Business fraud prevention

Estimated reading time
 6 min

Key points

• Businesses are a big target for cybercriminals looking to commit business fraud, which is when a person steals your business’ confidential information and then uses it without your knowledge or consent.
  
  
• Invoice fraud, payroll tampering, and business identity fraud are some of the common types of fraud and cybercrime that small businesses experience.
  
  
• You can implement measures to help prevent business fraud by educating your staff, doing an employee background check when hiring, and installing anti-virus software on all your devices.

Small and medium businesses are the backbone of our communities. They provide jobs for millions of people and inject billions into the economy.

Around 98% of businesses in Australia are small businesses, so it’s easy to see how they’re making a positive and long-lasting impact.¹

However, cybercriminals tend to capitalise on this positive contribution. In fact, small businesses lost around $17.3 million to scams and fraud in 2023, highlighting just how prevalent and devastating it can be.²

That’s why we will explain some of the basics of business fraud and how you can help keep your business safe from cybercriminals.

What is business fraud?

The terms ‘scam’ and ‘fraud’ are often used interchangeably, but there’s actually a difference between them.

A scam is when a criminal tricks you into doing something for them, such as transferring money or sharing sensitive information.

Fraud is when a criminal steals and uses your information without your knowledge or consent. Business fraud can involve a perpetrator using your business information to deceive others and benefit themselves. Alternatively, the criminal might deceive someone within your business by impersonating a supplier or a customer.

Business fraud can also be committed by insiders, known as ‘insider threats’, which can cause financial and reputational harm to your business.

Scams and fraud may also go hand-in-hand, for example, your business may fall victim to a phishing scam or malware attack, giving the criminals access to your business information or network to commit fraud. 

5 types of business fraud

1. Invoice fraud

Invoice fraud is when a cybercriminal intercepts an invoice you’re receiving from another person or business. The scammer will change the payment details on the invoice to redirect the money to their own account. They might impersonate the legitimate payee and email you the modified invoice. So, instead of paying your vendor, you unknowingly pay the cybercriminal.

This type of business fraud can also happen in reverse. The cybercriminal might intercept and modify an invoice from you to a client or supplier, then impersonate your business to receive a payment that should’ve gone to you.

2. Payroll fraud

Payroll fraud is when someone deliberately tampers with a business’ payroll system for their benefit. For example, someone might create a fake employee in the system (who shares the actual employee’s banking details) so they can receive double the pay. Or a business owner might intentionally reduce a staff member’s pay rate in the payroll system.

3. Business identity fraud

Business identity fraud is when a cybercriminal uses your business information, such as your business name and Australian business number, without your consent. For example, a criminal might steal your business information through a hack or by finding a physical document in the recycling bin. They could then use that information to pose as the business owner to take out a loan and leave you to make the repayments.

4. Refund fraud

Refund fraud, or an overpayment scam, is when a scammer overpays your business for a product or service and demands a refund. The catch is that they will use a fake or stolen credit card to make the ‘overpayment’, which means they haven’t paid you. So, if you decide to issue a refund, you’re directly paying the scammer.

5. Business email compromise (BEC)

Business email compromise (BEC) is where criminals impersonate your business or other businesses over email to scam you out of money or goods. Cybercriminals might target employees by impersonating an authority figure within the business, such as a boss or manager, to trick them into revealing important information. They might get access to your business’ email by manipulating an employee into clicking a malicious link or by downloading software that infects a device. 

Why is business fraud prevention important?

Experiencing fraud can have a dramatic impact on all areas of your business. The 39% of recorded small to medium businesses that experienced cybercrime in 2023 reported damages to their revenue and reputation, disruptions to their daily business, and having to pay additional business expenses.³

Thanks to cyber criminals, businesses can quickly lose thousands of dollars in the blink of an eye, but it can take months (if not years) to recover any money lost to fraud. Ensuring your staff is well-trained on cyber threats and having robust protection can help you (and your team) keep your business safe from fraud.

How can you protect your business?

• Turn on multi-factor authentication (MFA) for all accounts. The extra layers of security between your essential accounts and cybercriminals can give you more peace of mind.
  
  
• Use strong passwords and passphrases for your business devices and accounts. However, don’t use the same password across your accounts. If a hacker cracks one, they can walk right into your other accounts and steal from you.
  
  
• Educate your staff on how to be cyber-smart. Teach them about the different types of scams and signs that may indicate a message, or email might be from a cybercriminal. Explain the steps they can take if they spot a suspicious message or virus on their device.
  
  
• Do employment background checks when you’re ready to hire. This can provide you with more information to consider about applicants before you make the decision to employ.
  
  
• Install anti-virus software and malware protection on all your business devices. Turn on automatic scans and alerts, so you’re immediately notified when the security software detects a virus or malicious activity.
  
  
• Don’t share confidential business information with anyone or on any platform, including social media. And make sure you shred any physical documents that include your business information. Criminals will do anything, even rummage through your rubbish, to get enough information to steal your identity.
  
  
• Back up your data and files regularly. This can help you get back on your feet if cybercrime corrupts your business’ network and files.
  
  
• Verify all business transactions and requests, if you have the authority to do so, to ensure they’re for legitimate reasons. If you have access to your business bank account, it’s also wise to keep an eye on the account for any fraudulent transactions.

What can you do if your business has been a victim of fraud? 

• If you’ve shared financial information or transferred money, contact your bank immediately. If you’re an ANZ customer, contact us immediately to report the fraud.
  
  
• If you shared credit card details, ‘block’ or cancel those cards immediately. If your cards are with ANZ, you can report the stolen card through the ANZ app or by calling us. 
  

Who can you contact if you’ve been scammed?

• Contact the Australian Cyber Security hotline, 24 hours a day, seven days a week on 1300 CYBER1 (or 1300 292 371).
  
  
• Help others by reporting to Scamwatch or to the Australian Signals Directorate’s Australian Cyber Security Centre’s ReportCyber.
  
  
• For phishing or identity theft associated with government accounts such as Centrelink, Medicare, or Child Support, contact the Services Australia scams and identity helpdesk on 1800 941 126 or visit their website.
  
  
• You can also contact IDCare, a not-for-profit organisation providing support to those experiencing identity and cyber security concerns.
  
  
• Contact your bank immediately if you have shared personal or financial information.
  
  
• If you’re an ANZ customer, you can report fraud or suspicious activity in multiple ways, such as through the ANZ app or by calling us.