- Cyber Security
- Social Media
- Home Affairs
- Scam Prevention
- Consumer Safety
Department of Home Affairs data shows 9 in 10 Australians aged 18-24 have identifiable details online that scammers use to craft convincing approaches.
Home Affairs Data Connects Public Profiles to Scam Exposure
The Department of Home Affairs has released figures linking publicly available social media information to a measurable rise in cybercrime risk for Australians. Reporting from SecurityBrief Australia indicates the research shows criminals can use details from public profiles to guess passwords, answer backup security questions, and impersonate trusted contacts in fraudulent calls and messages.
The findings sit alongside the department's Act Now. Stay Secure campaign, which is urging Australians to tighten privacy settings and review the personal details visible on their accounts. National Cyber Coordinator Lieutenant General Michelle McGuinness said information posted casually online frequently overlaps with the same details people use to secure accounts and verify their identity.
What the Reports Describe About Australian Habits
The Home Affairs data sets out a clear pattern of overlap between what Australians share and what they use to protect accounts. According to the figures, 30 percent of Australians use personal information in their passwords, and 55 percent reuse the same password across multiple accounts. Two in three respondents said a cybercriminal could identify sensitive information from their public social media posts within minutes.
Family and location details are among the most commonly exposed categories. The research reports that 29 percent of Australians disclose family members' names on public-facing profiles, 23 percent reveal their residential suburb, and 18 percent list their mobile phone number. Almost six in 10 Australians do not regularly review their privacy and location settings, including app permissions covering device cameras and microphones.
Younger adults appear most exposed. Nine in 10 Australians aged 18 to 24 were found to carry identifiable details online, a figure the department flags as a particular concern for impersonation-style approaches.
Pattern and Context for Phone-Based Scams
The connection between social media oversharing and phone scams is direct. A scam call or SMS that references a target's suburb, a relative's first name, or a recent purchase is far more persuasive than a generic script. Community reports submitted by contributors on Reverseau frequently describe scam callers who already know the target's first name, employer, or local area, details that often originate from openly visible profile information rather than data breaches.
Mobile numbers listed publicly add another layer of risk. When a number is searchable, it can be paired with other profile details to build a dossier used in impersonation calls claiming to represent a bank, the Australian Taxation Office, Services Australia, or a delivery service. Password reuse compounds the problem, as a single breach can unlock several accounts when the same credentials appear across services.
McGuinness said many Australians overlook the significance of what they publish. She noted that names of children and pets often appear on public forums and then reappear in passwords or backup security answers, giving criminals a shortcut into accounts.
What Australians Should Do to Reduce Exposure
The department's guidance, reflected in the SecurityBrief Australia report, points to several practical steps:
- Set social media profiles to private and review who can see posts, photos, and contact information.
- Remove your mobile number from public bios and consider whether your suburb, workplace, or daily routine needs to be visible.
- Use long unique passphrases for each account rather than reusing a single password across services.
- Avoid using family names, pet names, birthdays, or suburbs in passwords or backup security questions.
- Review app permissions for camera, microphone, contacts, and location access, and revoke anything not actively needed.
- Install software and operating system updates as soon as they are available.
- Treat unsolicited calls cautiously even when the caller knows personal details, since that information may have been gathered from public profiles rather than a legitimate source.
How to Report Scam Calls and Check Numbers
Australians who receive a suspicious call referencing personal details have several reporting options. Scamwatch, operated by the National Anti-Scam Centre, accepts reports at scamwatch.gov.au and tracks national patterns. Suspicious SMS messages can be forwarded to ACMA on 0429 999 888. ReportCyber at cyber.gov.au handles incidents involving account compromise or cybercrime, and IDCARE supports Australians whose identity information may have been misused.
Before returning an unfamiliar call, contributors can search the number on Reverseau to review community reports and check whether the same number has been linked to impersonation patterns by other Australians. Adding a community report after receiving a suspicious call helps build the shared signal that allows others to recognise the same script or caller behaviour. Combined with tighter privacy settings on social media, that community layer reduces the raw material scammers rely on to sound credible.