We’re seeing certain scams becoming more prevalent across the small to medium business sector including business email compromise, ransomware, distributed denial of service and supply chain compromise. Our data show the value of scams is also increasing, with a 56 per cent increase in losses for businesses in the 2022 financial year.
“One of the most important things businesses can do to protect themselves is to ensure their staff remain up to date on the ever-changing and increasingly sophisticated scams targeting SMEs.”
Governments globally have recognised the increasing risks and are introducing or amending existing regulations to better protect essential services. For example, following recent breaches, changes are being introduced to the Privacy Act via the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 in Australia.
The definition of essential services is also being expanded to include more industries, increasing regulatory pressure on many Australian businesses to comply with legislation and ensure they have strong processes for safely collecting and storing data to avoid potential financial penalties and reputational damage.
One of the most important things businesses can do to protect themselves is to ensure their staff remain up to date on the ever-changing and increasingly sophisticated scams targeting SMEs. ANZ’s Cyber Security for Business guide provides an overview of the most prevalent scams targeting businesses and tactics businesses can employ to mitigate risks.
Business email compromise
Business email compromise (BEC) attacks, which use email to abuse trust in business processes resulting in fraud and impersonation, continue to rise. Australian Competition and Consumer Commission data show Australian businesses lost $227 million to payment redirection scams in 2021, a 77 per cent increase compared with a year earlier.
Scammers are becoming more targeted in their use of emails and using additional channels to deceive including SMS, instant messaging and social media.
Business can protect themselves by ensuring workers are aware of the warning signs which include an unexpected change of bank details, urgency in payment requests and threats of serious consequences if payment isn't made.
It’s also important to implement verification processes for financial requests, for example a phone call or in-person or two-person verification. Check details such as a sender's domain spelling and compare it with previous correspondence. Businesses should also enable multi-factor authentication.
The importance of employee education is true for large corporates as well. Last month one of our bankers received what looked to be an email from a Victorian-based construction company requesting a $289,500 bank transfer. It was similar in tone and content to previous transfer requests received from the customer.
Due to our team’s understanding of BEC risks, our banker called the customer to confirm the transfer and was informed it was fraudulent. In this instance fraud was prevented due to the banker’s understanding of the risks and ways to mitigate them.