Hackers targeting businesses’ emails in sophisticated scam

Published: Comments:
Australian Government Business Business & Economy Community Law & Safety Small Business Technology & Communications

Social:   

Scamwatch is calling on businesses to urgently review how they verify and pay accounts and invoices as reports of business email compromise (BEC) scams to Scamwatch have grown by a third this year.

"This is a very sophisticated scam, which is why many businesses only realise they've been caught out once it's too late," ACCC Deputy Chair Delia Rickard said.

BEC scams occur when a hacker gains access to a business's email accounts, or 'spoof' a business's email so their emails appear to come from the company. The hacker then sends emails to customers claiming that the business's banking details have changed and that future invoices should be paid to a new account. These emails look legitimate as they come from one of a business's official email accounts. Payments then start to flow into the hacker's account.

In other variations of the scam, the hacker will send an email internally to a business's accounts team, pretending to be the CEO, asking for funds to be urgently transferred to an off-shore account. Hackers can also request salary or rental payments be directed to a new account.

Scamwatch has even received reports of the hackers intercepting house deposits that have been sent to conveyancers, real estate agents or law firms.

"It's a scam that targets all kinds of businesses, including charities and local sporting clubs. There is a misconception these scams target just small business, however the largest amount of reports and losses came from medium sized businesses, including one that lost more than $300,000," Ms Rickard said.

Businesses have reported losses to these scams totalling $2.8 million to Scamwatch in 2018. However, this represents only a fraction of total losses to this variety of scam across Australia. BEC scams cause businesses significant financial harm, accounting for 63 per cent of all business losses reported to Scamwatch. The average loss is nearly $30,000.

"Effective management procedures can go a long way towards preventing scams, so all businesses should firstly be aware these scams exist and that their staff know about them too," Ms Rickard said.

"They should consider a multi-person approval process for transactions over a certain dollar threshold and keep their IT security up-to-date with anti-virus and anti-spyware software and a good firewall."

"Businesses should also check directly with their supplier if they notice a change in account details. It's vital a business don't do this just by return email or using other contact details provided. Find older communications to ensure you have the right contact details or otherwise independently source them, so they can be sure they're not contacting the scammer," Ms Rickard said.

Businesses affected by BEC scams should contact their financial institution immediately and consider professional IT advice to ensure their email systems and data are secure from hackers.

Businesses can report scams to www.scamwatch.gov.au, and also subscribe to Scamwatch on Twitter and Scamwatch radar alerts to keep up to date with the latest scams affecting the business community.

 
Australian Competition & Consumer Commission (ACCC) :
PO Box 12241, George Street Post Shop, Brisbane Qld 4003, Australia Wide
07 3835 4666
1300 302 502
Australian Competition & Consumer Commission (ACCC)
Showing 6 recent articles for this business
Hackers targeting businesses’ emails in sophisticated scam 26 November 2018 | Scamwatch is calling on businesses to urgently review how they verify and pay accounts and invoices as reports of business email compromise (BEC) scams to Scamwatch have grown by a third this year. More information...
Equifax (formerly Veda) to pay $3.5 million in penalties 02 October 2018 | The Federal Court has ordered that Equifax Australia Information Services and Solutions Pty Ltd (Equifax) pay penalties totalling $3.5 million for misleading and deceptive conduct and unconscionable conduct in... More information...
Beware scammers wanting access to your computer and bank account 27 August 2018 | Scammers are increasingly catching out people by impersonating well-known businesses or the police so they can get access to computers and steal money or banking information. More information...
Servcorp's business contract terms declared unfair 13 July 2018 | The Federal Court has declared by consent that 12 terms in standard form contracts used by two Servcorp Ltd subsidiaries (Servcorp Parramatta Pty Ltd and Servcorp Melbourne 18 Pty Ltd) (together Servcorp) are... More information...
Jenny Craig pays penalty for "10kg for $10" ads 05 June 2018 | Jenny Craig Weight Loss Centres Pty Ltd (Jenny Craig) has paid $37,800 in penalties following the ACCC issuing three infringement notices for alleged false or misleading representations in breach of the Australian... More information...
Business losses to scams up 23% 24 May 2018 | Scammers swindled nearly $4.7million from Australian businesses in 2017 according to the ACCC's latest Targeting scams report – a 23 per cent increase compared to 2016. More information...



Social:   
comments powered by Disqus

All articles submitted by third parties or written by My Sunshine Coast come under our Disclaimer / Terms of Service