25 Aug 2016
Business email compromise (BEC) scams are on the rise in Australia and overseas, with small businesses overwhelmingly targeted by scammers.
BEC are social engineering-based scams which occur when cybercriminals gain the trust of victims and get them to make online transactions or wire transfers.
"Never accept an email for a change of details; always get verbal confirmation.” - Scott
It’s often hard for people in the businesses to tell they are not dealing with a supplier, customer or even co-worker. The transaction will often appear legitimate even to the organisation’s financial institution.
The FBI estimates worldwide losses since 2015 at $US3 billion and rising. Australia is not immune: in 2017, instances of BEC rose by an astonishing 230 per cent between the 2016 and 2017 financial years. In 2017, this amounted to losses of $A22.1 million.
Corey Scott, Managing Director of Brisbane-based tool and construction equipment provider TEN Group has experienced the impact of BEC firsthand when he was alerted to a suspect supplier payment by fraud team here at ANZ.
BEC is becoming increasingly sophisticated and experts warn businesses should consider a prevention strategy which brings together people, process and technology.
Even though the TEN payment was quickly identified as a fraud it took some time for the transaction to be reversed, pending the investigation between the two banks involved. TEN was in one way lucky: many businesses never see their money again.
"Although the transaction was eventually reversed, other impacts included delays in customer orders which our team spent a lot of time managing,” Scott says.
Five tips for small businesses looking to increase email security
As a result of the scam Scott has made significant changes to his systems and policies.
“In particular we’ve focussed on training the team to never accept an email for a change of bank details and always get a verbal confirmation,” he says.
Verbal confirmation is vital. The email TEN received – much like any other victim of this type of scam – looked no different to other emails received previously from the same company and the email domain was exactly the same.
Digital solutions provide significant opportunities for small businesses, including delivering business efficiencies and a deeper understanding of customers, but also create the risk of digital fraud.
In our experience at ANZ, we find it is vital companies protect themselves by implementing the right processes and systems and - more importantly - training their people to recognise subtle signs.
Guy Mendelson is General Manager, Small Business Banking at ANZ
The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.
25 Aug 2016
14 Feb 2018