New Years Resolution: To Avoid Sophisticated Email Scams …
With the “silly season” now a distant memory and the New Year in full swing with many people exercising in the heat in an effort to accomplish one of their resolutions, it’s timely to bring to front of everyone’s mind the need to be vigilant with your business records and systems that you have in place to protect your data, as well as your cash.
We have been receiving a number of enquiries in relation to scams which range from simple phone calls to more elaborate email impersonations and identity fraud.
In the most simple form, a call is received, supposedly from the ATO, whereby the caller states that you have an outstanding liability with the ATO, and the police have been notified and are essentially coming to your door. But, to satisfy this fictitious outstanding liability, the taxpayer can simply go to a retail store and purchase the relevant value in store / online cards. In some ways this scam seems that it would be unlikely to be successful on a number of fronts – does the ATO ring direct? / do they immediately involve the police? / do they really accept vouchers as payment? – but it has worked many times in the past, playing on a taxpayers immediate fear of the ATO. As a rule of thumb, you can disregard these calls and hang up immediately, as the ATO will rarely contact you directly, without prior written confirmation and will always approach our office as first point of contact, as your agent.
More sophisticated methods have involved hacking the email accounts of legitimate businesses, copying letterheads and signature lines, and requesting fund transfers by the clients bank to overseas recipients. The scammers in these more elaborate schemes, have even been able to redirect incoming emails from the clients email address, to their own email address, so that any written confirmation sought by the Banks are subsequently authorised by what appears to be the genuine business owner. This scam has been so successful, that many Banks are now phoning clients, to confirm that the owner actually wants the transfer to occur.
Recent reports from the Australian Competition and Consumer Commission (ACCC) have revealed that Business Email Compromise (BEC) scams have totalled $2.8 million in 2018, and businesses which have fallen victim to scammers losing an average of nearly $30,000.
The ACCC’s Scamwatch division has called on businesses to urgently review how they verify and pay accounts and invoices, with reports of BEC scams rising by a third this year.
“BEC scams occur when a business’s email accounts are either hacked or ‘spoofed’ so their emails appear to come from the company”, the ACCC explains, “With other variations of the scam, the hacker will send an email internally to a business’s accounts team, pretending to be the CEO, asking for funds to be urgently transferred to an offshore account”.
These types of scams particularly affect businesses that have a number of overseas dealings, as it is not unlikely that funds are transferred regularly, but, “It’s a scam that targets all kinds of businesses, including charities and local sporting clubs. There is a misconception these scams target just small business, however the largest amount of reports and losses came from medium sized businesses, including one that lost more than $300,000,” the ACCC noted.
With these issues in mind we suggest that you make sure your IT security is up-to-date and consider multi-person approval processes any transactions over a certain dollar threshold.
This is not an insignificant threat to your business in the current climate, so if you have any concerns with unusual phone calls or emails, we suggest that you confirm any ATO contact with our office on (07) 5504 5700 and contact your financial institution immediately if you feel that your business has been placed at risk due to a possible funds transfer BEC.
Sources: Australian Taxation Office Website / Institute of Public Accountants / Tax & Super Australia