Australian businesses are still losing millions to hackers who infiltrate email platforms to trick employees into sending them money.
A report from the Australian Competition and Consumer Commission revealed that hackers used “sophisticated” business email compromise scams to steal up to $3.8 million from businesses in 2018. When combined with losses reported to the Australian Cybercrime Online Reporting Network (ACORN), the losses amount to $60 million.
Overall, Australian businesses lost more than $7.2 million from 5800 scams in 2018, more than double the amount lost in 2017.
The prevalence of business email compromise scams was due to hackers gaining access to mass emailing systems, sending fake invoices with the scammer’s payment details to unsuspecting employees.
“Scammers are hacking business email systems and impersonating the intended payment recipient. The scammers request changes to bank account details so that the business makes the payment to the scammer instead of the legitimate business,” ACCC deputy chair Mick Keogh said.
“Depending on how long the scammers get away with this and how large the transfers are, this scam can be devastating to a business’s bottom line – to the extent of forcing small and medium businesses into closure.”
The ACCC said small businesses with fewer than 20 staff were more likely to be targeted, and accounted for more than 75 percent of reports. They were also more likely to be hit with false billing scams with 1819 reports, while investment, hacking and phishing scams also caused losses.
“Australian businesses must protect themselves by ensuring their staff are aware of these scams so they can identify and avoid them,” Keogh said.
“Every business should have clear processes for transferring money and a procedure for verifying requests to change bank account details that uses multiple modes of communication.”