As part of Scams Awareness Week, the South Australian Police are focusing on Business Email Compromise (BEC) – one of the most financially damaging online crimes.
In South Australia, between July 2023 and June 2024, 318 reports saw more than $9.4 million lost to scammers, noting the data relates to ReportCyber reporting only.
Data suggests construction and landscaping businesses are most frequently targeted, making up 32 per cent of reports, with agriculture businesses following close behind at 31 per cent.
“In these scams, they use email to trick someone into sending money or divulging confidential company information,” Cybercrime’s Sergeant David Mitchell said.
“The cybercriminal often poses as a trusted figure, then asks for a fake bill to be paid or for sensitive data they can use in another scam.
“Victims assume this request is legitimate and will then send invoice payments to a bank account operated by the scammer.”
Red flags for businesses:
- Notification that your account details have changed.
- Invoices have different reference or payment numbers.
- Out-of-the-ordinary emails from within a business.
- Spelling mistakes in emails.
- Requests for money, especially if urgent or overdue.
- Attachments, especially from unknown or suspicious email addresses.
- Requests to check or confirm login details.
- Unexpected or suspicious links.
Prevention advice:
- Turn on multi-factor authentication. Having multi-factor authentication increases the security on your email account.
- Remember to use a strong passphrase for your email account.
- Beware of ‘Email spoofing’ that occurs when someone forges the “From:” field of an email to say that it was sent from an email address other than their own. Contact the sender using an alternative method.
- Protect your privacy! Cybercriminals can learn a lot about someone by doing a simple Google search. Be careful posting information online that identifies:
- where you work
- what your position is
- your work email address
- your personal email address
- If your email address can be found on various websites or forums, it may become a target for impersonation.
- Implement policies and procedures. If a staff member receives an email with an unusual or unexpected request, stop and find out if the email is legitimate before actioning the request.
- Have a reporting process to report threatening demands for immediate action.
- Training and awareness. The best defence against email scams is training and awareness for your employees, including how to identify scams or phishing attempts.
Find out more about the resources and support South Australian businesses have access to safe guard their business here > Scams Awareness Week 2024 | Scamwatch
