Until Eoin Blackwell arrived at his Sydney home from a Christmas party, he had no idea his bank account had been emptied from half-a-world away.
Blackwell's personal details were stolen by a Romanian card-skimming gang and sold to criminals in Italy. While he relaxed with friends in a pub, the thieves withdrew 3,000 dollars (2,900 US) from his account.
"I found out I had no money trying to pay for a cab. My initial response was 'what the hell?'," said Blackwell, 28, a business analyst.
The bank confirmed his cash was gone -- "withdrawn in Milan" -- and it would take six weeks to investigate, suggesting he "may have participated in the fraud", he said.
"In the end, I got the (money) back," he said. "I'm now militant about covering the key pad on ATMs and more cautious with online banking."
Blackwell is among the 65 percent of the world's two billion Internet users estimated to have fallen victim to cyber crime, a trade so lucrative it is thought to be worth several times more than the illegal drugs racket.
"Identity theft associated with the compromise of personal information is a growing issue for all law enforcement," explained Neil Gaughan, high-tech crime chief with the Australian Federal Police.
"This type of crime permeates all countries, all levels of society."
The facts, set out in Australia's new "BLK MKT" cyber-safety campaign, are startling: an identity is stolen every three seconds, with 43 million fake antivirus programmes downloaded every year.
The programme then lets the cyber criminal effectively log users' every keystroke including, potentially, passwords.
And the trade in personal details can be a lucrative enterprise. The cyber criminal can use complete identities to make fake passports, drivers' licences and other documents.
A digital thief can make more than 20,000 dollars a month.
It takes just seven pieces of information to build a complete profile, and experts estimate that one in five online shoppers will be hit.
"People are of the view that it can't happen to them," Gaughan told AFP at the BLK MKT web-security roadshow, launched by the government and cyber security firm Symantec.
"We have this laissez-faire attitude that no one's going to break into my house, it's the same with computer theft and computer fraud."
A mobile shipping container fitted out as a cyber-criminal's den, BLK MKT aims to take people inside the world of identity theft, showing how an unprotected computer can be compromised in just four minutes.
Attorney-General Robert McClelland said it was astonishing that "we lock our doors and windows to keep secure but we don't have that culture in terms of our very valuable personal information that's contained on the Internet".
The personal details of 1,000 Australians were discovered for trade on a Vietnamese website this month, including credit card numbers and contact information which police believe were lifted from a site hacked in January.
Detective Superintendent Brian Hay said he had "no doubt" the individuals involved would be targeted by fraudsters down the track.
Hay's Queensland fraud unit also found an elaborate scam linked to South Africa involving the online sale of invalid airline tickets purchased with fake credit cards.
"It is important we understand that a compromised credit card is not just about the money -- that can be easily replaced," said Hay.
"What is most important is your identity and when that is lost on the Internet, it could be gone forever."
Gaughan said the trans-national nature of Internet crimes made them difficult to investigate, leaving law enforcement sometimes lagging behind fast-moving gangs.
Greater cooperation between nations and with corporations such as Facebook was key, he added.
"Facebook I have regular dialogue with," Gaughan said. "I think it's 80 percent of Australians over 18 are using Facebook or some phenomenal figure, and unfortunately there are some people doing some naughty things on Facebook."
Gaughan said the social networking giant was mulling the establishment of a regional law enforcement liaison to help Australian and other Asia-Pacific authorities deal with issues in a "time-zone-efficient manner".
"It's still a work in progress," he said.
Explore further: Expanding the breadth and impact of cybersecurity and privacy research