Small businesses most vulnerable to scammers

Nearly 6000 businesses reported being targeted by scams in 2016 according to the Australian Competition and Consumer Commission’s Targeting Scams report, with losses totalling around $3.8 million — an increase of almost 31%.

The highest losses were to computer hacking, fake investment schemes and buying and selling scams, according to reports made to Scamwatch over the past year.

“Unfortunately, ransomware scams like WannaCry targeting businesses are not uncommon — we’re seeing steep increases in scammers contacting businesses to swindle them out of their money with varying types of scams. Small businesses with fewer than 20 staff are in particular the most vulnerable to scammers and accounted for nearly 60% of reported losses,” said ACCC Deputy Chair Dr Michael Schaper.

“The vast majority (85%) of scammers make contact with businesses via email or phone, so it’s important for any business to be aware that these scams are out there in the community and to scrutinise any requests they receive for payment or sensitive information,” Dr Schaper said.

Scamwatch reports the top three scams business should be aware of are:

Ransomware — These scams trick a victim into downloading a virus that infects computer systems and prevents user access until payment is made to unlock it. In 2016, reports indicate that there was an increase in ransomware emails to businesses, purportedly from legitimate companies such as Australia Post or a utility provider.

Business email compromise scams — These are a form of hacking scam that operate by the scammer obtaining access to a business’s email address. The scammer will then send an email (purportedly from senior management) to the business’s suppliers advising of new payment arrangements and requesting a wire transfer to the new account.

Investment scams — These scams are promoted as business opportunities (for example, sports investment or stock broker scams, superannuation schemes or managed funds) and promise inflated returns but are, in reality, nothing more than a method used to drain a business of its funds.

“Attacks on businesses where scammers try to trick, deceive or manipulate businesses into sending money or divulging confidential information continue to increase in both frequency and sophistication,” Dr Schaper said.

“These scams often result in one-off losses that a business can recover from. However, hacking, malware and targeted phishing now present significant financial and reputational risks to business.”

Protect your business

There are practical steps all businesses can take to protect themselves from scams:

• Always scrutinise new requests for any payment and have a clearly defined process for verifying and paying accounts and invoices.
• Regularly back up your computer’s data on a separate hard drive so this can be easily reinstalled if your computer is infected by malware or ransomware.
• Ensure your computer has a firewall and up-to-date antivirus and antispyware software.

Businesses can learn more about scams, including how they can be avoided, by visiting the Scamwatch website.