Protect your business from scams

The nation’s more than 2.58 million small businesses drive so much of the economy – everything from your local corner shop to your babysitter to your local tradie. 

“Too often I see first-hand the impacts on a business that has been scammed in a cyber incident, many of which could have been prevented by the adoption of some simple practices.”   

But so many of these businesses are increasingly exposed to complex and sophisticated scams. 

Threats such as scammers using the latest Artificial Intelligence (AI) to target gaps in the accounts of Australia’s army of small business owners are growing. 

Recent cybercrime statistics show that on average, there is a cyberattack every 10 minutes in Australia, with 43 per cent of these attacks targeting small to medium sized enterprises.  

The threat to businesses is constantly evolving and besides access to funds in bank accounts, access to customer data or proprietary knowledge, businesses are attractive targets for cybercriminals. 

Emerging threats

Starting, running or growing a business takes a lot of hard work and risk. The list of issues that can keep a business owner up at night continue to increase with the risk of losing money or data now rapidly rising to the top spots on the list.  

Whilst the rapid rate of technology uptake, including the growth in AI, offers new and exciting avenues for customer engagement, reach and market opportunities, it is also driving an increase in the incidence and sophistication of cyberattacks on business owners.  

For example, AI allows criminals to simultaneously undertake large scale attacks while also personalising messages to individuals. 

An article by Cloudflare recently highlighted 87 per cent of cybersecurity leaders acknowledged AI’s role in enhancing the sophistication and severity of attacks, including phishing, social engineering, denial of service attacks, and deepfakes. 

At the same time, Forbes has included AI as one of three key cybersecurity predictions for 2025. 

This comes as businesses are already struggling with scams. The latest data show Australians lost almost $319 million to online scammers last year.  

The latest data from IDCARE, a charity that supports small businesses facing cybercrimes and scams, suggests the following:  

• The average loss to a small business from a cyber security incident is over $49,000. 
• In 48 per cent of cases IDCARE has dealt with, small business owners experiencing an event do not know how their business was compromised. 
• Cybercriminals most commonly exploit small businesses by diverting payments, accessing their bank accounts, and fraudulently submitting tax returns in their name. 
• Small business owners also experience higher rates of social media account compromise and exploitation than individuals. 
• Responding to an incident may likely cost a small business four working days - including other costs incurred. 
• More than half of small businesses close within six months of experiencing a cyberattack. 

But there is plenty business owners can do to protect themselves, and they can do it today. 

Too often I see first-hand the impacts on a business that has been scammed in a cyber incident, many of which could have been prevented by the adoption of some simple practices. 

Call to action

The International Chamber of Commerce (ICC), a global business organisation that represents over 45 million companies in more than 170 countries, last year released a report titled, “Protecting the cybersecurity of critical infrastructures and their supply chains”.  

It provides an in-depth look at the complexities of safeguarding critical infrastructure, such as energy, water, healthcare, and transportation, through strong security practices, public-private collaboration, and international cooperation.  

It recommends that organisations conduct regular risk assessments, implement the latest security patches, and adopt zero-trust architectures. Additionally, organisations should develop robust supply chain policies to mitigate third-party risks. 

Defend your business

But how do you do this if you are a small business owner? It can seem insurmountable but small business can also be prepared. 

The main attack vectors used by scammers to target businesses remain Business Email Compromise and Bank Impersonation Scams.  

Business Email Compromise is when a criminal uses email to get a person to hand over money or confidential data. 

A key to helping ward off business email compromise scams include simply verifying a payment request by quickly calling the message sender on a trusted number. 

This is particularly important when you receive an unusual or out of character payment request from someone within your organisation, or a known third-party, like a supplier. 

It’s also crucial when you notice new or updated banking details in an email or invoice from a regular client or vendor. 

Because of this, it pays to closely examine email domain names to spot added numbers or subtle surname misspellings. 

Other crucial moves include confirming your company keeps their security software updated across all platforms, ensure staff, especially those working in accounts, are educated on scam red flags. 

Also ensure you have protocols in place requiring verification before payments are sent out. 

And of course, turn on multi-factor authentication (MFA) on all accounts, where possible. 

Bank Impersonation scams are when criminals pretend that they are from your bank and use technology – email or phones – to make it appear they are legitimate. 

To help ward off bank impersonators always stop and be cautious of unexpected or urgent emails, SMS messages, or phone calls, and do not click on any links, or open any attachments. 

Always verify with your provider or bank immediately via official channels if you receive a message from someone saying your account is at risk, under review, unavailable, or locked, or if you enter personal details into a link that you suspect is a scam. 

And also keep your information protected. Do not share personal or financial details, and never provide your passwords, account numbers, or one-time passcodes to anyone. 

If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you. 

Also report events to scamwatch.gov.au and the Australian Cyber Security Centre’s ReportCyber to help protect others.  

Tell your friends and family: it helps to share your experience so they can give you support, and also so you can help them stay safe from scams. 

ANZ is committed to supporting customers to better understand security risks to help them defend against cyber threats.  

The Simplifying Cyber for Business Guide is just one way we are helping small business customers to improve their cyber security resilience.   

ANZ’s security hub is constantly being updated with information to assist our customers to understand more about increasing threats and helping tips on how they can reduce the incidence of financial loss from a cyberattack. 

Cosi De Angelis is Head of Transaction Banking at ANZ