Australians warned over social media clues aiding scammers
The Department of Home Affairs has released data linking public social media oversharing to cybercrime risks in Australia. The findings suggest personal details shared online can help criminals access accounts and refine scam attempts.
The research shows cybercriminals can use information from public profiles to guess passwords, answer backup security questions and impersonate trusted contacts in fraudulent messages. It also highlights a broad overlap between the information Australians share publicly and the details many use to secure their online accounts.
The figures show 30% of Australians use personal information in passwords, while 55% reuse the same password across multiple accounts. At the same time, two in three said a cybercriminal could identify sensitive information from their public social media posts within minutes.
Family details feature prominently among the exposed information. The data found that 29% of Australians disclose family members' names on public-facing social media profiles, while 23% reveal their residential suburb and 18% list their mobile phone number.
Younger adults stand out in the figures, with nine in 10 Australians aged 18 to 24 found to have identifiable details online.
The data also highlights gaps in account and device security practices. Almost six in 10 Australians do not regularly review their privacy and location settings, including app permissions that allow access to a device's camera and microphone.
Digital breadcrumbs
Through its Act Now. Stay Secure campaign, Home Affairs is urging Australians to lock down public social media profiles, review privacy and location settings, use strong and unique passphrases across accounts and install software updates. It says these steps can reduce the risk of account compromise and make it harder for scammers to craft convincing approaches.
Lieutenant General Michelle McGuinness, National Cyber Coordinator, said personal information posted casually online could create openings for criminals.
"People often overlook the importance of the information they publish online. Many put their kids' and pets' names on public forums and then use those same names in passwords or for backup security questions."
"It is critical we talk about cyber security with our friends and family, particularly those who may have less experience online."
"Having these simple conversations with the important people in our lives is just as important as everyday safety precautions, like reminding a friend to put on a seatbelt or wear a helmet, to help keep us all safe online," McGuinness said.
The warning reflects wider concern among officials that scammers are using publicly available personal details to make contact appear genuine. Messages that include a suburb, a relative's name or another recognisable fact can be more persuasive and may lower a target's guard.
That risk increases when the same details are used in passwords or account recovery prompts. Reused passwords add another layer of exposure, as a breach affecting one account can leave several others vulnerable if the same credentials are used elsewhere.
Privacy settings are another focus. Public-facing accounts can expose information not only through posts and biographies, but also through location tags, linked contact details and app permissions that users may not revisit after setting up their accounts.
For younger Australians, the findings suggest a particularly high level of visibility online. With nine in 10 people aged 18 to 24 carrying identifiable information on the internet, the data points to a group that may face greater exposure to impersonation and targeted scams.
The department's message is that small security changes can reduce the amount of material available to criminals. The figures underline how ordinary profile details, when combined, can form a useful dossier for attackers seeking to sound credible or gain access to accounts.