A lot of our collective efforts – Sophos’s, Naked Security’s, and yours – are aimed at helping friends and family stay safe online.

It’s a never-ending battle, because even the cautious user is at risk, for example when a new zero-day exploit appears.

Zero days, remember, are security holes that the Bad Guys work out how to abuse before the Good Guys have a patch available.

Zero days don’t always win the day, of course.

They can often be defeated before a patch is ready by proactive security defences such as anti-virus, web and email filtering, and network intrusion prevention.

But if a zero-day does get the better of your defences – especially at home, where your “IT department” may consist entirely of intermittent favours from friends – then you may end up with a cybercrook in remote control of your computer.

Worse still, you may have done nothing risker than browsing to a legitimate website that you’ve used before perfectly safely.

What about “obvious” scams?

With this in mind, it’s easy to be dismissive of people who fall victim to cyberscams that a well-informed user might consider obvious, for example:

• Unlikely-sounding fake invoices that arrive as attachments in emails, written in illiterate English, from people you’ve never heard of.
• Job offers that ask for no “skills” other than a willingness to process payments for a third party.
• Security “warnings” claiming to be from a reputable organisation, urging you to login via a website that clearly doesn’t belong to the company mentioned in the email.
• Notifications that you’ve won an extravagant sum in lottery you didn’t enter, asking you to pay some sort of release fee so that your “winnings” can be remitted.

Nevertheless, those who fall for scams of this sort are almost always guilty of nothing more than a regrettable combination of naivety, uncertainty and vulnerability.

Victims are just that: victims

The victims are just that: victims, whose lives are often turned upside down once cybercrooks get hold of them.

Well, here’s an initiative aimed at helping turn the tables on the crooks.

This week (16 June 1024 to 22 June 2014) is National Consumer Fraud Week in Australia, driven by the Australian Competition and Consumer Commission (ACCC), a public service body that goes into bat for Aussie consumers like the FTC does in the United States.

This year’s Fraud Week theme is: KNOW WHO YOU’RE DEALING WITH.

The facts are clear: cybercrime victims are more likely to lose money, and likely to lose more of it, once they are lured into any sort of personal contact with their scammers.

Indeed, the ACCC has just published its 2013 Targeting Scams report, together with a neat infographic for those in a hurry.

Here’s some in-your-face data from the infographic:

Those are the top ten scams reported by type, accounting for losses of about AU$70,000,000 in 2013. (There are only about 25,000,000 people in Australia, children included.)

But notice that the losses from offences we’d perhaps most directly associate with cybcercrime – phishing, hacking and dodgy online merchants – account for only about $10m of the total.

The lion’s share, totalling more than $50m (and those are known losses), are from internet-enabled crimes in which the crooks actually make contact with their victims and work them over from afar, perhaps for months or years.

Of the 2777 people who reported getting caught up in romance scams in 2013, for example, 43% actually ended up sending money, with a mean average of $21,000 coughed up over time once the victim was on the hook.

Surely they realised?

You may be incredulous at this point, asking yourself, “Surely they realised? After the third time their loved one failed to board the flight they’d just paid for, didn’t they rumble that it was a scam?”

But they did not, which is not itself a crime.

And even if they were suspicious, it may well be that their own circumstances – for example: loneliness; vulnerability; an overly trusting nature – caused them to cling to their dreams for a lot longer than they ought to have.

That, too, is not a crime.

(Remember also that the longer a victim has been scammed, the bigger the crash, emotional and financial, when they finally accept that their dream is a nightmare.)

Rather than come up with our own advice, we thought we’d repeat the Top Five tips from the ACCC:

Click on the image above to go to the scamwatch.gov.au website

Take heed of that first sentence above.

It’s an easy-to-remember elevator pitch that is written in plain and unambiguous English:

If you meet someone online and they ask for any money, big or small, you are dealing with a scammer.

No perhapses! No maybes! No buts!

Follow @duckblog