Government's cyber security strategy must put vulnerable Australians at forefront

The warning comes while the general population struggles to tell fact from fiction when managing unsolicited communication. But what of our more vulnerable citizens, those that increasingly rely on phones or the internet to keep them connected to essential services. How do they cope in these complex times?

"It was my fault, I've only myself to blame," Margaret reflects on the online scam that took $10,000 of her life savings.

Since succumbing to the "Hi Mum ..." scam on January 25, house-bound with a spinal fracture and recently widowed, Margaret has had much time alone to reflect.

As is typical of victims of coercive control, Margaret blames herself. That's the insidious nature of such abuse, online or otherwise - it leaves victims feeling vulnerable, powerless and isolated.

"Hi Mum ..." is a online scam designed to manipulate an older demographic, specifically one with adult children.

A type of phishing attack, the scam coerces the victim into transferring funds to a fraudulent recipient. Scamwatch said phishing attacks cost Australian citizens about $5 million in losses in the first two months of 2023 alone.

Vulnerable citizens - including the elderly, people with disabilities and social services recipients - are at a higher risk of falling victim to cybercrime, such as online scams and identity theft. They're targeted by cyber criminals because they may be more trusting, have limited access to information, or are unaware of the risks associated with using technology.

One group of particularly vulnerable citizens are National Disability Insurance Scheme participants.

The NDIS provides government support to people with disabilities. Many NDIS participants have complex care needs and rely on technology to manage their daily lives.

However, their reliance on technology comes with commensurate risk, as their personal data and financial information may be stored online and shared between multiple third-party support service providers.

The effect of cybercrime on vulnerable citizens can be devastating. For NDIS participants, a cyber attack could result in the theft of sensitive information, including medical records, banking details and other personal information.

Such cyber attacks or data leakage could lead to financial loss, reputational and relationship damage, and emotional distress. It could leave NDIS participants, already vulnerable, at greater risk of exploitation.

It could also make it more difficult for them to access the services and support they need, while eroding their confidence in support systems and exacerbating a sense of disempowerment and isolation.

Margaret is smart and articulate; she does not identify as "vulnerable". But her story of seeking help in the wake of the crime highlights the insurmountable barriers faced by those less able to navigate the system.

Despite the same bank holding both Margaret's and the scammer's accounts, no help was forthcoming. A police record was filed and the loss accepted. Margaret is resigned: "There's nothing more to be done, it's my fault."

With such scams on the rise, governments and organisations are taking steps to protect vulnerable citizens from cybercrime. For example, the UK, US and Australia all have initiatives to increase the knowledge of older citizens regarding cybercrime, typically emphasising cyber awareness and self-protection. But for many, it's only in the aftermath of an incident they access these resources.

It's evident those involved in the NDIS are likely, and attractive, targets. To mitigate that risk, there are several measures the Australian government could consider. For example, ensuring all NDIS service providers adhere to strict data security protocols.

Government may also require all NDIS service providers to regularly refresh their knowledge and ability to comply with the Privacy Act.

Such requirements are not without challenges. Many NDIS service providers are small businesses without the funding, time and knowhow to meet their obligations.

It will take a mixture of government support, incentives and, where appropriate, mandates, to improve their capability.

Fortunately, Australia's Cyber Security Minister Clare O'Neil is well-acquainted with the use of mixed levers to accelerate positive change. In their 2015 book, Two Futures: Australia at a Critical Moment, Ms O'Neil and Tim Watts articulated how they viewed the role of government in protecting citizens from digital marginalisation: "Left to their own devices, many of the dynamics of the digital revolution will exacerbate inequality in our society. Government interventions will be most beneficial if they are designed to be collaborative, not obstructive."

Margaret is a strong lady. She talked of self-help following the attack. But finally, when asked how did the scam make her feel, her voice shook.

"I wake every morning so upset. How could I have been so stupid? It was $10,000; that's a lot of money. Imagine what I could have done with that $10,000. But somebody just took it, and that's the end of it," she said.

The forthcoming Cyber Strategy offers the government a further opportunity to help protect its most vulnerable from the growing threat of cybercrime, while recognising all need to be able to fully engage freely and fearlessly in our digital society. As Margaret is aware, there is no turning the clock back; rather we need to ensure some foundational principles to prevent the vulnerable slipping into digital isolation.

Fraudulently obtained funds are usually quickly moved from bank accounts into cryptocurrency and victims are unlikely to get their money back.

If you have lost money to a scam you should contact their bank or financial institution as soon as possible and report the matter to police.

For more advice on how to avoid scams and what to do if you or someone you know is a victim of a scam, visit the Scamwatch website at scamwatch.gov.au.

Anyone with information in relation to cybercrimes and scams is urged to contact Crime Stoppers on 1800 333 000.