“If you look at the platforms they don’t put anywhere near enough effort into supporting their users because it’s just a cost to them and they like making profits,” he said. “We’re failing at every level when it comes to micro and small businesses, who rely on these channels.”
Phair said it was relatively easy for platforms to reclaim hacked accounts, but they were unwilling to resource the teams required to do it.
The phishing emails are often sent during the early evening and on weekends when the recipients are likely to be less vigilant.
For Michelle and Craig Tindale, the operators of True North Candle Collective, based in Noosa on Queensland’s Sunshine Coast, the message came as they were preparing to go out for dinner.
Like Spark, Tindale had clicked on a link in an email claiming to be from Instagram that claimed her business page had violated copyright laws.
After weeks of unsuccessfully attempting to reclaim the account, the couple gave up and opened a new profile.
“I’ve always said if my name was Kim Kardashian or Chris Hemsworth, I guarantee this would have been dealt with much quicker,” Tindale said.
A spokeswoman for Meta said users could verify emails by accessing a support inbox, which contained all of Meta’s official correspondence about their account.
“Online phishing techniques are not unique to Meta, and we will never request your password via email or direct messages,” she said.
Cybersecurity expert Guy Yunghanns said users failing to secure their online accounts were collectively “fueling this global criminal industry”.
Australians lost almost $300 million in scams since the beginning of the year, with phishing through messages and phone calls being the most widely reported scam nationwide, according to data from the Australian Competition and Consumer Commission.
In a bid to address rising rates of online crime, AFP last year established Cyber Command, a specialized unit that investigates matters such as compromised business emails and ransomware attacks.
AFP Assistant Commissioner Justine Gough said the unit had prevented millions of dollars from falling into the hands of criminal syndicates but added that ransomware attacks were probably underreported.
Gough said that in the same way that people needed to lock their doors and windows, they also needed to take steps to protect information online.
“The reason phishing scams are so prolific is that that’s a way to open a door to obtain personal banking details and steal money,” she said. “We really do need to ensure that we’ve got the hygiene or the discipline in the use of our devices and technology.”
This includes backing up files, using sophisticated passwords, and enabling multifactor authentication – an electronic verification method that needs two or more pieces of evidence of users’ ties to the account – on devices.
Other ways to avoid becoming the victim of a phishing scam include logging onto social media platforms using the app or typing the URL into a browser.
The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.