iTnews

Business losses to email spoofing scams skyrocket: ACCC

By Matt Johnston on Nov 26, 2018 11:12AM
Business losses to email spoofing scams skyrocket: ACCC

ACCC reports $2.8m lost since January, with more to come.

The Australian Competition and Consumer Commission is calling for an urgent review of the way businesses verify and pay invoices following a 30 percent increase in the number of business email compromise (BEC) scams this year.

The ACCC's Scamwatch has received reports of BEC scams totalling $2.8 million in the 10 months to November, up from $2.1 million the previous year.

An ACCC spokesperson told iTnews a further $600,000 is expected to be lost to BEC scams in November and December.

“This is a very sophisticated scam, which is why many businesses only realise they’ve been caught out once it’s too late,” ACCC deputy chair Delia Rickard said in a statement.

BEC scams typically occur when a business’ email addresses are spoofed or when the accounts are hacked by scammers - making any correspondence appear legitimate.

The hacker then sends emails to customers claiming the business’ banking details have changed and that future invoices should be paid to a new account.

In other variations of the scam, the ACCC says the hacker will send an internal email to a business’ accounts team, pretending to be the CEO, requesting that funds be transferred to an off-shore account or that salary and rental payments be redirected.

BEC scams can cause significant financial harm, accounting for almost two-thirds of all business losses reported to Scamwatch.

The average loss per victim sits near $30,000, however, as more scams target conveyancers, real estate agents or law firms as was the case with a PEXA property settlement earlier this year, the scope for losses can extend to hundreds of thousands of dollars.

“It’s a scam that targets all kinds of businesses, including charities and local sporting clubs. There is a misconception these scams target just small business, however the largest amount of reports and losses came from medium-sized businesses, including one that lost more than $300,000,” Rickard added.

“Effective management procedures can go a long way towards preventing scams, so all businesses should firstly be aware these scams exist and that their staff know about them too.

“They should consider a multi-person approval process for transactions over a certain dollar threshold and keep their IT security up-to-date with anti-virus and anti-spyware software and a good firewall.”

Rickard recommended that businesses should also check directly with their supplier if they notice a change in account details by using other contact details than the ones provided in the potentially-fake email.

“Find older communications to ensure you have the right contact details or otherwise independently source them, so they can be sure they’re not contacting the scammer,” Rickard said.

The ACCC also recommended businesses should contact their financial institution and do an audit of their email and data systems to make sure they are secure.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
accc business email compromise scam scamwatch security
In Partnership With
By Matt Johnston
Nov 26 2018
11:12AM
0 Comments

Related Articles

  • Australians lost $16m to ID theft so far this year
  • Spike in remote access scams costs Aussies over $4m
  • TPG pleads kybosh on both Huawei and merger will knock it flat
  • ACCC blames premature TPG merger rejection reveal on unpatched CMS
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

CBA slammed by RBA for stalling New Payments Platform

CBA slammed by RBA for stalling New Payments Platform

TPG 'contemplates' future of sub-$60 NBN plans

TPG 'contemplates' future of sub-$60 NBN plans

Inside Infosys' complex Centrelink payments calculator overhaul

Inside Infosys' complex Centrelink payments calculator overhaul

NBN Co challenges Australia's $60 broadband 'sweet spot'

NBN Co challenges Australia's $60 broadband 'sweet spot'

You must be a registered member of iTnews to post a comment.
Log In | Register

Whitepapers from our sponsors

Are you getting profitable outcomes from your IT?
Are you getting profitable outcomes from your IT?
Your Microsoft Security journey starts here
Your Microsoft Security journey starts here
Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should  reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?

Events

  • Gartner Data & Analytics Summit
  • 2nd Data Governance & Management Summit Melbourne
  • 3rd Intelligent Automation Sydney Summit
  • Technology Risk Management Summit 2020
  • 7th University IT Service Strategy & Challenges
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.