Introduction
Australia’s digital boom is a goldmine for fraudsters. These sophisticated threat actors do not perform rogue acts of cybercrime but have built entire illicit ecosystems designed for mass disruption — enabling scams, phishing, and cyber theft. Some might argue that this is a downstream consequence of Australia’s thriving digital economy, fueled by over A$2.3 billion in government investment since 2023.
With GDP growth at just 0.1% in Q4 2024, this progress masks a costly vulnerability: annual fraud losses topping A$2 billion.
Australia’s citizens and digital assets present as a lucrative target for organized cybercrime – the region has superannuation accounts that are susceptible to identity theft and account takeover (ATO); It has regulated gaming, betting, and gambling industry – that is prone to money mules and money laundering; it has a thriving digital economy with fast payment applications, digital banks, online lending and until recently credit on tap – Buy Now, Pay Later apps that attract quick execution of scam & phishing by fraudsters.
Group-IB’s team of fraud analysts and anti-fraud experts, in their periodic discussions with members of the banking, superannuation, and regulatory fraternity, delved into the subject of the recent ‘Scam Prevention Framework & Legislation.’ It is an important milestone in consumer safety and corporate liability. The Scam legislation requires banks, telcos, internet companies, and media houses to take adequate measures to protect consumers against the harms of online fraud and scams. The liabilities of defaulting organizations can be up to $50 million.
Trying best to avert the situation, safe harbor clauses are built into the legislation to mitigate this risk for complying organizations against long tail fraud events.
That said, how does an organization approach implementing and preparing for the legislation? There are expert risk, compliance, and audit companies that can opine and can be part of the implementation – but from our vantage point as a provider of cyber intelligence and fraud mitigation solutions – here are some actions organizations can consider:
Cyberfusion – Collaboration across Cybersecurity and Fraud Prevention: The Cyberfusion approach suggests that the data with cybersecurity teams and CISOs’ organizations can be valuable for the fraud investigation and policy teams. Fraud Line 1 (Investigation) and Line 2 (Fraud Prevention Policymaking) teams must collaborate with the cybersecurity teams to leverage insights on device ID, bot traffic, leaked credit card, and stolen account information. All technical session information on IP reputation, locations, and device malware information combined with the data from CISO and the team with the transaction and behavior biometrics data can be invaluable for the fraud team.
This interdependence on data leveraging and combining user sessions, the dark web, and transaction data forms the building blocks of the cyberfusion team. To put adequate and advanced controls against AI-based fraud vectors requires a robust collaborative approach across cyber and fraud /risk teams. This would also lead to building a strong and sustainable policy and the implementation and review framework to implement the new Scam Legislation.
To enrich your knowledge of the concept of cyber fusion and how it can aid stronger cybersecurity, check out our blog.
Cross Industry & Law Enforcement Collaboration: Data-sharing requires breaking silos and inherently depends on collaboration. However, cyber-fraud prevention requires collaboration among wider stakeholders and industry groups. CISOs and risk and fraud leaders must continually work with industry associations, regulators, law enforcement, and international agencies to stay ahead. In our experience fighting cybercrime – the most impactful engagement from a socio-economic perspective is to collaborate with Interpol and law enforcement agencies to identify and share social intelligence (SocInt) on cyber criminals and sophisticated online fraud rings. Cyberfraud has no boundaries, and the prevalence of LLM tools and AI platforms has dramatically reduced the barriers to entry for new fraudsters to target victims in Australia or elsewhere. Group-IB actively works with global law enforcement agencies, supporting cybercrime disruption operations with adversary intelligence and response capabilities. Learn more about our latest collaborations and operations here.
Focus on Progress – not – Perfection: Fighting sophisticated cyber-fraud may seem daunting and challenging. A useful mental framework fraud prevention practitioners can lean on is B.A.N.I (Brittle – Anxious -Non-Linear & Incomprehensible). Our cyber tools and defenses are Brittle – we have a growing digital and application-dependent economy to protect and manage – including our customers’ credentials, devices, and behaviour. The changing political, digital, and economic landscape and the constant supply of new tools & technologies can make even the digital natives Anxious. The fraud and cyber challenges we confront are Non-Linear, with new AI Fraud Vectors – deepfakes, voice scams, BOTs, and several of the challenges and fraud cases are so new that, at first, the Modus Operandi (MOs) are Incomprehensible. In such a world of rapid change and flux, it is better and imperative for us to move towards progress and not aim for perfection in the first go – Fighting fraud remains a continuous journey.
The Road Ahead
Based on our research and evidence of new fraud in other countries in the Asia-Pacific, we see a requirement to fortify the digital defenses in the following ways:
Preventing Deepfake Manipulation: Organizations must prepare against camera tampering malware, AI tools that mimic liveliness checks and allow KYC bypass, and fraud teams need to access device telemetry as part of pre-onboarding checks for new account opening and lending. Fraud cartels target banks for fake loan profiles using stolen customer identities and often spoofing devices to bypass KYC checks.
Scam Call Prevention: Push payment fraud is a major challenge. Banking organizations can benefit from detecting payments made while users are on active calls and maintaining a repository of scam call numbers by collaborating with banks and telcos.
Mule Account Detection: Mule accounts are progressing from money laundering and small-value transactions to using stolen identities to apply for loans online. Another challenge is mule accounts targeting gambling and betting sites to top up accounts, transfer money from mules into gaming platforms, and cash out.
Staying Current and Informed: Continuous effort will be required to work on asset recovery, fraud investigation, and sharing critical information on new fraud Modus Operandi. The Group-IB Fraud Matrix provides a great starting point for learning about new fraud vectors and TTPs (Tools, Tactics, and Procedures).
You can use the link below to sign up for Fraud Matrix.
Image: Intelligence on attackers TTs detailed in Group-IB Fraud Matrix
Conclusion
The Australian Scam Prevention legislation requires fraud, compliance, and cybersecurity practitioners to collaborate internally to improve user journeys and bolster trust and safety guardrails in growing Australia’s digital economy. The legislation can achieve the desired safety and fraud prevention outcomes through collaboration, user education, and global learning from fraud prevention interventions.
The Digital User experience would require built-in ‘cognitive breaks’ – a moment to think before users pay – to re-check payee details. The national media campaign, with the message “message, ‘Stop. Check. Protect,’ launched in 2025, emphasized this subtle yet powerful preventive measure, aiming to raise scam awareness and empower Australians to confidently identify, avoid, and report scams.
Besides scrutiny from the users’ end, banks and financial institutes need to ensure trust in clicks and swipes. The legislation requires search engines, social media, and banks to lead users to a more aware and tuned-in online engagement when interacting with applications involving transactions, money, and reputation.
For organizations striving to stay defended and keep their customers protected amid the rising fraud activity, learn how our team of fraud analysts and our most complete* fraud-prevention solution with built-in intelligence can help you implement necessary security barricades for a secure customer experience, real-time monitoring, and AI-enabled detection, behavioural analytics based on a number of parameters for precise indication of anomalous network activity, and catch pre-fraud indicators before they turn into full-fledged disruptions—and more. Schedule a discovery call with us today
