Most people don't report being victims of cybercrime because they think they can deal with the problem themselves, or think it's not serious enough, or don't know where to report.
The result is that cybercrime goes hugely under-reported across Australia.
And people who are socially isolated are more likely to be vulnerable to online financial exploitation and scams because they have fewer trusted options, such as family members, from whom they can seek advice.
During a survey by the Australian Institute of Criminology of 13,887 computer users conducted in February and March this year, one in three respondents said their information had been exposed in a data breach.
"Online forums, pornography websites, online gambling, dating websites, online gaming and online purchases are all associated with fraud and scam victimisation," the report found.
The AIC's inaugural report is aimed at providing a clearer picture of the extent of cybercrime victimisation, help-seeking and the harm that this crime type generates.
Three major hacks occurred last year at Optus, Medibank Private and AHM which exposed the private information of millions of Australians. These events thrust this low-risk, high-return criminal enterprise to the forefront of public awareness.
AIC acting deputy director Anthony Morgan said the number of people who had been exposed to a data breach this year was a big increase on what had been recorded previously.
The researchers found high internet use exposed more people to malware, and common victims were often linked with negative life events such as divorce, the death of a family member or close friend, injury or illness in one's family and job loss.
"Motivated [cybercrime] offenders exploit the susceptibility of victims through manipulation, persuasion and coercion, making it hard to distinguish legitimate from illegitimate exchanges or determine whether a scenario is likely to be harmful," the research found.
The COVID-19 pandemic and the transition to working from home created ideal conditions for cybercrime to fester and grow further. Many small business operators used their home internet connections and personal devices and "this increased the accessibility of targets while simultaneously lowering capable guardianship".
Three dominant forms of cyber victimisation were studied: those who had been victims of identity crime and misuse (28 per cent of those surveyed), victims of malware (22 per cent), and victims of fraud or scams (10 per cent). Risky online behaviour, such as online gambling and visiting sexually explicit adult websites, was associated with all three forms of victimisation.
"The source of risk might not be the platforms themselves but the opportunity they create for malicious actors to exploit them," the research found.
"Offenders may lure victims off legitimate platforms onto platforms with lower levels of monitoring (and therefore guardianship) to ask for personal information or money or to send malicious links.
"Malicious actors may also trick online shoppers by sending scam text messages pretending to be from couriers and post office companies. These scams proliferated during the COVID-19 pandemic."
Victims of cybercrime can report online at www.cyber.gov.au/acsc/report and victims of scams can report via Scamwatch at www.scamwatch.gov.au.
