Sophisticated email scams cost businesses $2.8m in 2018
Businesses have reported business email compromise (BEC) scams totalling $2.8 million in 2018, the Australian Competition and Consumer Commission (ACCC) revealed on Monday.
The ACCC’s Scamwatch division is calling on businesses to urgently review how they verify and pay accounts and invoices, with reports of BEC scams rising by a third this year.
Businesses that have fallen victim to BEC scammers have lost an average of nearly $30,000.
“This is a very sophisticated scam, which is why many businesses only realise they’ve been caught out once it’s too late,” ACCC deputy chair Delia Rickard said.
BEC scams occur when a business’s email accounts are either hacked or ‘spoofed’ so their emails appear to come from the company, the ACCC explained.
The hacker advises customers that the business’ banking details have changed and watches as payments flow into the new account.
ACCC cautioned that in other variations of the scam, the hacker will send an email internally to a business’s accounts team, pretending to be the CEO, asking for funds to be urgently transferred to an offshore account.
“It’s a scam that targets all kinds of businesses, including charities and local sporting clubs. There is a misconception these scams target just small business, however the largest amount of reports and losses came from medium sized businesses, including one that lost more than $300,000,” Ms Rickard noted.
She advised businesses to make sure their IT security is up-to-date and consider a multi-person approval process for transactions over a certain dollar threshold.
“Businesses should also check directly with their supplier if they notice a change in account details. It’s vital businesses don’t do this just by return email or using other contact details provided,” Ms Rickard said.
“Find older communications to ensure you have the right contact details or otherwise independently source them, so they can be sure they’re not contacting the scammer.”
Businesses affected by BEC scams should contact their financial institution immediately and consider professional IT advice.