D. Lacey1*, C. Cross2
1 Centre for Human Factors & Sociotechnical Systems, University of the Sunshine Coast
2 School of Justice, Queensland University of Technology
*corresponding author: email@example.com
Telephone scams and phishing emails represent the most prominent scamming method impacting Australia today (ACCC, 2016; IDCARE, 2016). A growing scam involves convincing telephone call recipients that the Australian Taxation Department accepts iTunes vouches for unpaid tax debt. The consequences for individuals confronting these scams and their many variants can be severe, including anxiety, distrust and disengagement. Two years since the public launch of IDCARE, Australia and New Zealand’s National Identity and Cyber Support Service, it can be revealed that the vast majority of individuals that engage IDCARE who have fallen victim to scammers are the ones to first detect that they have been scammed. Despite this finding, little is understood about what actually triggers individuals to come to the realisation that they have participated in a scam. Using data obtained from victims who contacted IDCARE, this paper examines the attributes of scams, engagement signalling and associated system influences that victims revealed shaped their realisation and response. The results of this analysis provides valuable insights for scam prevention and awareness messaging as well as the relevance of contemporary response measures adopted by organisations whose brands are used by scammers as part of their rouse.
Dr David Lacey is a Senior Research Fellow at the University of the Sunshine Coast and Managing Director of IDCARE (@idcareAUNZ). Dave’s teaching and research interests relate to identity security, cyber crime and the human factors of crime prevention and response. He has spent fifteen years working across Australia’s national security community in responding to threats targeting Australia’s identity infrastructure. Dave engages heavily in community awareness raising across Australia and New Zealand, and advises Government and industry on how to implement consumer-centric practices in anticipating and responding to identity and cyber-related threats.