Phishing attacks, unauthorised charges to accounts or cards, and the impersonation of banking staff are all everyday criminal activities that threaten the finances and livelihoods of Australian small businesses.
As criminals become increasingly sophisticated, companies must educate employees on the danger signs to look out for – and the lessons should be regularly refreshed.
Scams are a common way that cybercriminals target small businesses. They work by impersonating management, clients or suppliers, requesting money to be transferred, or inciting people to click on malicious links or attachments that can harvest log-in details and passwords to bank accounts or other confidential resources.
“Cybercriminals may try to scam your business through email, text messages, phone calls, and social media,” warns Rebecca Warren, Executive General Manager of Small Business Banking with Commonwealth Bank (CommBank). “They will often pretend to be a person or organisation you trust.”
For example, a sole trader customer of CommBank received a call from a man with a British accent claiming to be from the security team, advising her that a suspicious payment had been made from her account and he needed her to help him access her CommBiz service so he could resolve the problem. When she could not log in, she believed the caller: The victim had provided enough information for him to reset the password already, and when she tried to log in, her password no longer worked.
The customer provided the scammer with the answers to her security questions and generated three e-tokens over the course of the call, resulting in $700,000 lost from the company’s business account.
Phishing attacks
Phishing attacks, another type of scam, often contain a link to a fake website where staff are encouraged to log in to an account or enter confidential details. The intent is to obtain passwords that cybercriminals can use to “take over” the online accounts of small businesses and hold them to ransom. Business Email Compromise is another. Here, a scammer will use email to trick someone into sending money or paying a fake invoice. Others may pretend to be someone in the business and seek confidential company information that can be used to carry out another scam.
The impact can be devastating
The impact of not taking cybersecurity seriously could devastate SMEs, explains Rebecca Warren, Executive General Manager of Small Business Banking with Commonwealth Bank (CommBank). But, working with small-business owners daily, she understands their challenges and why – with so much pressure from responding to rising costs, tightening consumer spending and inflation on their minds in the current economic climate – cybersecurity may not always be top of mind. A lack of time is among the leading causes.
“We know small business owners often work around the clock and have competing priorities with limited time on their hands, which can make them an easy target for scammers and cybercriminals,” she told Inside Small Business.
CommBank works very hard to educate small-business owners about staying safe from scams and cyber threats, says Warren, hosting in-branch seminars on scams and fraud awareness for small businesses nationwide, among other initiatives.
The bank halved scam losses to its customers last financial year according to CommBank’s annual report and it is actively working with other businesses and governments to reduce scams further.
“We firmly believe a coordinated and whole-of-ecosystem response is required to fight scams – across financial institutions, telcos, government, social media and digital platforms, as well as from consumers.”
She says Commbank has invested $800 million to protect account holders from scams, fraud, cyber, and financial crime and has more than 4000 people working on preventing and disrupting crime, figures published in its annual report this year.
Warren urges all small businesses to educate employees about critical cybersecurity threats to reduce the risk of harm:
- How to spot a scam or phishing attack.
- Common cyber security threats such as compromised business email and ransomware.
- The importance of using strong passwords or passphrases, multi-factor authentication and regular software updates.
- What do you do when you think you might be a victim?
CommBank’s three critical tools for fighting fraud and scams
CommBank is delivering initiatives that help customers stay safe by improving early detection and prevention of scams through essential tools NameCheck, CallerCheck and CustomerCheck, as well as progressive advances in its own cyber protection.
NameCheck is a security tool that searches the account details you’ve entered when making a first-time payment in NetBank, the CommBank app or CommBiz and uses available payment data to indicate whether the account details seem right. Since its launch last year, NameCheck has already prevented over $410 million in mistaken payments and scams, according to CommBank’s annual report.
CallerCheck gives customers peace of mind when they receive a call from an unknown number, indicating that the bank is genuinely contacting them. It triggers a security message in the CommBank app so account holders can verify that a caller claiming to be from CommBank is legitimate.
CustomerCheck is a push notification within the CommBank app sent to customers to confirm their identity when they visit a branch or speak to a CommBank staff member in person. It sends a security message to the account holder’s CommBank app.
CustomerCheck and CallerCheck are the bank’s preferred verification methods, offering a secure way to complete the identification process in place of existing identification methods like a signature if there is evidence or concern their identity may have been compromised.
Beyond those critical start-of-the-art tools, the bank is constantly monitoring transactions, looking for unusual activity using AI, with humans stepping in when the system flags something as odd. The bank will contact the customer if something suspicious is detected in an account, so Warren urges customers to ensure their contact details are always up-to-date.
CommBank is also working hard to educate small-business owners about staying safe from scams and cyber threats. “We’ve partnered with the Council of Small Business of Australia and Telstra to launch the Cyber Wardens Program, designed to upskill small businesses in cyber safety, and we host in-branch seminars on scams and fraud awareness for small businesses across the country,” explains Warren.
Stop. Check. Reject
Finally, CommBank urges all SMEs to remember three simple steps when someone phones or emails saying they are representing CommBank: Stop. Check. Reject.
Stop: Does a call, email or text seem off? The best thing to do is stop. Take a breath. Real organisations won’t pressure you to act instantly.
Check: Ask someone you trust or contact the organisation the message claims to be from.
Reject: If unsure, hang up on the caller, block the phone number, or delete the email. And change your passwords.
- To learn more about how CommBank helps protect Australian businesses, visit the bank’s website here.
Things you need to know:
This article has been published for general information purposes only. As this information has been prepared without considering your objectives, financial situation or needs, you should, before acting on this information, consider its appropriateness to your circumstances, if necessary, seek professional advice. The Bank believes that the information in the article is correct and any opinions, conclusions or recommendations are reasonably held or made, based on the information available at the time of its compilation, but no representation or warranty, either expressed or implied, is made or provided as to accuracy, reliability or completeness of any statement made in the article.
Commonwealth Bank of Australia ABN 48 123 123 124 AFSL and Australian credit licence 234945.
