Cybercrime is hitting Australian businesses hard. With reports of more than 13,672 cybercrimes from July to September last year alone, with a total annual estimated loss of $328 million, small businesses need to be alert and prepared. And cybercrime doesn’t discriminate by business size, with even a small loss of income or brand damage resulting from cyber fraud potentially having devastating impacts.
Small businesses are especially vulnerable to cyber fraud. According to the ACCC, small businesses with fewer than 20 staff are most likely to be targeted by scammers and account for more than 75 per cent of reports.
It’s the little things
Business Email Compromise (BEC) is a huge issue and can have devastating financial and reputational impacts on businesses. Fraudsters will look through emails to find a vulnerability, for example, an open invoice, something they can exploit or sell on to other hackers for a price. Or they will re-create an old supplier invoice that fits within a predicted pattern.
The perpetrators of cyber fraud prey on the humanity of business – a small-business owner has a huge amount of responsibility in the business and has many other priorities alongside protecting against fraud. As small business owners juggle multiple roles, and work long hours, preparing to protect against the risk of cybercrime may not be a priority.
New cybercrime trends are also emerging. In the past two years alone, a growing number of hackers are using Skype to contact clients to show more authenticity and mirror the actions of the business’ regular contacts. When leaks and hacks aren’t handled correctly, this can have a significant impact on brand reputation in the market.
Current landscape
According to the FBI and based on financial data, banks located in China and Hong Kong are often the primary destinations of fraudulent funds. As businesses in Australia do a huge amount of business with these markets, they can be vulnerable to attack.
People that are phishing may be sending thousands of emails to thousands of people. While they may not be specifically targeting Australia, Australian businesses are often the victims, because of their location and regular trade with vulnerable regions.
Fraudsters are often reviewing activity on accounts to ensure that they are moving money in patterns that look normal, to avoid detection.
Although cybercrime can be complex in nature, more often than not it’s a simple email compromise that can result in devastation to a business.
Keeping vigilant
There are some straightforward steps that businesses can take to help protect again fraud, including keeping an eye out for these concerning behaviours:
- Any notifications that indicate changes to an invoice, especially changes to country of destination.
- Inconsistencies in any emails received, including grammar, spelling or structure.
- A sense of urgency for a transaction to take place.
- Incorrect email addresses – email addresses can mimic those of well-known financial institutions and key suppliers.
Seek out help
All businesses should feel comfortable asking for help and more information on how to prevent and address cybercrime. There are some great resources available online by both the government and leading financial institutions.
Business email compromise can be stopped for the price of a phone call – help yourself, you don’t need to spend thousands to be prepared.
Alex Bevan, Senior Manager of Fraud and Internal Investigations, Western Union Business Solutions