This article was published on the Australian Competition & Consumer Commission’s Small Business Information Network and is available here.
This year, reports to the ACCC’s Scamwatch have grown by a third, with businesses reporting losses totalling $2.8 million – accounting for 63 per cent of all business losses reported to Scamwatch.
What are BEC scams?
This is when a hacker accesses a business’s email account or ‘spoofs’ a business’s email so their emails appear to come from the company. The hacker then sends emails to customers to notify them that the business’s banking details have changed and that future invoices should be paid to a new account. These emails look legitimate as they come from one of the business’s official email accounts. Customers then start making payments into the hacker’s account.
In other variations of the scam, the hacker will send an email internally to a business’s accounts team, pretending to be the CEO, asking for funds to be urgently transferred to an off-shore account. Hackers may also request salary or rental payments be directed to a new account.
Protect your small business
- As a first step, all small businesses should urgently review how they verify and pay accounts and invoices.
- Consider a multi-person approval process for transactions over a certain dollar threshold.
- Check directly with your supplier if you notice a change in account details – don’t just rely on return email, instead find older communications to ensure you have the right contact details or otherwise independently source them.
- Keep your IT security up-to-date with anti-virus and anti-spyware software and a good firewall.
If you fall victim to BEC scams, contact your financial institution immediately and consider professional IT advice to ensure your email systems and data are secure from hackers.
Find out more here.