This week is Scams Awareness Week, where we will be raising awareness about scams by asking people whether they are ‘too smart to be scammed?’
This year we urge Australians to test whether they can spot a scam or are likely to fall victim to a scam.
Scams can target any small business. They are always changing as scammers are taking advantage of new technology to prey on their victims.
One of the most common scams is business email compromise scams. These cost Australian businesses over $60 million according to reports made to Scamwatch and the Australian Cybercrime Online Reporting Network in 2018.
The following case study is based on the experience of a real scam victim.
Case study – business email compromise scam
We are the victims of an email hacking scam. The scammers appear to have hacked a supplier’s email and advised us of a change in bank details. The scammers sent us invoices with amended bank details as well as the prior email trail to and from the supplier so they must have been in their IT system. Everything was a perfect copy of a real version of the invoices we were so used to. We didn’t notice the difference. Thinking it was real we sent an amount of $190 000 but the real supplier never received it. The email address was also correct for the supplier, but they told us that they did not receive our responses. The scammers seem to have some way of hiding our responses from the supplier. We didn’t find out about this until our supplier contacted us via phone to talk about not receiving the money.
Signs this is a scam
In this type of scam, the invoices can look genuine and the scammers will include copies of previous invoices to make it appear real. Scammers often pose as a regular supplier and notify the business that their banking details have changed. They might say they have recently changed banks, and may use stolen letterheads and branding or even hack emails to seem legitimate.
How to protect your small business
- Contact the supplier directly using a second, reliable mode of communication such as a known phone number to verify the request to change bank details.
- Consider using a multi-person approval process for transactions over a certain dollar threshold with processes in place to ensure the business billing you is the one you normally deal with.
- Keep your IT security up-to-date, and ensure you regularly run antivirus software and have a good firewall to protect your data.
For more information about scams, where to get help if you’ve been scammed or to report a scam, visit the Scamwatch website at www.scamwatch.gov.au.