HomeWebinarCard
Log in

NAB Personal Cyber Security Webinar

March 12, 2026|12:00 PM AEDT|Past event

Australian banks prevented A$385 million in customer scam losses last year alone, yet AI-powered deepfakes of celebrities and bank experts are driving a 15 percent surge in social-media investment fraud as 2026 begins.

Key takeaways

  • Social-media and website origins accounted for 70 percent of investment scams, which rose 15 percent in the second half of 2025 versus the first and remain the single largest source of individual financial losses.
  • National reported scam losses dropped 26 percent to A$2 billion in 2024 after voluntary bank payment-confirmation standards, but 2025 saw rebounds with A$174.8 million lost in the first half and A$7.1 million reported to one consumer service in the final quarter alone.
  • Human-targeted social engineering, amplified by AI tools and infostealer malware that exposed tens of thousands of banking credentials, has re-emerged as the dominant vulnerability, outpacing both technical defences and new organisational regulations.

Personal Scam Threats Surge

Criminals are refining tactics that exploit the intersection of everyday banking, social media and personal trust. Investment scams promising shares, crypto or high-yield deposits now routinely open with fabricated endorsements generated by AI, including deepfake videos of prominent Australians. NAB data show these social-media-initiated attacks increased 15 percent between the first and second halves of 2025, with 70 percent of cases starting on platforms or fake websites.

The banking sector sits squarely in the crosshairs. Impersonation emails, fake support chats that install remote-access tools, and malware harvesting login details continue unabated. Researchers identified more than 30,000 compromised Australian banking passwords circulating on criminal marketplaces between 2021 and early 2025, while nearly 100 staff credentials from the big four banks were also stolen and traded. NAB responded by assisting in the removal of almost 600 impersonating websites in 2024 and by deploying real-time payment alerts, yet the underlying volume of attempts has not subsided.

National figures illustrate both progress and fragility. After industry-wide confirmation protocols helped cut reported losses by 26 percent to A$2 billion in 2024, 2025 brought partial reversals: investment scams alone exceeded A$128 million in the first nine months, phishing losses jumped sharply, and certain groups—those speaking English as a second language and First Nations Australians—experienced even steeper rises in loss reports. One frontline service recorded A$7.1 million in victim losses for October–December 2025, with many facing ongoing bank or tax debts stemming from the initial fraud.

Non-obvious tensions complicate any simple fix. Banks have invested hundreds of millions—NAB alone spent A$900 million on fraud and cyber defences in the year to September 2025—and now share real-time intelligence with government agencies, yet they cannot control the social platforms where most scams germinate. Customers must still verify unsolicited contacts themselves, creating friction with the frictionless digital experience they have come to expect. New national rules under the Cyber Security Act focus on organisational ransomware reporting and smart-device standards, leaving the human layer—the element most exploited by AI-enhanced social engineering—largely unaddressed by regulation.

Sources

You might also like

We use cookies to measure site usage. Privacy Policy