New data from ANZ’s Scams Unit confirms business email compromise is on the rise among Australian businesses, with scammers using modified invoices as their latest ruse as this issue now accounts for 25 per cent of all business customer loss.
Head of ANZ’s Scams Unit, Marc Broome, said, “Email compromise is having a significant financial impact on Australian businesses with scammers becoming more sophisticated and going to great lengths to convince you they are legitimate.
“Over the past 12 months we have seen an 80 per cent increase in businesses being targeted with modified invoice scams, where scammers hack into a supplier’s email account and reissue invoices to their customers with updated bank account details,” Broome said. “In 95 per cent of cases we manage, the business was expecting to receive an invoice from a particular supplier and didn’t realise they’d been scammed until the legitimate supplier questioned why the invoice hadn’t been paid.”
The new data from ANZ’s Scams Unit covers the period from September 2017 to September 2019 and shows investment scams, investment, romance, and remote access scams continue to cause significant losses.
Australians are set to lose a record amount to scams in 2019 with projections from losses reported to Scamwatch and other government agencies expected to exceed $532 million by the end of the year. Modified invoice scams are the fastest-growing scam amongst Australian businesses, accounting for more than $5.5 million in financial losses over the past 12 months.
ANZ is urging businesses to be extra vigilant in the lead up to the summer holiday period.
“The weeks leading up to the holiday season can be chaotic and overwhelming and cybercriminals target this time of year to take advantage of business owners,” Broome said.
“Because scams such as modified invoices don’t often use malicious links or attachments, they can get past anti-virus programs and spam filters.”
ANZ is encouraging Australian businesses to stay screen smart and make a PACT to get on top of their cybersecurity with some simple measures:
Pause before sharing your or your customer’s personal information – ask, do I really need to give my information to this site or person? If it doesn’t seem right, question it – even if it appears to be from someone senior in your business.
Activate two forms of identification – as well as a strong password to protect the security of your email account. Two-factor authentication adds an extra layer of security, and stops criminals getting into your account even if they guess or steal
Call out suspicious messages – be aware of current scams. Ensure you have a process in place for employees to identify and action suspicious emails, texts or phone calls. If you receive a suspicious email, report it. And share it with staff to ensure they understand what to look for. Sign up for alerts from the ACCC’s Scamwatch and Stay Smart Online.
Turn on automatic software updates – set software, operating system and apps to auto update to make sure you get the latest security features.
ANZ urges anyone who fears they have been scammed to report it immediately to the ACCC. If bank account details have also been provided to a scammer, ANZ asks people to contact their bank or financial institution immediately.