Action on scams, spam, and telemarketing: July to September 2024

We have 2 compliance priorities for the 2024–25 financial year for unsolicited communications and scams:

1. Targeting misleading spam messages – Our priority is to enforce spam rules to stop commercial messages being misleadingly sent as ‘service’ or non-commercial messages.
    
2. Disrupting SMS impersonation scams – We will work to disrupt the distribution and impact of these scams by enforcing rules that telcos need to follow to identify and prevent SMS scams and sharing intelligence with fellow regulators in Australia and abroad. 

Targeting misleading spam messages

Key actions and outcomes in our focus on misleading spam messages include: 

• We gave the Commonwealth Bank of Australia (CBA) a penalty of more than $7.5 million for sending over 170 million emails that did not comply with Australia’s spam laws. These marketing messages did not include a way to unsubscribe. 34.8 million of these messages were also sent to people who had not consented to receive them.
• This is CBA’s second major breach of the spam rules. It paid a $3.55 million penalty in May 2023 for sending 65 million emails without working unsubscribe arrangements.
• In addition to the financial penalty, we have also accepted an expanded 3-year court-enforceable undertaking to address the most recent issues. These commit CBA to an independent review and implementation of improvements. It must also provide appropriate resources and governance to ensure its compliance.
• We published a statement of expectations for businesses on consumer consent to conduct telemarketing and e-marketing. 

Disrupting SMS impersonation scams

Key actions and outcomes in our focus on disrupting SMS impersonations scams include: 

• We directed bulk messaging company SMSGlobal to comply with anti-scam rules after we found it allowed SMS to be sent without adequate checks to ensure their use was legitimate. The investigation then uncovered that scammers had used vulnerabilities to send SMS brand impersonation scams using message headers of well-known brands like Australia Post, NAB and ANZ. 
• We gave anonymous scam call data to telcos to inform their blocking activities. 
• Telcos have reported blocking more than 2.2 billion scam calls since December 2020, and more than 788 million scam SMS since July 2022 (to the end of this quarter). The ACMA and telcos use blocking statistics to identify trends to help inform disruption activities.
• We expanded the pilot SMS Sender ID Register by adding new 'alpha tags'. This helps prevent business SMS message headers from being impersonated.
• We collaborated with the National Anti-Scam Centre to share information, disrupt scams, and promote awareness.
• We issued alerts about Amazon impersonation scams, romance and relationship scams and the 5 most common impersonation scams.
• We worked alongside telcos, government agencies, international regulators and big brands to disrupt phone scams by providing data and information.

We've had complaints about alleged e-marketing messages sent by businesses attempting to regain customers who have cancelled subscription services (retention messages). These messages are commercial and must comply with the Spam Act.

In some cases, when the former customer cancelled their subscription, they also withdrew their consent to receive commercial messages. 

Some businesses claim they have inferred consent to send the message, based on an existing relationship with the former customer. When a consumer cancels a subscription service, there is unlikely to be a current or ongoing relationship with the business. It is unlikely that inferred consent can be relied upon in these circumstances. 

If you are a subscription-based service and you are relying on inferred consent for customer retention messages, please carefully consider your compliance with the Spam Act. 

Learn more about the spam rules. 

At the end of the quarter, we have:

• 6 anti-scam investigations in progress 
• one finalised spam investigation and 3 in progress
• 20 court-enforceable undertakings in force, including 3 relating to anti-scam rules.

For the 12 months to the end of the quarter, we took an average of 3.8 months to complete spam investigations and 5.0 months to complete anti-scam investigations.

View our enforcement actions for breaches of spam and telemarketing laws.

View our enforcement actions for breaches of scam laws. 

Finalised investigations 

We received more than 6,200 complaints from consumers about alleged breaches of telemarketing and spam laws in this quarter:

• Retail, solar, and financial services sectors were the most complained about industries (excluding scams). 
• We received historically low levels of scam complaints for the quarter.

Complaints received by financial year

Note: We have received 9 complaints about commercial instant messages so far in 2024–25.

Complaints received about scam calls and SMS

If we receive enough information, we alert businesses about potential compliance issues raised in complaints. One alert can relate to several issues or complaints. 

Compliance alerts given to businesses

Find out more about spam and telemarketing rules, including how to make a complaint. 

Subscribe to our newsletters to get updates about our actions on telemarketing, spam, and scams.

Access the data from charts in this report

10.58 KB

Accessibility file: Action on spam and telemarketing July to September 2024