Australia markets closed

Scams targeting even the smallest businesses are up year-on-year. Here are the biggest ones you should know about.

Matt Hopkins

This article is sponsored by Telstra. Read more here.  »

Scams cost Australians hundreds of millions of dollars every year. In 2019, the dollar figure was just shy of $143 million according to Scamwatch, with 2020 already clocking in a loss of more than $52 million.

Unsurprisingly, February saw an enormous spike in scam reports, with COVID-19 providing ample opportunity and distraction for those looking to cash in on the chaos in dubious ways, showing many businesses, many of which are small to medium-sized (SMBs), that they're not as safe as they assume.

Whether you're an individual or a business owner, now is the time to educate yourself on how the most common scams work, how to spot them, and how to protect yourself and your interests, something that's particularly important for SMBs where admin staff may be targeted. In fact, Telstra’s 2020 Business Intelligence Report* provided to Business Insider Australia indicated that the security of transactions and data is one of the Top 5 factors that help 40% of respondents decide whether they can trust a business or not.

The report also shows a disconnect when it comes to what SMBs consider sensitive customer data, which can be as simple as a name and contact details rather than the extremes of credit card or bank details.

“Telstra’s Cyber Security specialists spend a lot of time helping to secure our SMB customers, who are often surprised to find out that hackers will happily take small pieces of customer information," Telstra’s Cyber Security Executive Matthew O’Brien told Business Insider Australia.

"This includes such things as names and contact details, which are elements of personally identifiable information (PII) that are used to commit fraud. Some are also surprised to realise that they may face large fines should their customer data be misused or stolen.”

Surprisingly, only 15% of SMB respondents regard data security as a key factor in driving consumer trust. Just because you think it won't happen to you doesn't mean you're safe. Here's what to be on the lookout for.

COVID-19

Many scammers are looking to make a quick buck out of the COVID-19 outbreak that has most of the world in lockdown. As cybersecurity expert and lecturer from the University of Sydney's School of Computer Science, Dr Suranga Seneviratne says, it's all about taking advantage of the distraction.

“We are witnessing increasing numbers of cyberthreats amidst the COVID-19 chaos," he said in a note issued to Business Insider Australia. "Attackers are trying to leverage the fact the people are preoccupied, thus on less alert and are mostly using home computers that might be less secure compared to a corporate environment.”

While plenty of the current scams are attacking individuals, others are going after businesses. In the current climate, individual workers are often an easy way for scammers to access businesses, particularly SMBs surveyed in Telstra’s 2020 Business Intelligence Report, 38% of which say they have no security practices in place according to Telstra.

With working conditions for many across the country changing, companies need to be vigilant when it comes to their staff working from home and how they interact on what is essentially an extended company network.

“It is also time that the enterprises verify their security perimeter and make sure that their VPN infrastructure is appropriately configured and up to date," Dr Seneviratne said. "They should be on high-alert with the increased numbers in the workforce working from home.”

In other words, employees need to be vigilant of their own cybersecurity just as much as businesses do. Telstra’s Business Intelligence Report shows that although 63% of SMB owners are confident their employees fully understand data security and threats to it, only 49% of those employees surveyed actually agreed that they are indeed confident on those points.

Being able to effectively identify and ignore a phishing attempt is one of the most important skills a worker should have right now. Scammers will often phish via email using a fake address that looks incredibly similar to a legitimate one. They may be asking the user to enter sensitive information or download a file that contains malware.

For example, someone posing as a frequent merchant used by a business may contact a staff member directly asking for sensitive information. The recipient may not notice that the email address is slightly different than usual or that the spelling throughout is incorrect, two details that can give phishing emails away.

In fact, there are many tells to these scams, but in these times, it's wise to be suspicious of anything asking for details of any kind. The best defence is to simply call the company the email claims to be from to confirm the authenticity of the correspondence directly.

To defend against more pointed attacks, Telstra recommends small and medium business owners take a holistic approach to cybersecurity, including managed firewalls, gateway protection and more. The company also offers valuable support for security incidents, post-breach recovery, back up and recovery plans, malicious software removal and more.

False billing

As the name suggests, this involves receiving a fake invoice or letter for any number of things. Some may be inviting you to be listed in a fake directory or chasing payment on items that were never ordered, while others could be asking you to renew a domain name.

These scams usually rely on those handling administrative duties not knowing whether the contents of an invoice have actually been requested by the business. With Telstra showing that 48% of SMB respondents are managing their own cybersecurity completely in-house, much of it fails to consider the competence of employees when it comes to identifying scams.

According to Scamwatch, there are a number of ways to protect a small business from false billing. Most importantly, business proposals should never be agreed to over the phone. If a company offers a product or service out of the blue or you're unsure about any part of the offer, more information should be requested in writing. Seek independent advice if you're still unsure.

Businesses should also try and limit the number of authorised buyers to help ensure the bills received are from suppliers you normally deal with. Invoices should always be reconciled with the goods or services purchased and the fine print should always be checked before arranging payment.

Malware

Malware is malicious software that, when installed on a computer, can track things like files, the keys you press and actions you carry out or lock files, demanding a fee be paid for their release.

In 2018, a virus known as WannaCry infected more than 140,000 Australian businesses, costing those willing to pay the ransom thousands to access their own files.

Malware can be installed onto a device in a number of ways, but most involve clicking on a bogus link or email attachment that looks legitimate. These can come in the form of emails, random social media messages, pirated music, video game or movie files and more.

"Many email-based ransomware scams use fake bills as attachments to infect your computer," Scamwatch says. "If you receive an unexpected bill from a utility provider, do not open the attachment."

It's best not to open attachments or links sent to you by people you don't know, particularly if they end with the file extension ".exe". Businesses and individuals should ensure they have up to date virus protection installed to help catch malware that falls through the cracks.

Telstra's Business Intelligence Report indicates that more than half of SMBs who have experienced an attack saw a direct financial impact, with one in five SMBs taking weeks or longer to resolve the issue. With livelihoods on the line, having comprehensive protection is incredibly important.

While businesses are more likely to encounter the scams above, there are all kinds that are constantly evolving. To ensure your business is as protected as it should be against threats like these, you can learn more about Telstra's business protection here.

*The Business Intelligence Report had a sample size of 2,000 respondents.