See if your information has been exposed in a data breach with our latest free tool Check Now
Cyber crime

How to Report a Cyber Crime in Australia

Niek Dekker
4 Min

It can be frustrating and stressful when dealing with a cyber incident. Once you suspect you have fallen victim to a cyber-attack, you must follow the necessary steps when reporting a cybercrime.

If you suspect your bank accounts have been infiltrated by external perpetrators resulting in the loss of assets (personal information, funds, etc), then legally you are required to report cyber security incidents to the Australian Cyber Security Centre (ACSC).

Critical infrastructure companies are legally bound to notify the ACSC within 12 hours if the event is having a major effect on the asset’s availability, integrity, or reliability of the asset.

In this blog, we take you through how to report a cyber crime as an organisation in Australia, and provide you with Australian government bodies to which you should report.

How to Report a Cyber Crime

Depending on who you are reporting on behalf of such as an individual, business, organisation, government department or agency, there are various sources to report cybercrime. For instance, as a business or an organisation you can report the following:

Reporting a cyber crime to law enforcement

Once you identify a data breach, you should immediately contact and report the cyber incident to the Police by calling 000, or your local police station.
After you made contact, make sure you have the following information ready for the authorities to best help with your situation:

  • Your Australian Business Number (ABN) or Australian Company Number (ACN)
  • Details of the cyber incident including, dates, times, financial transactions, what data was lost, any information about the cyber criminal, addresses, emails, devices affected like computers, laptops or work phones and description of the attack
  • Documents or images that can help with the situation

Alternatively, you can contact Crime Stoppers Australia at 1800 333 000 or file an online report on the Crime Stoppers webpage.

phone-calling-000-911-police

Reporting a cyber security incident to the Australian Cyber Security Centre

Under the Security of Critical Infrastructure Act 2018, Part 2B regulated entities who have undergone a cyber security incident have a responsibility to provide a relevant Commonwealth body with a report about the incident.

Once you identified a cybersecurity incident that has occurred, you must notify the ACSC within 72 hours after you become aware. You can report cyber security incidents on the ReportCyber page or contact the Australian Cyber Security Hotline at 1300 292 371.

On the ReportCyber page, you will need to provide the following:

  • Contact details
  • Organisation details
  • Incident details
  • Description of the incident
  • Any other relevant information regarding the incident

In addition, organisations and critical infrastructure entities can provide further information on the following:

  1. Cyber crime that involves email, internal fraud or identity fraud (a high-impact vulnerability that can affect several users)
  2. Cyber security incidents that may have exposed your website or network
  3. Any data breaches that may involves clients or third-party suppliers
  4. Cyber security vulnerabilities

Reporting a scam to the ACCC (Scamwatch)

If you are not sure about where the scammers are from or if scams are occurring overseas or interstate, you can report the scam to the Australian Competition & Consumer Commission (ACCC) website by completing a scam web form.

Why should you report a scam? Organised cybercrime syndicates are known for sharing information and resources with other organised criminals on targeting individuals and businesses.

Reporting a scam will assist the ACCC with providing government bodies and law enforcement intelligence about scam activities.

For more information on when or where to report fraud, you can do so by visiting the Commonwealth Fraud Prevention Centre webpage.

When NOT to Report Cyber Crime

According to the ACSC, you should NOT report a cybercrime when:

  • There is a court order against the suspect
  • You receive a scam or prank call and there was no loss of personal information or loss of funds
  • When the crime is not a cyber crime but a physical crime such as a stolen computer or credit card (contact the Police)

how-to-report-to-cyber-crime

How Eftsure Can Help

Many of us at some point may find ourselves falling victim to cybercrime and reporting the aftermath can be a costly, daunting and stressful experience.

Nevertheless, once you have identified a cybercriminal has gained unauthorised access to your network systems, you must act swiftly and efficiently. By reporting cyber-crime not only are you helping law enforcement agencies, but you are helping other organisations who may become potential targets.

While the damage has been done, cyber-criminals may come after you again. To avoid becoming a victim again, CEOs and CFOs need to accept responsibility and ensure the organisation’s online safety, as well as their employees and customers by implementing preventative measures.

With Eftsure integrated into your accounting functions, each outgoing payment is examined in real-time. You can verify payments and investigate to ensure that they are being sent to the intended legitimate third party. This helps you mitigate the risk of severe cyber threats.

Contact Eftsure today for a full demonstration of how we can protect your business.

BEC Incident Response Guide for Finance Teams
Learn how to respond to a Business Email Compromise attack by following the necessary steps.

Download the Business Email Compromise (BEC) Incident Response Guide today to strengthen the odds of recovering your funds following a BEC attack.

Related articles

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.