22 January 2024

Government grilled over cyber counterattack plans after latest scam catches out online shoppers

| Chris Johnson
Join the conversation
Cyber security IT engineer using keyboard

Tens of thousands of Australians have fallen victim this week to a new online shopping cyber scam. Photo: File.

Prime Minister Anthony Albanese has been forced to tackle more questions on what the government is doing about online security and cyber attacks, in light of a recent spate of sophisticated scams catching thousands of unaware Australians.

About 20,000 shoppers fell victim this week to a new scam, known as ”credential stuffing”, which fooled them after big-brand retailers were hacked.

Credential stuffing uses previously stolen passwords to access numerous websites.

Some of the country’s most popular outlets were targeted, such as Dan Murphy’s, Guzman and Gomez, and Binge.

Victims of the attacks have been largely shoppers who have saved their credit card or gift card details on company websites and who use the same log-in details for other online shopping sites.

During numerous media appearances and interviews, the Prime Minister was grilled about the cyberattacks and what his government could do about countering them.

READ ALSO First cadre of Royal Australian Navy officers qualify as nuclear power operators

“We have a National Cybersecurity Strategy, we have a Cybersecurity Minister, which those things weren’t in place before we were in office,” Mr Albanese said during one press conference.

“We have provided significant support for the Australian Signals Directorate. We also are conducting a significant campaign about education as well – telling people, make sure that you don’t click on a link which is there, which can open you up to vulnerability.

“But when it comes to the targeting of businesses as well, we’ve had roundtables that I’ve attended and helped chair personally, along with [Cybersecurity Minister] Clare O’Neil, with the business community, including all the peak organisations, but also the finance sector, but also industry organisations as well.

“Cybersecurity is a threat. There are three main things that we have to worry about when it comes to our national security.

“One is pandemics; second is cybersecurity; third, of course, is, unfortunately, conflict we’re seeing play out. In addition to that, of course, climate change is a national security issue as well.”

But when asked in a separate radio interview whether the government might look to implement laws similar to those in the United Kingdom, where the onus is on banks to make sure they’re not handing over their customers’ money to scammers, the PM wasn’t so bold.

READ ALSO Labor under the pump to take the (cost of living) pressure down

In the UK it’s much easier than it is in Australia to get your money back from the bank if you’ve been scammed online.

“It is a huge issue,” Mr Albanese said.

“And Stephen Jones, the Assistant Treasurer, has been holding forums right around the country, getting input, getting ideas …

“This is a scourge with so many vulnerable people being ripped off who’ve acted in absolutely good faith and we need to make sure that they are protected …

“Banks tend to not send spontaneous links to people and the tax office the same thing. And that is very important, that people be protected.

“But we’ll look at any measures that are possible in order to protect consumers, because that’s our priority.

“I haven’t examined the UK model, but I know that Stephen Jones is having a comprehensive look at what further measures can be taken in order to protect consumers.

“The cyber issue is important for individuals and we know as well it’s important, cybersecurity, for companies as well, with some of the hacks that have occurred from both domestic, but importantly as well from foreign sources, that represent a real threat to us and to our economic security.”

Join the conversation

All Comments
  • All Comments
  • Website Comments

The message has been the same for decades. If you get scammed at this point, I feel like you deserve it.

Nothing new about this, just the media waking up to an existing issue. This why it has been strongly recommended for years that people use different passwords for different sites, particularly strong passwords.

That’s definitely a fair point. The keywords from the article are “credential stuffing”. These attacks work because people reuse login details between different sites. No amount of cybersecurity policy by any government is going to fix that – that is a problem with people’s own behaviour and it is up to individuals to change their behaviour. Reusing a password between sites is a terrible idea. Tools are available now that will help people not do this. People need to start using them. You could argue that online services should do more, and you’d not necessarily be wrong, but you should also do your part to help limit the damage from these attacks.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.