Over 40 percent of all Australian cybercrime victims are scammed more than once in a single year, a new report from the Australian Institute of Criminology (AIC) has found.
It examined four different types of online crime—abuse and harassment, malware, identity theft, and fraud and scams—and found that those targeted by fraudsters and scammers are the most vulnerable to revictimisation, with a rate double the average.
Twenty-seven percent of respondents to the AIC survey had been a victim of online abuse and harassment in the 12 months prior, 20.6 percent had been a victim of malware, 21.9 percent had been a victim of identity crime and misuse, and 9.5 percent had been a victim of fraud and scams.
The results have prompted the Australian Federal Police (AFP) to warn people to be particularly vigilant and to strengthen their online safeguards.
However, AFP Cyber Commander Graeme Marshall says the extent of multiple victimisation underscores the need for community awareness and vigilance, especially since respondents were less likely in 2024 than in 2023 to say they were using various online safety strategies, and there was little change in the prevalence of high-risk online behaviours.
“Cybercriminals don’t just move on after one attack. If they find a vulnerability, whether that’s a weak password, outdated software or a compromised email, they'll come back again and again—often in different ways,” Marshall said.
“For example, someone who loses personal information to an online scam may then be targeted with identity fraud and phishing. This means these crimes are not isolated events; they’re often linked, and the impacts can be financial, emotional and deeply personal.
Fraud Victims the Most Vulnerable
The AIC report found 80 percent of victims of fraud and scams were likely to experience another type of cybercrime within a single year, making them the most vulnerable.While financial losses from cybercrime are significant, they represent just one part of its broader cost.
More people in this survey reported being negatively impacted by cybercrime, particularly for social and health-related harms.
The report identified a clear correlation between experiencing multiple and distinct types of victimisation and cybercrime-related harm.
Thirty-one percent of people who‘d fallen victim to only one type of crime reported practical impacts on their lives, such as having to deal with their bank to sort out accounts. That rose to 57.8 for those subject to three types of crime and 63.9 percent of those who’d fallen victim to all four types.
Social impacts rose from 20.2 percent for single-type victims to 49.7 percent for those who experienced four types.
And victims who experienced three or more types of cybercrime were at least three times more likely to report health, financial and legal impacts than victims of only one type.
AIC Deputy Director Rick Brown said people aged 18 to 34 are disproportionately impacted, making community education on prevention strategies critically important.
Police Emphasise Prevention
The AFP works with law enforcement partners, government agencies, industry and the public to disrupt cybercriminal networks and equip Australians with the tools to protect themselves.Many victims spend significant time and resources on recovery, whether that’s seeking legal advice, addressing emotional distress or installing new cybersecurity measures.
“The earlier we intervene, the better our chances of preventing further harm.”
The AFP and AIC believe most cybercrime continues to go unreported, but a higher proportion of respondents sought help from police or ReportCyber, particularly among owners and operators of small to medium businesses.
- Install software updates to keep their devices secure.
- Use a unique and strong passphrase on every account.
- Always set up multi-factor authentication.
