- Sponsored
- Business
- Small business
- CommBank
This was published 4 months ago
Small business, big scams: How fraudsters are targeting SMBs
Sponsored by CommBank
By Katie Cunningham
The email Ben* received from his “boss” seemed normal at first.
Ben, who works as a finance assistant for a medium-sized building company, received a request from his boss to pay a supplier. The email came directly from his boss’ address, so he proceeded to create and authorise the payment – for $60,000.
But the request for payment hadn’t come from his boss at all. Rather, it was from a hacker who had compromised his boss’ email address with the intent of defrauding him.
Stories like Ben’s are on the rise. In 2023, Australians reportedly lost $2.74 billion dollars to scams, with a 27.9% rise in the number of scams reported by Australian businesses.
Business email compromise scams, like the one Ben experienced, are one of the most common scam types affecting business owners.Credit: iStock
“We all know small business owners are extremely busy people, with multiple competing priorities at any given time,” shares Rebecca Warren, executive general manager small business banking at CommBank. “This can make them more vulnerable to scammers, who are banking on small business owners and employees to overlook some of the red flags they would otherwise spot.”
Business email compromise scams, like the one Ben experienced, are one of the most common scam types affecting business owners. They involve scammers hacking into an email account to intercept and redirect a legitimate payment email or create a new falsified payment email.
These scammers may initially gain access to your accounts by phishing, where they trick you into entering your username and password onto a fake login page. Once they’re in, they monitor your email correspondence and can wait months for the opportunity to strike.
Then, the scammers either intercept and tamper with an existing payment request email, or initiate a new payment request to a trusted colleague.
“Since these emails come from the legitimate email account, and closely mimic regular correspondence, they are near impossible to detect by email providers and are highly successful against their victims,” Warren says.
But business email compromise isn’t the only type of scam business owners need to watch out for. Australian small businesses may also be targeted with investment scams, where scammers offer a ‘once-in-a-lifetime opportunity’ to make easy money, pretending to be anyone from a stockbroker or a portfolio manager to an investment professional.
Remote access scams – where scammers trick victims into giving them remote access to their computer and personal information so that they can access their bank accounts – also target business owners.
The toll of such scams can be huge, in more ways than one.
“Unlike the big end of town, small businesses are often family-run, have fewer resources and the impact of scams can be devastating, both financially and emotionally,” Warren says.
To combat the scammers, Warren suggests business owners and their staff should “stop, check, reject” any requests for payment or access to a device.
Don’t feel pressured to act immediately, especially if being asked to make a payment. Check the validity of any payment request you receive with someone else verbally, particularly if you get an email with a request to pay a new account, or an invoice with different account details to those usually used. And if you’re unsure, hang up the phone or delete the email.
Your team is your first line of defence when it comes to payment scams, Warren says, so “ensure your staff are encouraged to question and escalate payment requests that look suspicious or unusual.” Having robust payment processes and technology in place can also help to ensure scam payments aren’t successful.
CommBank has rolled out a number of new features designed to stop the scammers in their tracks. One of them, Namecheck, alerts customers whether the account details they provide when making a first-time payment look right and places a hold on transfers that don’t.
Thanks to CommBank’s anti-scam technology, Ben’s story ended on a positive note. When he went to process the payment on CommBiz, CommBank’s business online banking platform, NameCheck detected a discrepancy in the beneficiary account details, which led to the payment being held.
The CommBiz Fraud team contacted Ben to raise the concerns and requested that he call his boss to verbally confirm the request and the account details.
Ben phoned his boss, who made it clear that he had not sent the email requesting a payment. Ben called CommBank back to advise them the payment was fraudulent, and the bank declined the transaction – saving Ben’s boss $60,000 and a lot of heartache.
To learn more about how CommBank helps protect Australian businesses, visit commbank.com.au/business/security.