Action on scams, spam and telemarketing: October to December 2022

​

Our key actions
	Investbybit Pty Ltd penalised $2 million for breaches of the Spam Act. Businesses have paid $6.3 million in penalties for breaching spam and telemarketing rules in the last 18 months.
	Telcos blocked over 155 million scam calls and over 40 million scam SMS in the quarter. This brings the total to 955 million scam calls blocked (since December 2020) and 90 million scam SMS blocked (since July 2022).
	Telco Circles.Life penalised $200,000 and offered compensation of over $100,000 to its consumers after failing to have multifactor ID checks in place to prevent scammers accessing mobile accounts.
	Amended the telephone numbering rules to support scam reduction.
	Issued consumer alerts covering the top 5 scam types reported to the ACMA, as well as fake toll road account SMS and Optus impersonation scams.

​

We have 2 compliance priorities for the 2022–23 financial year for unsolicited communications:

1. Combating SMS and identity theft phone scams – enforcing new rules on telcos to use stronger ID checks, and establishing new rules to reduce SMS scams.
2. Enforcing SMS and email unsubscribe rules – concentrating on businesses that take no notice of customer unsubscribe requests or make it hard for them to unsubscribe.

Combating phone scams

We are taking the fight to scammers to disrupt their activities and protect Australians. During the quarter, we:

• Reported that telcos blocked 955 million scam calls under the Reducing Scam Calls rules from 2 December 2020 to 31 December 2022.  We provided de-identified complaint data to telcos to help them identify these calls.
• Reported that 90 million scam SMS have been blocked since new rules requiring telcos to identify, trace and block scam SMS commenced on 12 July 2022. 
• Commenced an audit of telcos that distribute large-scale SMS on their compliance with anti-scam SMS rules.
• Completed an audit of 95 mobile telcos’ compliance with new multi-factor identity authentication rules to protect consumers from fraud on their telco services and accounts, including unauthorised SIM swaps.
• Informally warned 91 telcos for apparent failure to provide mandatory reports of blocked scam call and scam SMS figures for July to September 2022.
• Issued consumer alerts about the top 5 scam types reported to the ACMA, fake toll road account texts, and Optus impersonation scams.
• Amended the Telecommunications Numbering Plan 2015 to specify the short code 7226 (SCAM) for voluntary use by telcos. This helps consumers to report scams and gives powers to the ACMA to withdraw numbers used in scams and fraud in specific circumstances.
• Continued to work behind the scenes with telcos, government agencies and well-known brands to disrupt phone scams.

Find out more about how to protect yourself from phone scams.

Compliance with unsubscribe rules

Key actions and outcomes in our focus on unsubscribe rules included:

• A $2,000,220 penalty paid by Investbybit Pty Ltd (trading as Binance Australia) after it sent more than 5.7 million commercial email messages in breach of the Spam Act 2003 and the Spam Regulations 2021. The messages, sent between October 2021 and May 2022, either did not contain an unsubscribe facility, or otherwise unlawfully required consumers to log into an account to unsubscribe. The ACMA also accepted a 3-year court enforceable undertaking from the company, under which it will have an independent audit and implement improvements.
• 610 compliance warnings and targeted fact sheets given to businesses identified from complaints to the ACMA as having potential issues with unsubscribe requirements.

Read more about our compliance priorities.

Consumer complaints directly inform our actions and help us identify issues and trends. We also provide de-identified complaint data to telcos to help them identify and block scam calls.

• We are seeing some promising downward complaint trends as the new anti-scam call and SMS rules make an impact.
• 18% of all telemarketing and spam complaints were about scams.

The most common complaints were about retail, the building/maintenance sectors and financial services.

Note: We have also received 41 complaints about commercial instant messages so far in 2022–23.

We’ve seen a number of recent examples of businesses automatically adding consumer email addresses to their marketing lists on the apparent basis of a one-off purchase, or where the consumer has simply submitted an email enquiry. These examples suggest that there is a misunderstanding about when a business can obtain consent under the Spam Act 2003.

You may generally ‘infer’ that you have permission to send marketing messages if the recipient has knowingly and directly given their address, and it is reasonable to believe they would expect to receive marketing from your business.

This is generally when a person has a provable, ongoing relationship with your business, and the marketing is directly related to that relationship. For example, if someone has subscribed to a service, has an account or is a member, and the marketing is relevant to that relationship.

It does not cover sending messages after someone has just bought something from your business, or just sent you an email. It also doesn’t cover sending commercial messages to someone about a product or service unrelated to your relationship with them – for instance, a telco sending a customer information about their energy services.

It is always preferable to obtain a consumer’s ‘express’ consent to receive your marketing messages. People can give express consent by directly agreeing to provide it, including via:

• filling in a form
• ticking a box on a website
• over the phone
• face-to-face.

Express consent should be directly informed by clear terms and conditions about what the consent is for, how long it lasts and how it can be withdrawn. Better practice is to make the information clearly available at the point consent is obtained, and not buried in terms and conditions or privacy policies.

No matter what type of consent you are using, it is up to you to keep clear records to prove you have consent, including details about when and how it was obtained.

If you are using a list purchased from a third-party supplier, you must still have the proof. Remember, under the Spam Act, it's up to you to prove that you have a person's permission to send them marketing messages.

Learn more about the consent and unsubscribe laws.

We finalised one investigation and commenced 6 investigations in the quarter. We had 8 underway at the end of the quarter.

Investigations took 3.5 months on average to complete.

We monitored compliance with 19 court-enforceable undertakings currently in force; setting out actions businesses must take to improve their compliance with spam, scam and telemarketing laws.

View our enforcement actions for breaches of spam and telemarketing laws.

View our enforcement actions for breaches of scam laws. 

Find out more about our compliance and enforcement role and the penalties for breaking the rules.

Finalised investigations

We informally warn businesses about potential compliance issues raised in complaints where we can. We provide details to the business when the complainant has given us permission. If the issues continue, we may investigate. One alert can relate to several issues or complaints.

Find out more about spam and telemarketing rules and what actions you can take, including making a complaint.

You can also learn more about how to spot and protect yourself from phone and SMS scams.

Subscribe to our newsletters to get updates about our actions on telemarketing, spam, and scams.

Access the data

Download the data for the charts in this report below.