-
Business email compromise (BEC) scams are on the rise in Australia and overseas, with small businesses overwhelmingly targeted by scammers.
BEC are social engineering-based scams which occur when cybercriminals gain the trust of victims and get them to make online transactions or wire transfers.
"Never accept an email for a change of details; always get verbal confirmation.” - Scott
It’s often hard for people in the businesses to tell they are not dealing with a supplier, customer or even co-worker. The transaction will often appear legitimate even to the organisation’s financial institution.
The FBI estimates worldwide losses since 2015 at $US3 billion and rising. Australia is not immune: in 2017, instances of BEC rose by an astonishing 230 per cent between the 2016 and 2017 financial years. In 2017, this amounted to losses of $A22.1 million.
Sophisticated
Corey Scott, Managing Director of Brisbane-based tool and construction equipment provider TEN Group has experienced the impact of BEC firsthand when he was alerted to a suspect supplier payment by fraud team here at ANZ.
BEC is becoming increasingly sophisticated and experts warn businesses should consider a prevention strategy which brings together people, process and technology.
Even though the TEN payment was quickly identified as a fraud it took some time for the transaction to be reversed, pending the investigation between the two banks involved. TEN was in one way lucky: many businesses never see their money again.
"Although the transaction was eventually reversed, other impacts included delays in customer orders which our team spent a lot of time managing,” Scott says.
Protect yourself
Five tips for small businesses looking to increase email security
- If you receive a change of banking details from a supplier, always confirm by contacting the supplier on details recorded in your system. A phone call is usually best, particularly if your supplier’s email system has been hacked.
- Requiring two authorisations for payments provides an extra level of security, particularly for large transactions or those which appear sensitive or urgent.
- Implement or review your policies and processes for updating supplier details. Make sure everyone is aware of the new or updated policies.
- BEC scams are often initiated with a phishing scam: avoid providing information about your company or its employees to unknown senders or callers.
- If you are the target of a scam, contact your bank in the first instance and report any incidents to the Australia Cyber Crime Online Reporting Network. By reporting the event, you may help others avoid them in future.
Changes
As a result of the scam Scott has made significant changes to his systems and policies.
“In particular we’ve focussed on training the team to never accept an email for a change of bank details and always get a verbal confirmation,” he says.
Verbal confirmation is vital. The email TEN received – much like any other victim of this type of scam – looked no different to other emails received previously from the same company and the email domain was exactly the same.
Digital solutions provide significant opportunities for small businesses, including delivering business efficiencies and a deeper understanding of customers, but also create the risk of digital fraud.
In our experience at ANZ, we find it is vital companies protect themselves by implementing the right processes and systems and - more importantly - training their people to recognise subtle signs.
Guy Mendelson is General Manager, Small Business Banking at ANZ
The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.
anzcomau:Bluenotes/business-finance,anzcomau:Bluenotes/Small-business
For SME scams, the best defence is defence
2018-05-24
/content/dam/anzcomau/bluenotes/images/articles/2018/May/MendelsonScams_banner.jpg
EDITOR'S PICKS
-
Australians lost close to $A9 million in the six months leading up to Valentine’s Day.
2018-02-14 13:04 -
Not a day passes now without us being reminded digital technology can be both friend and foe. Cloud computing, centralisation of IT resources and greater connectivity are just some of the developments increasing convenience for businesses. Sadly with these developments come risk, and cybercrime is the dark side of doing business in the digital age.
2016-08-25 16:23