect. The Australian Institute of Criminology’s latest report highlights the scale of the problem, with nearly half of Australians experiencing some form of cyber victimisation in the past year.

Post-quantum cryptography offers a glimpse of the future in digital protection, supporting new ways to secure and protect our data and privacy. But tech solutions are not enough. In my role and more broadly across the university, too, we’re dedicated to training the next gen of cyber defenders to be better equipped in recognising, understanding, and proactively defending against the future of cyber crime.

Here are some top scam-busting tips for everyday Aussies:

VIEW ALL

Verify before you trust – if someone contacts you unexpectedly, don’t act on it right away. Call the company or check their official website to confirm, rather than relying on links of contact info in messages. Scammers thrive on urgency. If something feels rushed or too good to be true, it probably is.

Keep devices and accounts secure – regularly update your devices and apps, use strong passwords and don’t recycle them across accounts (a password manager can help with this!), and turn on two-factor authentication wherever possible.

Share and report suspicious activity – if you spot a scam email, text, or call, alert friends and family, and report it to authorities like Scamwatch. Awareness helps protect everyone.

Erich Kron
Security awareness advocate at KnowBe4

Can you differentiate what’s real and what’s a scam? With hundreds of messages flooding inboxes daily, differentiating legitimate ones from clever scams is getting increasingly difficult.

Threat actors are constantly stepping up their game. Today, they are leveraging our trusted contacts, familiar formats and even AI to make scams appear legitimate. Recent research focused on phishing stimulation found that 98 per cent of phishing clicks came from internal emails or trusted senders, a stark reminder that even messages from sources you “know” can be faked.

Scam Awareness Week is the perfect time to pause and ask: are you and your team truly prepared to spot the red flags?

With scammers constantly sophisticating their tactics, the key to resilience lies in building a strong security culture. One that isn’t built once a year but evolves every day. Employees need to keep up to date with the latest techniques to know what they’re up against. Keeping employees informed about the latest tactics equips them to recognise and resist threats. By maintaining high awareness, organisations can empower their people to be their first and best line of defence.

Nigel Tan
APAC SE director at Delinea

Scammers succeed by exploiting gaps in responsibility and trust, and poor password hygiene shows just how easily attackers can take advantage. Whether it is an individual or a business, the issue is the same – clear ownership of systems and access is too often missing.

Almost one in two Australians experienced cyber crime, such as scams and identity theft, yet only a quarter regularly update their passwords, showing how poor identity practices open the door to criminals. In businesses, the same risk arises when no one takes accountability for who can access critical applications, leaving sensitive data exposed.

As we mark National Scam Awareness Week, it is a reminder that defending against scams starts with the basics of identity security: stronger passwords, regular updates, and knowing who is responsible for access to sensitive data. By getting these foundations right, we can shut scammers out before they get in.

Andrew Black
Managing director at ConnectID

Scammers thrive on individuals oversharing sensitive information, so minimising the amount of data circulating online can be one of the best tools to help keep us safe. Scams Awareness Week is the perfect time to stop and think about how we’re sharing and requesting information, and whether we can reduce our digital footprint.

Every day, people in Australia are targeted by scammers trying to trick us into handing over money or personal details. The Cybercrime in Australia: 2024 Report found identity crime and misuse affected 21.9 per cent of Australians last year, more than one in five people.

A significant amount of our data is already stored across different platforms and services. Whenever we create a new account or check into a hotel, we’re handing over our information freely. With all that data floating around, we’re making it significantly easier for scammers to appear legitimate, especially now with the adoption of AI. They can copy official communications, create false identities, and carry out scams that are far more sophisticated than ever before.

When scammers get hold of a driver’s licence, passport, or bank statement, the damage can be even greater. They can impersonate individuals, open accounts or apply for credit on their behalf, and often the victim doesn’t even realise until it’s too late.

So, what can we do? While we can’t reclaim the data that’s already out there, we can reduce the risk of future identity-related scams by sharing less personal information going forward. This is where data minimisation comes in, a principle that asks how we can share only what’s necessary, instead of oversharing.

