Businesses should urgently review how they verify and pay accounts and invoices, says the ACCC.
The Australian Competition & Consumer Commission has renewed its warnings against business email compromise (BEC) scams, with businesses reporting a total of $2.8 million in losses.
ACCC deputy chair Delia Rickard urged businesses to urgently review how they verify and pay accounts and invoices, as the reports have increased by a third compared to last year.
“This is a very sophisticated scam, which is why many businesses only realise they’ve been caught out once it’s too late,” Rickard said.
A BEC scam involves the unauthorised access or the ‘spoofing’ of a business’s email accounts, with the intention of scamming customers.
One variant of the scam involves the hacker claiming that the business’s banking details have changed and that future invoices should be paid to a new account. Another sees the attacker sending an email internally to a business’s accounts team, pretending to be the CEO, asking for funds to be urgently transferred to an offshore account.
In September, NSW Police and the Australian Border Force charged four people for their involvement of a BEC scam that was run out of the Villawood Immigration Detention Centre.
The group has allegedly scammed people out of more than $3 million, along with identity theft, romance scams and the fraudulent sale of goods.
“It’s a scam that targets all kinds of businesses, including charities and local sporting clubs,” Rickard said.
“There is a misconception these scams target just small business, however the largest amount of reports and losses came from medium sized businesses, including one that lost more than $300,000.”
Rickard added that the $2.8 million figure only represents a fraction of total losses to this variety of scam across Australia, with BEC scams accounting for 63 per cent of all business losses reported to the commission’s Scamwatch program. The average loss is close to $30,000.
“Effective management procedures can go a long way towards preventing scams, so all businesses should firstly be aware these scams exist and that their staff know about them too,” Rickard said.
“They should consider a multi-person approval process for transactions over a certain dollar threshold and keep their IT security up-to-date with anti-virus and anti-spyware software and a good firewall.”
Earlier this year, the ACCC said Australians had lost a total of $340 million to scammers in 2017, the highest losses ever since the commission started reporting scam activity.