Australians reported more than $2 billion in scam losses in 2025, confirming fraud and cybercrime as ongoing areas of concern for insurers, brokers, and corporate risk managers.
The National Anti-Scam Centre’s latest Targeting Scams Report draws on data from Scamwatch, ReportCyber, the Australian Financial Crimes Exchange (AFCX), IDCARE, and the Australian Securities and Investments Commission. Across these sources, Australians lodged 481,523 scam reports in 2025, with 274,577 reports involving a financial loss and total reported losses of $2.18 billion.
Losses increased 7.8% compared with 2024, while total reported losses remained about 29.7% lower than the 2022 peak of $3.1 billion. Investment scams accounted for the largest share of reported losses at $837.7 million, followed by payment redirection scams ($166.8 million), romance scams ($139.9 million), phishing scams ($97.6 million), and remote access scams ($69.9 million). Collectively, these categories accounted for about 60% of all reported scam losses in 2025.
“Scams are often described as a ‘wicked problem’ because they are complex, fast-evolving, and resistant to simple solutions. The Targeting Scams Report provides an overview of the scam landscape and highlights the collaboration and shared accountability needed to tackle the harm caused by scams both here in Australia and globally,” ACCC deputy chair Catriona Lowe said. She also pointed to the role of emerging technologies and organised criminal networks, saying that “as Australia and indeed the world faces increasing sophistication in scam activity through artificial intelligence (AI) and the industrialisation of criminal syndicates through scam compounds, it is clear more needs to be done, quickly and at scale.”
The report outlines demographic and channel patterns with potential implications for underwriting, pricing, and assessments of customer vulnerability. Australians aged 65 and over, who comprise about 17.1% of the population, accounted for 26.5% of total Scamwatch losses in 2025. The figures suggest older consumers continue to incur a larger share of reported losses relative to their share of the population. Online contact methods, including websites and social media, remained the primary way scammers obtained money and personal information. Reports of online-based scams that resulted in loss increased 31.8% in 2025, and associated financial losses rose 21%. By comparison, text-message scams fell, with reports of SMS scam contacts dropping from 77,365 in 2024 to 29,058 in 2025.
Betting and sports investment scams – including schemes sometimes referred to as “scambling” – showed increases in both reported incidents and losses. Scamwatch received reports of $2.4 million in losses to these scams, almost three times the previous year’s amount, while reports for this scam type rose 19.6% between 2024 and 2025. Losses were reported mostly among people aged 25 to 34 and 35 to 44. Reports relating to betting scams from First Nations people rose 91.5%, and reports from people with disability increased 93.5%.
The National Anti-Scam Centre reported higher levels of disruption activity across online and telecommunications channels in 2025, in coordination with major platforms and network providers. During the year, the centre sent more than 8,400 websites for assessment, resulting in the removal of over 7,500 scam URLs, an increase of at least 30% on 2024. It referred more than 7,000 suspected Facebook scam URLs to Meta, along with 844 Gmail addresses, 14 organic YouTube URLs, and 2,098 advertisements to Google for investigation. Telecommunications partners received 4,246 unique phone numbers and 921 unique sender IDs for disruption, more than four times the number referred in 2024.
The centre also referred hundreds of high-risk scam call-back numbers to Optus, extending call blocking to tech-support and payment impersonation scams, and provided intelligence that led to the removal of more than 600 betting scam websites and more than 600 social media profiles and forums. In addition, 8,536 Scamwatch reporters were referred to IDCARE for tailored scam recovery assistance. At an international level, Australia joined other G7 countries earlier this year in endorsing a Call to Action to Combat Fraud at the United Nations and Interpol Global Fraud Summit. More than 100 organisations endorsed a Public Private Partnership Framework intended to support cooperation on scams across borders and sectors.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recorded increases in cyber security activity and reported financial impacts in its Annual Cyber Threat Report 2024-2025, adding further context for cyber and crime insurance portfolios. In FY2024-25, the centre received more than 42,500 calls to the Australian Cyber Security Hotline, a 16% rise on the previous year, averaging 116 calls a day. ASD’s ACSC responded to more than 1,200 cyber security incidents, up 11%, and issued over 1,700 notifications of potentially malicious cyber activity, an 83% increase year on year.
ReportCyber recorded more than 84,700 cybercrime reports in the period, a 3% decrease, but the average self‑reported loss per incident increased. Individuals reported average losses of $33,000 per incident, up 8%. For businesses, average reported losses per incident rose 50% to $80,850. Small businesses reported average losses of $56,600 (up 14%), medium‑sized enterprises $97,200 (up 55%) and large organisations $202,700 (up 219%).
Identity fraud remained the most commonly reported cybercrime. ASD’s ACSC also responded to more than 200 denial-of-service and distributed denial-of-service incidents, more than 280% higher than in the previous reporting period. The report notes that state-sponsored actors continue to target Australian government networks, critical infrastructure, and private-sector organisations, including attempts to degrade or disrupt essential services. Critical infrastructure entities were notified more than 190 times of potential malicious activity, an increase of 111% from the previous year.
According to the cyber threat report, malicious actors continue to exploit weaknesses in internet‑facing devices and in security practices. The use of “living off the land” techniques – which rely on legitimate tools rather than custom malware – persists, requiring defenders to focus on network behaviour as well as known indicators of compromise. The report states that the growing use of artificial intelligence is likely to allow attackers to conduct operations at greater speed and scale, while Australia’s dependence on internet-connected technology broadens the potential attack surface. ASD’s ACSC points to a set of basic cyber security practices – including strong multi‑factor authentication, unique passwords or passphrases, timely software patching, alertness to phishing attempts, and regular data backups – as measures that can prevent many of the incidents reported to the centre.
For organisations, the report recommends operating on an “assume compromise” basis and prioritising protection of key assets or “crown jewels.” It identifies four priority areas, described as “big moves”: implementing best‑practice logging, replacing legacy IT systems, managing third‑party risk, and preparing for post‑quantum cryptography. Operators of operational technology are advised to isolate critical systems and maintain plans for system restoration, while larger organisations are encouraged to ensure products and services are secure by design and by default.
The report also notes emerging challenges related to post‑quantum cryptography and the secure integration of AI, stating that “effective transition plans will be critical to operating in 2030 and beyond - a post-quantum computing world - and this planning must start now.” The findings from both reports indicate continuing exposure to fraud and cyber incidents, changing methods of attack, and rising average losses for business policyholders. They also indicate areas where closer attention to controls, security practices, and collaboration with external stakeholders may inform risk selection, pricing, and advisory work across personal and commercial lines.
