Email scams are on the rise, costing businesses more than $5.4 million already this year – up 42 per cent on last year, according to the Australian Competition and Consumer Commission’s latest small business in focus report.
Business email compromises (BEC) are scams where hackers gain access to a business email account or imitate a business’s email, then trick customers into making future payments to a ‘new’ account.
Westpac director of digital security Josh Nast says the recently released Westpac State of SME Scams Report found the average cost to a business of this type of scam is $94,000, although the bank has seen companies lose more than $1 million.
“These are the number one scams that are impacting businesses, both the small to medium enterprise businesses right up to the big commercial type businesses as well,” he says.
“What that means is they are exploiting, unfortunately, the inherent trust that businesses put in email.”
Nast says BECs are difficult to detect through the bank’s multi-layered fraud detection systems because in these cases the company has actually authorised the payments.
“So they’re not compromised, they’re willingly submitting that payment so that is very difficult for us to pick up,” he says.
“What’s really important is when those businesses do either suspect or identify a fraudulent payment or mistake, it is imperative they contact us as soon as possible.”
Businesses often don’t realise they’ve been tricked by the email scam until seven to 14 days later, when customers start to call, making it much harder to recover any funds.
“If we just look at BECs whereby the chief financial officer or the financial controller has submitted the payment, on average what we see at Westpac is we have a recovery rate of about half of those funds,” he says.
“What that tells you is the old adage that prevention is better than a cure, and it really is from our perspective.”
The survey found two thirds of SMEs did not train staff in scam prevention or awareness, with Nast advising a multi-faceted security approach with staff awareness key to stopping fraudsters.
“It’s not just a technology solution that you can throw at this, so you can’t go and buy a system that’s going to give you 100 per cent protection,” he says.
“Using simple programs, or even simple little kits online – and some of those are freely available for smaller to medium sized business – is empowering your people to learn how to spot these sorts of scams.
“Also, putting a simple process in where you say ‘hey, we’re not going to accept instructions by email to change BSB and account details unless we get you on the phone’, is generally going to make you a very hard target for these type of criminals.”
Nast says it’s important to report fraudulent BSB and account numbers, even if detected before making payments, as the intelligence helps banks uncover accounts being used by ‘money mules’.
He urged businesses to learn from each other by sharing their stories.
For more information about scams visit scamwatch.gov.au and cyber.gov.au.
►Westpac is a proud CCIWA Member. To help your business grow, checkout CCIWA membership packages here.
