Scam Numbers are Down But Costs Are Up, New Data Shows
At first glance, it might seem like good news: according to the latest statistics from Scamwatch, the number of reported scams in Australia dropped by 24% in the first five months of the year compared to the same period in 2024. But there’s a catch. The total financial losses increased by 28%.
These troubling new statistics could spell serious disaster for Aussie small businesses, which are frequently in the line of attack for cybercriminals.
Akshaye Kalkura, virtual Chief Information Security Officer at BizCover, gives his thoughts on this numbers and suggests ways that SMEs can protect their businesses from the fallout of a potential cyberattack.
What the latest Scamwatch data tells us
Scam activity is down in volume, but not in severity. This trend points to a shift in tactics: cybercriminals are becoming more selective, relying on quality over quantity. Below, we take a closer look at the data to find out what new trends are shaping the cybersecurity landscape in Australia.
Overall scam reports are down, but costs are up
From January to May last year, 119,876 reports were made and the combined monetary loss equalled $114,819,743.
Compare this to the same reporting period in 2025, which totalled 90,108 reports but had a combined loss of $147,246,100.
In short: there were fewer scams reported, but the price tag per scam has gone up dramatically.
The biggest jump was in May, where 24,299 reports were made in 2024 but only 17,878 reports made in 2025 (down 26%). The combined loss for May 2024 was $22,042,153, compared to May 2025 which saw a 28% increase to $28,366,511.
“This shows that scams are no longer a numbers game,” says Kalkura. “Cybercriminals are focusing on more personalised, high-impact attacks. And small businesses are especially vulnerable because they often lack the budget and resources of larger companies that can afford to invest more heavily in cybersecurity.”
Phishing scams continue hooking victims
The biggest increase in reported losses came from phishing scams. Phishing scams are a type of social engineering attack where criminals attempt to gain access to confidential information, restricted systems or resources by manipulating their targets.
In a phishing scam, a cybercriminal will typically send a fraudulent email or text message that appears to be from a legitimate source – such as an employer, a bank or a teleco. The goal is to trick the target into clicking a dodgy link or sharing sensitive information by making them think the request is from a reputable source.
“Phishing emails have become harder to spot,” Kalkura says. “All it takes is one wrong click, and the consequences to your business can be severe.
Kalkura continues, “Phishing attacks could be the reason why we’re seeing less scams but higher financial impacts. Phishing scams are often low effort but high reward, especially with more and more cybercriminals using AI tools to create highly targeted attacks.”
From January to May 2024, 49,544 phishing scams were reported which accounted for $5,621,436 in financial losses.
During the same 2025 reporting period, there were 30,149 reports which accounted for a staggering $14,579,089 in financial losses.
Out of all the reported scams to do with ‘attempting to gain a person’s information’ (which includes phishing, identify theft, hacking and remote access scams), phishing is above all the most common and the most costly.
Social media scams are on the rise
Social media has become a part of most Australians’ lives. Whether it’s simply scrolling through news feeds, watching short clips or seeing what friends and family are up to, many of us don’t go a single day without switching on to our socials.
However, data from Scamwatch has revealed that social media scams have increased in 2025 compared to 2024.
From January to May 2024, there were 7,175 reported social scams that cost Aussies $21,878,914. In the same 2025 timeframe, these figures jumped up to 9,081 reported cases and a total cost of $30,770,360.
This is a 26% increase in reported numbers and a 41% jump in financial losses. One of the reasons may be because social media scams are often disguised as ads or messages from trusted brands or friends. In that kind of relaxed environment, it can be easy for people to let their guard down.
“Small businesses are using social media more and more to promote themselves. But this could potentially open them up to scams and cyber risks,” says Kalkura.
He continues, “With about 20 million Aussies using social media, I think we’re only going to see an increase of scams on these platforms.”
How scams are evolving
Looking closely at this data, it seems that scams are getting smarter and more targeted, and therefore more costly for victims. Cybercriminals are no longer casting out a wide net and hoping to snag a couple of unlucky victims out of thousands or millions. Today’s scams are tailored, convincing and, what’s more, they’re increasingly being powered by technologies like artificial intelligence (AI).
“AI is making it easier for cybercriminals to launch more convincing and targeted attacks,” says Kalkura. “What used to take a lot of time and skill, like designing personalised phishing emails or mimicking someone’s voice, can now be done in a matter of moments using AI tools.”
This gives even low-level scammers the power to bypass defences and trick people more effectively. The result is shown in the Scamwatch data: A higher chance of success for cybercriminals, and a much bigger financial hit for victims.
Why your business may be more vulnerable than you think
“Scams in 2025 are more targeted, more polished, and often timed to catch people off guard; like first thing in the morning when business owners are getting ready for the day and checking their emails,” says Kalkura.
Many small businesses may not see themselves as a target for cybercriminals, but this is a common misconception. In fact, small and medium businesses are often seen as a much ‘softer’ target than larger organisations because they generally lack the same resources as big companies when it comes to cybersecurity.
“Small businesses handle customer data, credit card information, payroll records – and all of that has a very high value on the black market,” says Kalkura. “This can make them an attractive target for scammers.”
Cyber Liability insurance can give you peace of mind
However, even with the right cybersecurity measures in place, small businesses can still fall victim to cybercrime. That’s where Cyber Liability insurance can come in handy.
Cyber Liability insurance is designed to help protect you from claims and support your profitability in the event of a cyber breach or attack. Costs associated with defending a cyber claim are also covered. Examples of the types of risks Cyber Liability insurance can assist with are unintended loss or release of customer personal information, cybercrime, cyber extortion/ransomware and business interruption due to a cyber event.
BizCover’s platform allows you to get multiple Cyber Liability quotes from some of Australia’s leading insurance providers. It’s quick, easy, and you can get covered in minutes.
For on the go cover, go BizCover.
© 2025 BizCover Pty Limited, all rights reserved. ABN 68 127 707 975; AFSL 501769
This information is general only and does not take into account your objectives, financial situation or needs. It should not be relied upon as advice. As with any insurance, cover will be subject to the terms, conditions and exclusions contained in the policy wording or Product Disclosure Statement (available on our website). Please consider whether the advice is suitable for you before proceeding with any purchase. Target Market Determination document is also available (as applicable). © 2025 BizCover Limited.
