The Cyber Sushi

(serving up the cold facts, with some phish bytes)

Welcome back! Here's what we are covering in this issue:

• Scams and Vulnerability: Who’s Really at Risk
• Behind the Mask: New and Trending Scams
• Ask Dr Lacey: "Is this person real or a scam?"

Scams and Vulnerability: Who’s Really at Risk

Scammers don’t just target money — they target people. Some of the most at-risk individuals are those living with physical or cognitive disabilities, mental health conditions, or neurodivergence. Between December 2024 and November 2025, IDCARE supported around 1,500 clients who identified as physically or psychologically vulnerable. These numbers only include clients who disclosed their disability, mental health condition, or neurodivergence to IDCARE, so the true scale is likely even larger. Their experiences show that scams can be harder to spot and recover from when everyday systems and supports aren’t designed for everyone.

How scammers take advantage

• Routine interactions: Scammers exploit predictable patterns in everyday life, such as using government services, online shopping, or disability supports.
• Online communities: Social media groups for disability support or advice can attract fraudulent posts or offers.
• Relationship trust: Many scams involve someone pretending to be a friend or romantic partner, which can be emotionally damaging.

Real-life challenges

• People with cognitive disability often rely on family or support persons to detect scams; many can’t independently recognise or stop scams.
• Those with physical disability face barriers to buying essential items online, navigating services, and responding to scams.
• Individuals with mental health challenges often experience harassment and are dismissed when reporting scams.
• Neurodivergent adults may misinterpret scammers’ intentions due to social communication differences, trusting behaviours, or literal thinking, increasing susceptibility.

Why it matters
Scams don’t just cost money, they can disrupt supports, worsen mental health, and isolate people further. This vulnerable cohort reported over $22.5 million in losses, with a median loss of $3,150. Systems that are difficult to navigate or slow to respond make recovery harder, especially for those most affected.

What can help

• Build awareness among friends, family, and support workers so they can spot scams early.
• Make online and service interactions accessible clear communication, slower pace, or alternative channels can help.
• Encourage open conversations about scams to reduce stigma and ensure support is available when needed.
• Verify unexpected requests carefully — pause, check, and get help if something doesn’t feel right.

Behind the mask: The Guide to New and Trending Scams

We usually cover a few brief ‘trending scams’ in this section, but this one deserves a deeper look, especially since SIM swap scams caused significant losses in 2025. The total reported loss was $5.9 million, with an average of $12,000 lost per person.

SIM Swap Scams: When Your Phone Isn’t Really Yours

Scammers are increasingly targeting mobile phone users with SIM swap attacks, which can give criminals access to your calls, messages, and even bank accounts.

How it happens
In early October 2025, a couple reported to IDCARE that they lost around $25,000 after their phone numbers were secretly transferred to a scammer’s SIM. Late on a Saturday night, their phones suddenly showed ‘Emergency Calls Only’, but by then the scammer already had control of calls and verification codes.

Scammers often gather personal details from data breaches or online sources, then call your phone provider pretending to be you. If successful, the scammer can transfer your number to a SIM they control. Unfortunately, this does happen — with enough personal information and a convincing story, scammers can sometimes fool telco staff into believing they are the legitimate account holder.

The following day, the couple realised something was seriously wrong when a routine outing; paying for a haircut, ended with their card being declined. Checking their bank account revealed the full scale of the loss, with only $136 remaining.

Red flags to watch for

• Your phone suddenly shows ‘Emergency Calls Only’. This is the clearest warning that your SIM may have been hijacked.
  NOTE: Phones can show this for other reasons — poor network coverage, temporary outages, airplane mode, or a mis-seated SIM. But if it happens suddenly and unexpectedly, especially while missing verification messages, treat it as urgent.

Our tips

• If your phone suddenly shows ‘Emergency Calls Only’ or you notice missing alerts, treat it as urgent. Call your bank immediately, freeze accounts, and report suspicious activity.
• Set up an authenticator app on your device and link it to your bank or other accounts instead of relying solely on SMS codes. Authenticator apps generate codes on your device, which you enter when logging in or performing transactions. Even if someone hijacks your phone number, they cannot intercept these codes. Linking the app to your online banking can replace SMS verification entirely, making your accounts much more secure against SIM swap attacks.

Ask Dr Lacey: "Is this person real or a scam?"

Have a Scam, Identity, or Cyber-Related Question? Ask Dr. David Lacey!
 
Having dealt with countless cases of scams, identity theft, and cybercrime, Dr. David Lacey is one of Australia’s most respected experts in the field. He is highly sought after by both government and industry for his unique insights into the online criminal environment. In this edition of The Cyber Sushi, Dr. Lacey is inviting you to submit your questions – and we (the Cyber Sushi team) will answer them. Send your questions to [email protected].

Our question today comes from Megan: ‘Is this person real or a scam?’
Hi Dr Lacey,
I’ve been chatting with someone online and things feel good, but I’m not sure if this is a real relationship. I’ve heard about reverse image searches but I’m not sure how to do it on my phone. Does this really help and how do you do it?

Answer:
Hi Megan,

This is a great question, especially with Valentine’s Day coming up, it’s smart to be cautious before putting your heart (and money) on the line. A reverse image search is a practical way to check if the photos someone is sending you appear elsewhere online — for example on stock photo sites, old social media profiles, or other websites. This can help you spot if the person might be using someone else’s images to create a fake identity. Here’s a simple way to do it on your phone:

1. Save the photo you want to check.
2. Open your browser and go to images.google.com.

• If you don’t see the camera icon, switch to desktop mode:Chrome: Tap the three dots → ‘Desktop site’.Safari: Tap aA → ‘Request Desktop Website’.

Tap the camera icon, then upload the photo. Look through the results:

• If the image appears on other websites, stock photo pages, or with different names, that’s a warning sign.
• Even if the photo shows up elsewhere online, it doesn’t automatically prove anything—but it does mean you should be cautious. Scammers often reuse images to create fake profiles, so seeing the same photo on multiple sites is a red flag worth paying attention to.

A reverse image search is just one tool, also watch out for excuses to avoid video calls, stories that don’t add up, or any requests for money. If the relationship started on social media and they claim to be in the military or another remote service, that’s another common red flag. Seeing any of these signs usually means it’s a scam.

Kind regards,
The Cyber Sushi Team