My accountGet Surfshark
Research
Digital democracy
Cybersecurity
Chart of the week
About research hub
Published:Apr 8, 2025

Cybersecurity|Cybersecurity statistics

Email scams boom in Australia: $300M lost this decade

Forget dodgy phone calls as scammers have a new favorite tool: email. How big is the shift in Australia? Our Chart of the Week reveals the full picture!

Key insights

  • According to Scamwatch data, email emerged as the leading contact method for Australian scams in 2024, with nearly 91,000 reports highlighting its use. This trend is continuing into 2025, with almost 18,000 reports already identifying email as a contact method, making it also the top choice so far this year. Earlier in the decade, starting in 2020, scammers used text messages and phone calls as the main channels.
  • This shift aligns with findings from the Global data breach statistics by Surfshark, which highlights a noticeable surge in breached accounts in Australia — from approximately 4 million in 2023 to over 47 million in 2024. Every breached email account is considered as one breached user/account.¹ Since 2020, more than 86 million Australian accounts have been compromised. This may enable scammers to reach a large number of potential victims. On average, this means each Australian has experienced about three data breaches between 2020 and 2024.
  • Since 2020, nearly 300 million dollars have been reported lost to scams where email was the contact method. Males account for 60% of the total amount lost, while females account for 40%. The most vulnerable age group for males was 65 and over, with nearly 67,000 reports and 63 million dollars lost. Similarly, females 65 and over are also highly at risk, with around 45,000 reports and 26 million dollars lost. However, the 45-54 age range for females is particularly at risk in terms of financial loss, with 19,000 reports — less than half the number of reports compared to females in the 65 and over range — but resulting in a 29 million dollar loss.
  • The leading scam by financial loss this decade has been the investment scam, accounting for nearly half of the total losses from all scam types where email was the contact method. Criminals impersonate legitimate investment and finance companies, using convincing marketing and new technology to make their investments sound too good to miss.² However, this could be because investment scams tend to result in remarkable losses per report, while other types of scams might be underreported due to causing lower financial damage. Other scam types in the top five by financial loss include false billing (28% of total losses), classifieds, online shop, and romance (each accounting for approximately 4% of total losses).
  • Although investment scams are associated with the highest financial losses, email is not the primary contact method for these scams. The majority of reports indicate that scammers mainly use phone calls, followed by social media and online forums, with email being the third most common method. Regardless of the contact method, New South Wales stands out among the six states with the highest number of reports on investment scams per 100,000 people, at a rate of 141. Additionally, New South Wales leads in financial losses, with an absolute loss of over 330 million dollars attributed to these scams, and it also has the highest number of these reports since 2020.

Methodology and sources

The data was sourced on April 1, 2025 from a Scamwatch dashboard, based on reports submitted to the Australian Competition and Consumer Commission through web forms and phone calls. Scamwatch, under the guidance of the National Anti-Scam Centre, works across government and the private sector to safeguard Australians from scams. Our study covers the period from January 2020 to February 2025, with a particular focus on data filtered by the “Email” contact method. It explores various dimensions, including financial losses, types of scams, locations as well as demographics of complainants such as gender and age range.

Additionally, the study provides insights on Australian breached accounts from 2020 to 2024, using data from the Global data breach statistics by Surfshark. A data breach is characterized by the unauthorized copying and leaking of user data such as names, surnames, email addresses, passwords, etc. Our partners record the actual time of the breach instead of when it becomes public.¹ As a result, historical numbers may be updated as new cases are reported.

For the complete research material behind this study, visit here.

Data was collected from:

Scamwatch (2025). Scam statistics;Surfshark (2025). Global data breach statistics; Australian Bureau of Statistics (2025). National, state and territory population.

References:

¹ Surfshark (2025). Global data breach statistics. Methodology;² Scamwatch (2025). Investment scams.
The team behind this research:About us

Related articles:

Healthcare cybersecurity challenges
Cybersecurity statistics | Mar 18, 2025

Healthcare cybersecurity challenges

Surfshark's analysis shows that in 2024, over 80% of U.S. healthcare data breaches were due to hacking/IT incidents. These breaches disrupt care, endanger patient safety, and highlight the urgent need for stronger cybersecurity.
Record number of ransomware attacks in January 2025
Cybersecurity statistics | Mar 12, 2025

Record number of ransomware attacks in January 2025

In January 2025, the number of attacks reached 590, nearly 5 times more than January 2022 and 34% higher than the 2024 monthly average of 440.
Stay safe: guard your payment cards this holiday season
Cybersecurity statistics | Nov 26, 2024

Stay safe: guard your payment cards this holiday season

The collected data reveals approximately 5.7 million payment card data points compromised worldwide since 2004. The US has the highest breached payment card details rate among major economies.