But the period also presents abundant opportunities for cyber criminals to launch scams.
"For most companies it's a question of when - not if - your organisation will experience a cyber attack.”
Busy professionals facing an influx of calls, messages and emails around EOFY are often under pressure to act on things quickly, potentially overlooking inconsistencies or unusual requests in correspondence. This creates the perfect environment for scammers to hijack communication and gain unauthorised entry to business networks and systems.
Ever growing reliance on technology and digitised business processes further increases the risk, despite the convenience and efficiency, expanding the digital ‘attack surface’ available to cyber criminals.
For most companies it's a question of when - not if - your organisation will experience a cyber attack.
In recent times, scammers have turned their attention to business email compromise (BEC), targeting transactions and payment systems due to the ease at which they can intercept business correspondence. Many of these compromised emails appear to represent existing suppliers, customers and even professional advisors such as accountants or lawyers, and request changes to account or payment details.
BEC is effective at evoking a response or call to action without including infected links or attachments which can be detected by antivirus software and spam filters and most observant recipients.
In the 2019-20 financial year there were 4,255 reports of BEC scams reported to the Australian Cyber Security Centre (ACSC) representing losses over $A142 million. Scammers target businesses of all sizes with BEC however micro, small and medium businesses are frequently targeted due to the lower level of investment in security, lack of dedicated security staff and lower maturity of security controls.
BEC is one of the most common scam types targeting Australian businesses and can involve a range of email, instant message, SMS and social media tactics to exploit business processes and relationships to scam victims out of money or goods.
Some of the most common BEC scams include:
- Impersonation scams - scammers masquerade as lawyers, executives or even Australian Tax Office representatives, requesting changes to payment or account details.
- Invoice scams - fake or altered invoices for goods and services are delivered on behalf of trusted suppliers, exploiting the busy accounting period.
- Finance scams - official-looking correspondence regarding bank accounts, fees and fines, transactions, renewals, the Australian Securities and Investments Commission or myGov notifications.
Scammers also know they don’t need to target businesses directly and the impacts on businesses caught up in supply chain or third party attacks can be just as debilitating. Subcontractors and vendors in business supply chains present myriad opportunities for scammers looking to exploit legitimate business processes and relationships for financial gain.
Despite their best efforts to stay secure and protected against external threats, we often see business customers being caught out by BEC scams where criminals impersonate trusted business partners or long-term suppliers.
It doesn’t matter how robust an organisation’s security controls are, if they aren’t properly checking and validating email requests from all internal and external parties, they can easily fall victim to a BEC scam.