Ash Raso was on the cusp of launching her own clothing label when she was hacked.

In a matter of minutes, the 29-year-old lost access to everything, from her email address to her social media accounts and even banking.

“I basically fell to the floor when it happened because I was like ‘Whoa, what the hell do I do?’,” she told triple j hack.

“They had gained access to my emails a few months prior, and they were essentially spying on everything I was doing through the keyboard interactions I was having and through my camera, which was so scary.”

Loading Instagram content

The hackers demanded Ms Raso transfer $US500 ($705) to them within 48 hours, if she wanted her accounts back.

She decided not to comply with the ransom, instead embarking on a long and difficult journey to gain access back.

While she got some accounts back, she says she couldn’t get into others, and a year on is still feeling the effects of the ordeal.

“Because my identity documents were compromised, I needed to apply for a new passport, a licence, my Medicare,” she said.

“I needed to jump through all of the hoops to prove my identity.”

Loading…Cybercrime reported every six minutes

Ms Raso is among a growing number of Australians falling victim to cybercrimes.

Business women in all black smiles at the camera. A laptop and ipad sits on the desk in front of her.

Ash Raso is now using her experience of being hacked as a warning to others. (Supplied)

In the 2024–25 financial year, more than 84,000 cybercrimes were reported in Australia, but the real number of incidents could be far higher, with experts pointing out many, if not most, cybercrime incidents go unreported.

While Ms Raso didn’t lose any money, cybercrime cost Australians more than $2 billion in 2024–25, with the average loss per person exceeding $33,000.

Lieutenant General Michelle McGuinness, who is Australia’s national cyber security coordinator, said it was “heartbreaking” to hear stories of cybercrime victims.

“There’s a real mental and emotional toll, that feeling of being violated, the stress involved,” she told hack.

“A few years ago, one incident was reported every 10 minutes. Last financial year, it was one incident reported every six minutes, so we know it’s increasing.”

Younger Australians leaving themselves vulnerable

New research commissioned by the federal government suggests younger Australians are falling short when it comes to taking proactive steps to protect themselves online.

Despite having high levels of confidence around online safety, more than half of 18 to 24-year-olds admit to reusing the same password across multiple accounts, while 59 per cent say they’re comfortable using a password they know is weak.

Lieutenant General McGuinness said the figures were concerning.

Smiling Michelle in khaki uniform, hair slicked back, has medals and rank pinned on both sides.

Lieutenant General Michelle McGuinness says cybercrime can happen to anyone. (ABC News: Peter Drought)

“Many young Australians believe they won’t be the victim of cybercrime, and I think the bottom line is this can happen to anyone,” she said.

“This is not blaming anyone, this is not blaming the youth, it is helping them prepare and be resilient and take that action and understand the urgency.”

The figures suggest Australians over the age of 65 are leading the way in cybersecurity practices, including 90 per cent who say they think carefully before clicking on suspicious links, compared to just 68 per cent of 18 to 24-year-olds.

“Australians 65+ are proving that caution pays off,” Lieutenant General McGuinness said.

“Their strong cybersecurity habits make them tougher targets for cybercriminals and less susceptible to some cybercrime.”

‘Trust me, you could be next’

Lieutenant General McGuinness said there were three main steps Australians should be taking online.

Her tips are:

Have unique and complex passphrasesTurn on multi-factor authenticationKeep phone and laptop software updatedUnidentified figure using a laptop and mobile phone.

Lieutenant General Michelle McGuinness is encouraging people to turn on multi-factor authentication. (Pexels)

As for Ms Raso, she wants what happened to her to be used as a warning to others.

“I probably get 10 [direct messages] a day from younger people asking me what my advice is to gain back access into all of the accounts that they have lost access to,” she said.

“The saddest part about it is, by the time they have messaged me, it is often already too late.”

She said she had now increased her online security significantly.

“Cybercrime does not discriminate and trust me, you could be next, and when it happens to you there is no worse feeling in the world,” she said.

“Looking back at the experience now, I think: ‘How silly of me, how could I have been so naive?'”