For businesses, that means rethinking outdated processes. If all that’s required is proof someone is over 18, there’s no need to store their entire licence or even date of birth. Technology now exists to verify a single fact, for example, that someone is over 18, from reliable sources, without collecting every other piece of information.

Tackling identity crime means cutting off the information that fuels it. The less personal data collected, the less there is for criminals to exploit.

Adhil Badat
Managing director APJ at Rackspace Technology

Artificial intelligence is now a core part of cloud strategies, with 84 per cent of organisations already incorporating it. The opportunities are clear with faster decision making, greater agility and the ability to scale innovation. But Scam Awareness Week is a reminder that the same technologies enabling progress are also being used by scammers in new ways.

The concern is not only the technology but how it is deployed. In many organisations, staff are experimenting with AI tools without formal guidance while leadership is still shaping governance. This lack of structure creates openings for fraud. AI can generate phishing emails, fake voices or entire conversations that appear authentic, making scams harder to detect.

Scam Awareness Week highlights why awareness and governance matter. Building clear policies and educating teams are essential steps to reduce exposure as AI and cloud adoption continue to grow.

Anthony Daniel
Managing director ANZ at WatchGuard

As we approach Scam Awareness Week, it’s a timely reminder that real-world threats require real-world security. Fraudsters use tactics like phishing emails, impersonation, and social engineering to exploit human behaviour, making awareness just as vital as technical protections.

In Australia, scams are responsible for hundreds of millions of dollars in losses each year, with many incidents causing serious disruption to operations and reputations. WatchGuard’s Q1 2025 Internet Security Report reported a staggering 71 per cent of malware arrives via encrypted connections, and almost three-quarters of that malware bypasses signature-based protections as zero-day threats. The report also reveals a 171 per cent surge in network malware, signalling that attackers are increasingly sophisticated, often AI-assisted, and hitting harder than ever.

Preventing scams requires a combination of clear processes, staff training, and verification steps to ensure requests and communications are legitimate. While secure email gateways and multifactor authentication are essential, they’re not foolproof.

For businesses, it’s not just about compliance – it’s about protecting reputation and trust. Leaders must regularly ask: Are our people prepared to spot a scam? Are our processes strong enough to stop one?

Shannon Davis
Principal AI security researcher, SURGe/Foundation AI, at Splunk

Scams today move faster, are more targeted, and harder to catch. For organisations, disrupting scammers requires an understanding of current tactics being utilised, along with data being organised. Ultimately, security is a data problem. The quicker we can break down silos and connect the dots, the quicker we can respond.

The reality is [that] no amount of data sharing will stop every scam. The most powerful defence is to educate the people being targeted and [give] Australians the tools to recognise, question, and avoid the scams before they cause harm. Public awareness, paired with faster disruption efforts, gives us the best chance of staying ahead of increasingly agile criminal operations.

Technology and partnerships play a role, but empowering people to spot the signs and protect themselves remains the frontline defence.

Reuben Koh
Security Technology and Strategy Director of Asia-Pacific and Japan at Akamai Technologies

Artificial Intelligence (AI) is increasingly exploited by scammers to target victims. Automating scams enables bad actors to generate more sophisticated attacks more quickly and effectively, resulting in far-reaching effects. Cybercriminals are using AI in various ways:

Offering scams “as-a-service”: Sophisticated cybercriminals develop complete AI-powered phishing kits which are sold to less experienced scammers, lowering the barrier to entry for would-be cybercriminals while exponentially increasing the number of scams.

Personalised attacks: Scammers use AI to research and gather information from social media and the internet to build rich and detailed profiles of targets quickly.
Generating convincing content: Cybercriminals use AI to develop realistic phishing emails, deepfake audio and malicious QR codes to target victims.

Scaling of operations: Small scam rings can now reach a wider number of victims by automating multiple social engineering campaigns.