More than 40 per cent of Australians who fall victim to cybercrime experience multiple types of attacks within a single year, with fraud and scam victims emerging as the most vulnerable, according to a new report.
The Australian Institute of Criminology (AIC) Cybercrime in Australia 2024 report examined four key cybercrime types: online abuse and harassment, malware, identity crime and misuse, and fraud and scams. It found that 42.1 per cent of victims were targeted across two or more categories in a year, while 6.6 per cent were hit by all four.
For AFP Cyber Commander Graeme Marshall, the findings highlight the urgent need for ongoing community vigilance.
“People who fall victim to one type of cybercrime are often at higher risk of being targeted in another way,” Commander Marshall said. “Cybercriminals don’t just move on after one attack. If they find a vulnerability—whether a weak password, outdated software, or a compromised email—they’ll come back again and again, often in different ways. Someone who loses personal information to an online scam may then be targeted with identity fraud and phishing. These crimes are linked, and the impacts can be financial, emotional, and deeply personal.”
The report shows that fraud and scam victims are the most likely to experience further attacks, with 80 per cent encountering another type of cybercrime within a year.
The study also revealed a clear link between poly-victimisation—experiencing multiple distinct types of cybercrime—and the severity of harm:
• Victims of three or more types were three times more likely to report financial, legal, or health impacts than single-type victims.
• Practical impacts were reported by 57.8 per cent of three-type victims and 63.9 per cent of four-type victims, compared with 31 per cent of single-type victims.
• Social impacts rose from 20.2 per cent for single-type victims to 49.7 per cent for those experiencing four types.
AIC Deputy Director Rick Brown said poly-victimisation was especially prevalent among 18-to-34-year-olds. “Community education on prevention strategies is critically important,” he said. “Victims who seek support are more likely to adopt safety measures that prevent future attacks.”
The AFP and AIC continue to work with law enforcement, government, industry, and the public to disrupt cybercriminal networks and equip Australians with tools to protect themselves. Beyond financial losses, victims often face time-consuming recovery, emotional distress, and the risk of further exploitation by fraudulent recovery agents.
Commander Marshall urged Australians to prioritise prevention, especially during Cyber Security Awareness Month:
1. Install software updates to keep devices secure.
2. Use unique and strong passphrases for all accounts.
3. Enable multi-factor authentication wherever possible.
Victims of phishing or suspicious banking activity are advised to contact their bank and report the matter to ReportCyber immediately.
Support our Journalism
No-nonsense journalism. No paywalls. Whether you’re in Australia, the UK, Canada, the USA, or India, you can support The Australia Today by taking a paid subscription via Patreon or donating via PayPal — and help keep honest, fearless journalism alive.
