Be aware of scam emails, protect yourself and your business
We have recently had a number of cases of clients being caught out by email fraud, where there was an email requesting to change bank details. We have seen this before where the request is either in the email itself or has been made within the invoice attachment itself.
In December 2019 alone over $14 million was lost in scams with investment scams, dating and romance and false billing the top three scams by amount lost. The most common scams are via the phone, internet or email*.
There seem to be more ways scammers are trying to take advantage of any opportunity, we have seen this with the recent bushfires with scammers setting up false charity pages.
Scam emails and cybercrime are also becoming more common as data and businesses move online. It used to be a prince from Nigeria emailed, saying you will receive large amounts of money if you help get the money out of Nigeria by providing your bank account details.
What these scammers are doing is called phishing, which is a form of fraud in which the attacker tries to learn information such as login credentials or account information by posing as a legitimate, reputable entity or person in email or other communication channels.
As scammers become more evolved with technology they are finding more sophisticated ways to take advantage. To give you peace of mind, now is a good time for a fresher on email scams and what you can do to protect yourself and your business.
Government agency emails
Scammers can disguise themselves as government agencies, such as the Australian Taxation Office (ATO) or ASIC to trick you into revealing details such as your tax file number (TFN) over the internet. They may also request bank account or credit card details for payments or refunds. They use the authentic logos; however they are not from genuine email accounts. So, make sure you check the email accounts the email is coming from and confirm by calling.
Invoice changing bank details
This type of scam is when sent items in email accounts are hacked and invoices are duplicated (with authentic logos and details). Bank account details on the invoice are then changed to a different bank account. An email is then sent to the customer with the modified invoice asking the customer to instead pay into the new, fraudulent account number. The email looks authentic as they have also copied the email signature across.
For businesses, it is important if you notice a change in payee bank account details that you verify the change over the phone with the payee. Also, look out for invoices coming from email addresses that are not quite right. For example, emails from a business may be firstname.lastname@example.org as the original address and email@example.com as the fake one by missing the last ‘s’ in business.
Signs of an email scam
Scam emails can contain the following signs:
- Alarmist messages and threats of account closures.
- Promises of money for little or no effort.
- Deals that sound too good to be true.
- Requests to donate to a charitable organisation after a disaster that has been in the news.
- Poor grammar and spelling errors.
- Email addresses that are not from the company.
What can you do?
- Do not download or open any attachments you are unsure of in an email.
- Check the email address is legitimate and the message has no misspellings/bad grammar.
- Make sure you have the latest anti-virus software installed.
- Never give out your personal details unless you know who you are giving them to and are 100% sure they are legitimate.
- Automatically set regular scam emails to go directly to junk mail and if you use Outlook you can right click and ‘Report Junk’.
- Google the email subject and check it is not a scam or go to ScamWatch for all the latest scams.
- If you are a small business, use accounting software for your invoicing (not sure who, then speak to us and we can point you in the right direction).
- If there is a request for a bank account change, call to confirm there is an update and the confirm the details.
- If your business has a large amount of data you might like to consider cyber insurance.
- Regularly change passwords.
What to do if you think you are a victim of a scam:
- Change the passwords or PINs on all your online accounts you think might be compromised.
- Contact the bank and make them aware of the fraud and check what you need to do. If it is an invoice scam and you are affected, you will need to advise the police.
- Do not click on any links in the fraudulent email message.
- If you know of any accounts that were accessed or opened fraudulently, close those accounts.
- Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.
With the growth in scams there is also an upgrade in security by businesses to prevent system breaches, however, everyone needs to be vigilant of scam emails. Remember, if you are unsure do not open the email or attachment until you verify its authenticity, Nigerian prince or not.
Note: all examples are based on a few recent scam emails that we have seen and suggestions only on what may help to protect you, contact an IT professional for any IT security concerns.
*Stats from the ACCC Scamwatch website
The realities of insuring against cybercrime
15th July 2020
Think your business is too small or that your data and information isn’t important enough to be targeted by hackers? Think again.
Much of our communication, be it personal or businesses-related,... more
COVID-19 Business Impact Insights
8th July 2020
DFK ANZ recently completed a survey in May 2020 on the impacts of COVID-19 businesses.more
Tax return tips
8th July 2020
Despite the current COVID-19 world in which we live, the procedures for completing and lodging tax returns remains pretty much the same.
So, before we sit down with you (in person or virtually) to... more