Australian businesses were fleeced more than $60 million from scams targeting business emails last year, the Australian Competition and Consumer Commission revealed in its Targeting Scams 2018 report released this week.

This was almost triple the $22.1m losses for ‘business email compromise’ scams recorded in 2017.

 “The scam involves a scammer gaining access to a business’s entire email or IT systems or at least the email account of a key person in a business who deals with the transfer and receipt of money,” the report says.

“Scammers evidently trawl the internet for the details of chief financial officers, accountants, payroll officers and even the treasurers of small community sports clubs to target.

“It is believed that scammers either hack their way into the email accounts or use information gathered in phishing scams to log in.”

According to the report, ‘false billing’ scams were also on the rise with hackers gaining access to mass email systems used to send marketing emails or invoices to customers, then sending large numbers of fake invoices from the businesses’ real email accounts but with the scammers’ payment details.

Payrolls can also be targeted with fraudsters impersonating employees asking for their pay to be paid into a different account.

Scammers also targeted real estate agencies by hacking email systems then redirecting customers to pay their large property deposits to the scammers’ accounts. 

The ACCC used data from its Scamwatch service, the Australian Cybercrime Online Reporting Network (ACORN) and other state government agencies to compile its report, which can be found here.

 “Total combined losses reported to Scamwatch and other government agencies exceeded $489 million – $149 million more than 2017,” ACCC Deputy Chair Delia Rickard said.

“And these record losses are likely just the tip of the iceberg. We know that not everyone who suffers a loss to a scammer reports it to a government agency.”

Investors were fleeced $86m (up 34 per cent) and online daters lost more than $60m (up from $42m) in other targeted scams.

Rickard said the ACCC had been working with banks, financial intermediaries and online classified sites to disrupt scams and called on social media platforms and telecommunications providers to do more to limit the ability of scammers to connect with victims.  

For information on how to identify threats to your business visit the Australian Cyber Security Centre (ACSC), which released the Essential Eight Maturity Model to help organisations mitigate cyber security incidents.

Election: Cyber pledge

Meanwhile, Prime Minister Scott Morrison pledged $156m to protect older Australians, small businesses and national security assets from the risk of cyber-attacks if re-elected on May 18.

Cybercrime costs the Australian economy more than $1 billion annually, particularly impacting families and small and medium sized businesses.

The cyber resilience and workforce package would include:

  • $50m to create a cyber security national workforce growth program to create the cyber workforce needed in the decades to come.
  • $40m to establish a countering foreign cyber criminals capability within the ACSC and drawing on the expertise of the Australian Federal Police to combat the increasingly sophisticated organised cybercrime gangs.
  • $26m to support the ACSC to expand its assistance to the community in the fight against cyber criminals and actors.

A further $40m would be dedicated to the defence sector to:

  • Accelerate the creation of 230 positions for military cyber operations specialists in the Australian Defence Force (ADF) over the next four years.
  • Building on the ADF gap year program to create up to 100 new positions each year that are focused on cyber and information warfare domains.
  • Expand Australian Government cyber security ‘SPRINT’ teams to work with owners and operators of critical infrastructure to prepare against future cyber threats.