McCormack believes phishing scams are so successful because of the blanket policy criminals adopt when looking for victims. They don't try and scam a single person, business or organisation out of one significant lump sum, but rather target a high volume of low dollar victims.
"I think the figure is about 90 billion emails per day. A huge percentage of those are spam and a significant proportion of that spam contains links to malicious software. When you're putting that much volume of traffic out you only need .001 percent to actually expose themselves and lose a small amount of money [each], and the criminals get a vast sum."
In terms of origins of threats, McCormack said Australia does not boast many cyber criminals, largely due to effective cyber crime laws, co-operation between federal, state and territorial law enforcement agencies, and a keenness to prosecute these types of crimes.
What the AHTCC does see in terms of Australian-based cyber criminals is a lot of lower level people who get involved in phishing and other scams, such as muling, to make a quick buck (see picture attached).
"They understand what they are doing is illegal - if you answer a job advert on the Internet which indicates that you can make $2000 a week just for two hours work, and you start transferring funds to some guy in Eastern Europe and getting $500 commission, then there must be something not right about it," McCormack said.
While the AHTCC sees these kinds of opportunistic local cyber criminals as just one small cog in the wheel, it is viewed as criminal activity nonetheless and will be prosecuted.
"There was a case just recently in Brisbane where the lady involved received a 15 month sentence."
In McCormack's view, the jewel in the AHTCC's crown is the Joint Banking and Finance Sector Investigation Team: a collection of representatives from law enforcement, major banks and financial services, and smaller financial institutions represented through Abacus, working close together to combat cyber crime in the financial sphere.
"That team has a vast and enormous number of successes every single day, and I recently had them start to record this visibly. As they walk out each night there is a big whiteboard near the door that lists all the phishing sites they've taken down, the number of interviews conducted with people involved in muling scams, and the number of operational activities they have running at any one time.
"It's just a visible reminder each time they walk out the door that 'hey, we've kicked some goals today', and we can only do that via the cooperation with industry and our other counterparts in states and territories."