As small business owners begin the mad rush to the end of the year, they’re being urged to be on the lookout for scams that cost them $30,000 on average.
The latest scam doing the rounds, according to Scamwatch, is the business email compromise (BEC) scam.
Hackers essentially gain access to a company’s email account, and then uses it to send out emails to their customers saying that the company’s banking details have changed.
The customers then start sending funds to the new account, which of course just happen to be the hackers’ accounts.
“This is a very sophisticated scam, which is why many businesses only realise they’ve been caught out once it’s too late,” said ACCC Deputy Chair Delia Rickard.
With many small businesses running off their feet in the lead-up to the festive season, it’s easy to see how this one slips through the cracks.
In another variation of the scam, the hacker will send an email to a business’s accounts team – coming from the CEO’s email address.
The email will request funds be transferred to another account – and because the email is coming from the CEO’s email address it appears to be a legitimate request.
Scamwatch has even received reports of the hackers intercepting house deposits that have been sent to conveyancers, real estate agents or law firms.
These types of scams have resulted in $2.8 million in reported business losses in 2018, which is 63 percent of all business losses reported to Scamwatch.
The average reported loss in $30,000, but there was one instance of a loss of $300,000.
While these are the numbers reported to Scamwatch, there are fears that the unreported figure could be much, much higher.
So, what can you do to make sure you’re not the target of such a scam in the lead up to Christmas?
“Effective management procedures can go a long way towards preventing scams, so all businesses should firstly be aware these scams exist and that their staff know about them too,” said Rickard.
She also said having a multi-person approval process for transactions above a certain dollar threshold would be best-practice.
Then there’s making sure IT security is up to date, with anti-virus and anti-spyware software installed.
Then, there’s just good old-fashioned following up.
“Businesses should also check directly with their supplier if they notice a change in account details. It’s vital a business doesn’t do this just by return email or using other contact details provided,” said Rickard.
“Find older communications to ensure you have the right contact details or otherwise independently source them, so they can be sure they’re not contacting the scammer.”
Businesses affected by BEC scams should contact their financial institution immediately and consider professional IT advice to ensure their email systems and data are secure from hackers.