Australian businesses have lost more than $2.8 million dollars to fraudsters intercepting their internal email networks, a report has revealed.
According to Scamwatch, businesses lost on average $30,000 to business email compromise (BEC) in 2018, with one firm losing as much as $300,000.
The Australian Competition and Consumer Commission (ACCC)-dedicated website, Scamwatch, stated the number of reported incidences has grown by a third this year.
Taking place in a variety of guises, BEC most commonly occurs when a hacker is able to spoof a business’ email address so their messages appear to come from the company.
The hacker then sends legitimate-looking emails to customers claiming that the business’ banking details have changed and that future invoices should be paid to a new account, causing payment to be inadvertently sent to fraudsters.
In other instances, the hacker will send a spoofed email internally to a business’s accounts team, pretending to be the CEO, requesting funds - such as rent or salaries - be transferred to an off-shore account.
Scamwatch also claimed hackers had intercepted house deposits sent to conveyancers, real estate agents or law firms. The public body added that 63 per cent of the business which encountered the fraud experienced "significant losses".
"It’s a scam that targets all kinds of businesses, including charities and local sporting clubs,” said ACCC deputy chair Delia Rickard. “There is a misconception these scams target just small business, however, the largest amount of reports and losses came from medium-sized businesses.”
Advising on how to prevent incidences, Rickard said businesses should keep their anti-virus and anti-spyware software up-to-date and consider using a multi-person approval process for transactions over a certain threshold.
She added that using a good firewall and checking with suppliers if they notice any payment detail changes would help prevent losses.
According to Scamwatch data, there were nearly 49,000 scams relating to attempts to gain personal information in 2018, costing a total of $8 million. Within that, 6,900 were hacks, 10,200 came from identity theft, 10,000 from remote access scams and nearly 20,000 from phishing.