Rss

Archives for : INVOICE SCAMS

Losses from reported Australian hacking victims quadrupled in 2016: ACCC

skull-crossbones-numbers-red-image-www-scamsfakes-com

The Australian Competition and Consumer Commission (ACCC) has reported a four-fold increase in hacking scams, with AU$2.9 million lost to such activity in 2016, up from AU$700,000 in 2015.

According to Targeting scams: Report of the ACCC on scams activity 2016, businesses bore the brunt of these scams, with over half — AU$1.7 million — being attributed to businesses.

“While the digital economy presents many opportunities and efficiencies for businesses, it also presents significant risks,” ACCC deputy chair Delia Rickard says in the report’s foreword.

“Scams targeting businesses are becoming increasingly sophisticated using modern technology to make fake emails, invoices and websites appear legitimate to even the astute business person.”

While the digital age is hitting businesses in Australia, the report [PDF] highlights that consumers are also being affected by scammers, with digitisation providing the opportunity for scammers to try new tricks.

Online scams — those executed via the internet, email, social networks, and mobile apps — outnumbered phone-based scams in 2016, with an increase of 130 percent over 2015.

Elsewhere in the report, losses to online scams accounted for 58 percent — AU$48.4 million — of total losses, while social media was a particularly busy platform used by scammers to lure victims, netting losses of AU$9.5 million in 2016 compared with AU$3.8 million in 2015.

Of the social media scams, the most prevalent were related to online dating and sextortion, a form of blackmail in which compromising images of the victim are used to extort money.

Business scams top $3.8 million: ACCC

Jason King wasn’t surprised to get an email from the chairman of Launceston Church Grammar School’s board asking him to process a payment to Hong Kong that day.

The school sometimes has cause to make payments to Hong Kong for the school’s accountant, so there was no immediate concern.

michael-schaper-deputy-chairman-of-the-accc-says-small-businesses-are-a-far-more-attractive-target-for-scammers-than-the-general-public-image-www-scamsfakes-com

“It had [the chairman’s] name and an email address that looked reasonable,” Mr King says. “They were asking for a payment of $121,780. That was the red flag as we don’t ever pay that much to Hong Kong.”

Mr King called the chairman who knew nothing at all about the payment and hadn’t sent the email.

launceston-church-grammar-school-was-almost-scammed-image-www-scamsfakes-com

Scams on the rise

It was a close call for the school and data released by the Australian Competition and Consumer Commission on Friday shows scams suffered by businesses are on the rise.

Nearly 6000 businesses reported being targeted by scams in 2016, according to the watchdog’s Targeting Scams report. Losses totalled about $3.8 million, an increase of almost 31 per cent.

The highest losses were to computer hacking, fake investment schemes and buying and selling scams, according to reports to Scamwatch over the past year.

Small businesses with fewer than 20 staff are in particular the most vulnerable and accounted for nearly 60 per cent of reported losses.

Lack of reporting

ACCC deputy chairman Michael Schaper says the $3.8 million in reported scams is “really the tip of the iceberg”.

“We already know it’s a well established phenomenon that most of the people who contact Scamwatch haven’t actually lost money, only 10 per cent have,” he says. “We know that small businesses are much more reluctant to report losses. There are two reasons, one is the time and energy and the second one is that a lot of small business think that if they report a scam their insurance premiums are going to be threatened.”

Mr Schaper says while small businesses are less likely than the general public to report a scam, small businesses are also a far more attractive target than the general public.

“It’s easier to find them; those [businesses] trading online have a website presence and you can work out who to target,” he says. “Secondly, we know small businesses don’t have good record keeping systems in many cases and their software is often very basic so they are ripe pickings.”

We know small businesses don’t have good record keeping systems in many cases and their software is often very basic so they are ripe pickings.

Michael Schaper

Mr Schaper says recent events with the WannaCry ransomware scam show businesses can be just as vulnerable to scams as anyone else in the community.

There are “steep increases” in scammers contacting businesses, according to the ACCC.

What to look out for

The top three scams identified by Scamwatch against businesses are:

  1. Ransomware. These scams trick a victim into downloading a virus that infects computer systems and prevents user access until payment is made to unlock it. In 2016, reports indicate that there was an increase in ransomware emails to businesses, purportedly from legitimate companies such as Australia Post or a utility provider.
  2. Business email compromise scams. These are a form of hacking scam that operate by the scammer obtaining access to a business’ email address. The scammer will then send an email (purportedly from senior management) to the business’ suppliers advising of new payment arrangements and requesting a wire transfer to the new account.
  3. Investment scams. These scams are promoted as business opportunities (for example sports investment or stock broker scams, superannuation schemes or managed funds) and promise inflated returns but are, in reality, nothing more than a method used to drain a business of its funds.

Mr Schaper says 85 per cent of scammers make contact with businesses via email or phone so it is important to be wary. He says small businesses can help protect themselves by backing up data.

“Backing up your data and keeping it offline or backing it up to the cloud is the single most important thing you can do to protect yourself from that threat,” he says. “If you pay a false bill by and large it won’t be the death knell of your business but if you lose all the information about your clients you could lose your business overnight.”

www.intelagencies.com

www.crimefiles.net

jfg7ouig6

Henry Sapiecha

Protect your small business from invoice email scams

fake-agl-invoice-containing-a-link-to-a-virus-image-www-scamsfakes-com

16 August 2016

Scam watchers ask that businesses be beware of an invoice email scam seeking payment re-direction.

The scam involves scammers pretending to be legitimate suppliers advising changes to payment arrangements. It may not be detected until the business is alerted by complaints from suppliers that payments were not received.

How these scams work

  • Scammers hack into vendor and/or supplier email accounts and obtain information such as customer lists, bank details and previous invoices.
  • Your business receives an email, supposedly from a vendor, requesting a wire transfer to a new or different bank account.
  • The scammers either disguise their email address or create a new address that looks nearly identical. The emails may be spoofed by adding, removing, or subtly changing characters in the email address which makes it difficult to identify the scammer’s email from a legitimate address.
  • The email may look to be from a genuine supplier and often copy a business’s logo and message format. It may also contain links to websites that are convincing fakes of the real company’s homepage or links to the real homepage itself.
  • The scam email requests a change to usual billing arrangements and asks you to transfer money to a different account, usually by wire transfer.
  • The scam may not be detected until the business is alerted by complaints from legitimate suppliers that they have not received payment.

Protect yourself

  • Make yours a ‘fraud-free’ business – effective management procedures can go a long way towards preventing scams. Have a clearly defined process for verifying and paying accounts and invoices.
  • Consider a multi-person approval process for transactions over a certain dollar threshold.
  • Ensure your staff are aware of this scam and understand how it works so they can identify it, avoid it and report it.
  • Double check email addresses – scammers can create a new account which is very close to the real one; if you look closely you can usually spot the fake.
  • Don’t seek verification via email – you may be simply responding to the scammer’s email or scammers may have the capacity to intercept the email.
  • If you think a request is suspicious, telephone the business to seek verification of the email’s authenticity.
  • Don’t call any telephone number listed in the email; instead, use contact details that you already have on file for the business, or that you have sourced independently – for example, from a telephone directory.
  • Don’t pay, give out or clarify any information about your business until you have looked into the matter further.
  • Check your IT systems for viruses or malware – always keep your computer security up-to-date with anti-virus and anti-spyware software and a good firewall.

iyunil

Henry Sapiecha