Game day insights for business owners
Investment scams remain the costliest for victims—despite declines, they still lead the pack.
Phishing is the most common vector of deception.
Scam losses in Australia fell nearly 26% in 2024, but sophistication continues to rise.
The ‘Stop. Check. Protect.’ framework is your frontline defence—equip your teams.
The numbers that should keep you awake at night
In 2024, Australians reported $2.03 billion in scam losses, a 25.9% drop from 2023, and the number of reports fell by 17.8%, to just under 495,000. However, scammers aren’t slacking off—they’re getting smarter.
Investment scams caused the largest losses—about $945 million, with Romance and Payment Redirection scams coming in 2nd with over $156 and $152 million respectively. While phishing attacks continue to be the weapon of choice for scammers.
Small businesses aren’t immune. Reports from micro and small businesses show investment scams led to $8.5 million in losses, a 78.8% increase from 2023! Followed by false billing (the most reported scam), shopping, phishing, and remote access scams.
Source: Targeting Scams Report 2024 | www.nasc.gov.au
Why this matters to your business
Your employees are both your first line of defence and your greatest vulnerability. The same psychological tactics used in personal scams work just as effectively in professional settings:
- Social engineering attacks that trick employees into revealing login credentials
- Business email compromise schemes targeting finance departments
- Fake supplier invoices and payment redirection scams
- Impersonation attacks targeting C-suite executives
Recent data shows that 47% of investment scam losses involved cryptocurrency, highlighting how criminals exploit emerging technologies that many businesses are still learning to navigate safely.
Your defence
Australia’s National Anti-Scam Centre’s (NASC) 2025 campaign seals the deal with a simple but potent mantra:
Stop. Check. Protect.
Here’s how it applies to businesses:
What it means for your team
STOP | Pause before clicking or responding. A moment’s hesitation is often the firewall.
CHECK | Verify the sender using known contacts—not links or phone numbers in the message. Ask: “Is this really from my Bank?”
PROTECT | If something doesn’t feel right, escalate it: notify your IT team, your IT managed services provider. If money or information was already sent, act with even more urgency.
Your offence
Galvanise this message by including “Stop. Check. Protect.” in onboarding and training—make this phrase a regular part of internal communications.
- Simulate phishing exercises—but do it with care. Use real-world vectors while respecting privacy and tone.
- Ensure multi-factor authentication (MFA) is standard across systems—phishing loses its power when credentials alone aren’t enough.
- Review and update response plans regularly. If an employee clicks a suspicious link, do you have clear remediation steps? Fast action mitigates loss.
Symsafe will help implement or review these safeguards in your business, so you can sleep easy.
TL;DR: Scam losses are down, but not gone. Investment scams still hit hardest. Phishing is the most common trick in a scammer’s toolbox.
Being scam savvy starts with Stop. Check. Protect.
Symsafe can turn your people from potential targets into your strongest line of defence. 💪
Let’s make that strategy part of your cybersecurity game plan.
Cybersecurity enquiries: 1300 002 001 | info@symsafe.com.au
https://www.scamwatch.gov.au/stop-check-protect
This article was crafted in collaboration our AI sidekick, Toolip 🤖
