Close this search box.

Top cyber threats for consumers and small business as 2021 winds down


Phishing, investment scams, and invoice are all among the key cyber threats that continue to plague consumers and small business in the latter part of 2021.

A crazy year may be drawing slowly to a close, but the actions of cyber threat actors certainly are not. A myriad of threats, scams and new tricks are being deployed to keep consumers vulnerable and small businesses equally so.

Phishing, account hijacking, crypto scams, malware; there are more cyber threats out there than almost ever before.

And it’s a bumper year for scams; Scamwatch says Australians reported a record $211 million in losses to scams so far this year, up 89 percent on 2020.

So, as we prepare to wrap up another annual Scams Awareness Week, which scams are the biggest risks to you?

Phishing continues to be a top cyber threat impacting consumers, small businesses

You pick up your phone to see yet another spam text.

We’ve all had them, but in recent months the trickle has become a flood. FluBot, as it’s known, is an SMS phishing campaign that attempts to trick people into installing a malicious app on their phone.

The messages change constantly – an unusual trait for a phishing campaign – but are generally about missed packages or new voicemails and contain a link for you to click.

That link leads to a webpage that offers you details on your delivery or mail, along with another link that downloads the malicious FluBot Android app (iPhone isn’t affected).

If installed, the app can do things like steal data and passwords and spread to more people over SMS using your phone number.

Your Android phone’s SMS spamshu feature (available on the default SMS app) will normally catch these messages before they hit your inbox. Telstra protects its customers by blocking the links contained within the messages and notifying people who infect their phones with FluBot.

Most other SMS and email phishing scams are similar to FluBot. Missed packages, outstanding fines, and fake security alerts are a staple of phishing because they trick some of us all of the time.

We click and tap their scams about a missed package when it comes as we’re expecting a delivery. Or maybe we’re a bit too tired and busy to notice a convincing email sent from a dodgy address.

So it’s important to remain skeptical of all unexpected communications, regardless of who the communicator claims to be or the platform used to reach you.

Investment scams impacting consumers and small business

Australians reported more than $70 million in losses to investment scams like bogus cryptocurrency and bond schemes in the first half of this year, more than the total lost in 2020. It’s on track to hit $140 million by year’s end.

Due diligence is key to avoid the lure of high returns and promises of special high-tech algorithms.

But these scams are so lucrative than even romance scammers are getting in on the act. These scammers are known to cultivate long relationships to eventually fleece a victim of money under the pretence of an airline ticket for a face-to-face meeting or a bill for a pressing medical need.

Now they are using those relationships to convince victims to invest in scams.

A trusted confidant like a friend or family member is key to avoiding romance scams. They should be someone brought in at the start of an online relationship and told all the details so that they can be the litmus test of whether a relationship is exploitative.

Remember – victims are far from stupid: the average is a typically “middle-aged, well-educated woman”, according to research.

Business email compromise continues to threat everyday consumers and small business owners

It’s difficult to overstate how vulnerable many of Australia’s 2.3 million small businesses are to cyber security threats. They have websites with unknown vulnerabilities, exposed remote services, and insecure online accounts.

But of all threats, business email compromise (BEC) and invoice fraud are the worst.

These attacks are far from the advanced and state-sponsored hacking that captures headlines. At most, they involve hacking insecure email accounts, setting up mail rules, and possibly registering a website.

These scams take different forms, all of which criminals deploy to devastating effect. In one example known as whaling, criminals will impersonate a company director in an email to a subordinate financial controller ordering them to pay money to their bank account.

In another, known as doctored invoicing, scammers will break into a business’ email inbox or simply buy that access, and alter the payable bank accounts on invoices.

Victims wire money into the hands of criminals where it can remain unnoticed for days, weeks, or months, giving crims ample time to make off with the cash.

Defence against business email compromise, whaling, and other forms of invoice fraud is simple in theory and harder in practice: before wiring money, make a phone call and verify the bank details.

Check out more about scams facing you and how you can defend yourself, friends, and family at Scamwatch.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →