A recent report has revealed that more than $404 million has been lost in New South Wales, following 39,494 reports of cybercrime.
Despite this, the report by the New South Wales Bureau of Crime Statistics and Research found that less than half of incidents reported to a national cybercrime reporting system were referred to police.
Where a referral was made, a majority (71%) of reports were closed by police with no further investigation undertaken.
Cybercrime describes a wide range of offences including traditional crimes which are enabled by technology such as cyberstalking, identity theft and online fraud.
It also refers to offences generated solely using computers such as malware attacks or hacking.
It can be directed at individuals, as well as business or government data systems.
The report found that reports of cybercrime reports (across all offence types except for cyber abuse) have increased by 42% over the three years to June 2022.
It analysed categories of cyber-enabled fraud, identity theft, cyber-enabled abuse, online image abuse and device-related offences (malware and ransomware attacks).
Individually, cyber-fraud increased by 95% and identity crime increased by 35%, which were the most common cyber offences, accounting for 79% of all reports.
Notably, device-related offences have had the largest increase, at 117%.
Increases in cyber enabled fraud and identity crime have evidently been correlated with cybercrime-related financial losses by individuals.
Most victims of cybercrime have been identified as male (53%) and over 25 years of age (87%).
Matters which involved fraud or online image abuse were most likely to be referred to police.
This is in contrast to reports regarding identity crime or device offences, which saw only 17.5% and 5.2% of reports referred, respectively.
A main difficulty encountered by police during investigations is that perpetrators are often unknown or reside outside the state's jurisdiction.
The report stated that: "in the vast majority of cases, victims do not know any details about the offender and many of those who do, report that the suspected perpetrator resides overseas."
This means that whilst a high proportion of victims have evidence about the incident (94%), a majority do not know the perpetrator and therefore few reports included suspect details (28%).
The prevalence of overseas offenders means that it is: "near impossible for local and federal police agencies to prosecute offenders and undermines the deterrent value of any criminal sanctions prescribed for these offences," as stated by the report.
Despite this, reports were likely to be referred to police where they involved a victim aged 17 years or younger, money was lost, an online image abuse offence was indicated, or the suspect was known to the victim.
The national cybercrime reporting system from which the report analysed data is the ReportCyber Application Platform (RCAP) which is operated by the Australian Cyber Security Centre.
RCAP is a platform which then triages reports, in that it assesses them to determine urgency, before seeking to refer them to state or federal police agencies.
There are several current overlapping systems which may be used to report cybercrime.
This includes 'Scamwatch' for online scams, the eSafety Commissioner for cyber abuse and the Office of the Australian Information Commissioner for data breaches.
Executive Director of BOCSAR, Jackie Fitzgerald explained that: "cyber-offending is arguably our most significant emerging crime problem. However, our understanding of this offence is seriously hampered, firstly, by people not coming forward, and, secondly, when they do, by the multiple, competing channels available to people to report the offence."
The report has thus called for an integration of the different reporting systems, or enhanced collaboration between the bodies.
As the largest cybercrime, cyber-enabled fraud comes in various forms, with it ultimately involving the use of online means to commit fraud including by tricking a person into sending money or goods.
Examples include dating or romance scams in which scammers seek to enter into an online relationship with a victim to entice them to send money, or penalty scams where a person impersonates a government or other official agency and threatens the victim with a penalty (i.e., further fines or arrest) if they do not pay a sum of money immediately.
There is no specific offence for cyber-enabled fraud, with it instead dealt with under fraud offences.
A person who, by any deception, dishonestly obtains property belonging to another, or obtains any financial advantage or causes any financial disadvantage, is guilty of fraud, as per section 192E of the Crimes Act 1900 ( NSW).
Dishonestly is judged according to the standards of ordinary people, whereas deception is defined as any intentional or reckless deception, by words or other conduct, as to fact or as to law.
The deception involved may be regarding the intentions of the offender or any other person.
It also may be conduct by a person that causes an electronic device such as a computer or other machine to make a response that the person is not authorised to cause it to make.
Obtaining financial advantage includes doing so for oneself or for another person and inducing a third person to do so, whether the financial advantage is permanent or temporary.
The same applies for causing a financial disadvantage.
A maximum penalty of 10 years imprisonment is applicable.
This offence is classified as a 'table 1' offence which means that it will be dealt with summarily in the Local Court, unless the prosecutor or accused person elects to take it to the District Court.
In the Local Court, the maximum penalty applicable is instead limited to 2 years imprisonment and/or an $11,000 fine for a single offence.
