Don’t click that link! You won’t believe how easily scammers can trick you with fake settlements

When a major company mishandled your personal data, the promise of compensation could feel like a small consolation.

But for Australian seniors, a more dangerous threat was appearing in inboxes—fake settlement claims designed to steal even more personal information.

Scammers were exploiting confusion around legitimate data breach settlements and preying on those hoping to be compensated.

Data Breaches and the Rise of Scams

Australia had seen a dramatic surge in data breaches, particularly in the first quarter of 2024, with 1.8 million user accounts compromised—a staggering 388 per cent increase from the final quarter of 2023.

Scammers capitalised on the rising number of breaches and the public’s uncertainty about compensation.

Legitimate settlements did exist and could provide meaningful compensation.

Social media recently established a $50 million payment program for Australian users affected by the Cambridge Analytica scandal, marking the largest payment dedicated to privacy concerns in Australia.

However, the details of the payment scheme remained uncertain, with eligible users expected to submit applications 'in the second quarter of 2025' and payments potentially taking up to two years.

Why Scammers Target Australians

Australia’s data breach epidemic made the country a prime target for fraudsters.

IBM's Cost of a Data Breach Report 2024 revealed that the average cost of a breach in Australia had risen to $4.26 million, a 5.7 per cent increase from the previous year.

In the first six months of 2024, 527 breaches were reported to the OAIC, a 9 per cent rise on the previous period, with average costs increasing from $4.03 million in 2023 to $4.26 million.

As financial impacts grew, so did the prevalence of legitimate settlements, making scams harder to detect.

The Sophistication of Modern Scams

Modern scams had become increasingly sophisticated.

Demonstrations showing how fake settlement websites could be created in under five minutes using AI underscored the danger.

These sites were no longer crude imitations—they closely mirrored legitimate settlement pages.

For Australian seniors, this was particularly concerning because authentic settlement sites often appeared plain and unofficial, with simple forms requesting minimal information like claim numbers or email addresses.

How to Verify Settlements

Australians could take specific steps to verify settlements.

The Office of the Australian Information Commissioner (OAIC) was involved in many privacy breach complaints, often resolving cases through conciliation rather than formal determinations.

Checking oaic.gov.au helped confirm legitimate complaints and settlements.

Class actions in Australia, such as those against Medicare and Optus, had publicly available court records, with more than 100,000 registered participants for the Optus case alone.

The Australian Competition and Consumer Commission (ACCC) also maintained records of major consumer settlements, providing another verification channel.

Red flags for Australian scams included incorrect regulatory references, with fake sites sometimes citing the US Federal Trade Commission rather than the OAIC.

Scam sites could also request unusual payment methods or claim immediate urgency, unlike legitimate settlements which typically ranged from $1,000 to $20,000 and allowed months to file claims.

Upcoming Privacy Law Changes

The Privacy and Other Legislation Amendment Bill 2024, before Australian Parliament, proposed a statutory tort for serious invasions of privacy and expanded the Australian Information Commissioner’s powers, including civil penalties for privacy breaches.

These changes suggested that while legitimate settlement opportunities would increase, scammers would likely become even more sophisticated.

If targeted by a suspicious settlement notification, Australians were advised to avoid clicking links, research independently using government sources, contact the company directly, report scams to ACCC’s Scamwatch (scamwatch.gov.au), and verify claims through court or legal firm websites.

Beyond financial loss, these scams carried a human cost.

For seniors already affected by data breaches, the violation of trust could be devastating, compounding the stress of navigating complex processes while fearing additional scams.

Legitimate settlement administrators never pressured individuals for immediate action or requested upfront payments, understanding the vulnerability of those affected.

Enforcement and What It Means

Australia’s privacy commissioner described recent enforcement action as 'groundbreaking' but long overdue, with the first civil penalty order under the Privacy Act only sought in 2020 despite having the power since 2014.

As privacy laws strengthened and enforcement increased, Australians could expect more legitimate settlements alongside more sophisticated scams, making vigilance and awareness essential.

If the threat of fake settlement scams has you concerned, seeing real-life examples can make the risks more tangible.

One story details a sophisticated phishing attack that shows just how easily personal information can be targeted online.

Exploring this case can provide practical tips for recognising scams before they cause serious harm.

Read more: ‘Recently I was targeted by an extremely sophisticated phishing attack’: Are you next?

What legitimate data breach settlements have you encountered, and how did you verify their authenticity?