Watch Out! How Scammers Are Targeting Your Agency
O*NO! This year, as of August, Scamwatch received over 190,000 reports of scams. This amounted to over $192 million worth of losses in just 8 months - almost double the value of losses reported the same time last year! Scamwatch also received record reports of phishing scams this year with 45,000 so far!
Recently the ACSC also alerted of a growing trend of cybercriminals targeting the property and real estate industries through business email compromise scams. Scammers have targeted all parties to property transactions including agents, conveyancers, and their clients, to redirect both settlement and rental payments.
Here we outline the trending business scams and share our tips for avoiding them.
Business Scams
Topping the list of business scams in terms of total losses and numbers of reports is the false billing scam. This type of scam requests a business to pay fake invoices. This September alone there were 1895 false billing scams reported to Scamwatch and the amount lost was $1,086,445!
ACCC’s Targeting Scams report published in June 2021 shows the false billing scam stats for 2020. The reported losses were $13,509,327 spread across 200 businesses. That’s an average of $67.5 K per business that reported a loss. Ouch! What’s more, the value of these losses increased by 470% over the previous year. This means scammers increased their takings almost 5-fold in year and shows how false billing scams are on the rise!
Another common business scam is the payment redirection aka business email compromise scam.
Australian businesses reported over $14 million in losses due to payment redirection scams last year. But the average losses so far in 2021 are more than five times higher compared to average losses in the same period last year! That’s crazy!
How do businesses get scammed?
Commonly, scammers try to impersonate staff members by spoofing an email address that is very similar to that of the genuine business email. They may also gain access into legitimate business email accounts and pose as the business, changing bank deets on legitimate invoices or requesting that customers update payment details to the scammer’s account.
Scammers may also use information they obtain through hacking or phishing to pose as a regular supplier of your business and tell you that their banking details have changed. They may use convincing stolen letterheads and branding.
In real estate, scammers have been impersonating property sellers and requesting that the seller’s bank details be updated, so that settlement agents will update the false details into PEXA.
Phishing, fraud, and data breaches
Impersonation fraud involves scammers impersonating someone to gain access to accounts or networks. They then update personal information, make fraudulent transactions, and steal more information which enables further fraud.
Your business could have a data breach if you disclose personal information to a scammer through phishing. According to OAIC’s latest Notifiable Data Breaches Report, malicious or criminal attacks remain the leading source of data breaches. A large chunk of these happen through social engineering or impersonation!
Cyber security incidents have made up 43% of all notifications this year. More than half of cyber incidents involved scammers gaining access to accounts using compromised or stolen credentials, which are most commonly obtained through email-based phishing.
The OAIC expects businesses to have controls and identity verification processes in place to minimise the risk of impersonation fraud, and to regularly review and adapt processes to emerging fraud threats. Businesses are also expected to have processes in place to conduct data breach assessments. Best practice is to also maintain audit and access logs, and to use and routinely test a backup system for your data.
Our tips for avoiding scams
Speak up! If you receive a text, email, DM, or anything that you are unsure about, best bet is to run it by someone before clicking anything. Sometimes just asking for a second opinion can help you to avoid getting scammed, but it can help alert your colleagues and raise awareness in your workplace too.
Be super vigilant whenever you receive a request to change payment details, or to confirm payment details. Go through your usual channels of communication, rather than using the details provided in the request. Pick up the phone and have a conversation.
Train your staff to think critically and look out for red flags including an unexpected change of bank details, unexpected or urgent payment requests, and email addresses or urls that don’t look right.
Develop clear guidance in your workplace on how to verify account details and identities, as well as escalation processes for attempted scams and incidences of fraud.
Consider adequate cyber incident insurance for your business.
If you fall victim to a scam:
Change your online passwords if your online accounts have been compromised
Contact your financial institution immediately if you have entered financial details to a scammer
Contact your insurer
Conduct a data breach assessment
Key Takeaways
Scams are on the rise. Total reported losses doubles in the last year, and losses attributed to the most common business scams increased around five-fold!
Now more than ever it’s time talk to your suppliers, business partners and staff – especially about the most common scams relevant to your business – such as payment redirections, fake invoicing and impersonation fraud
The real estate and property industries are being targeted through business email compromise scams. Agents should be especially vigilant to the risks of impersonation fraud during settlement transactions
Next Steps
Share your stories to raise awareness about scams. Let your colleagues, contacts and industry association know if scammers try to contact you. Let us know about it too!
Is your business prepared to escalate a data breach in the event of a phishing attack? Contact us to find out more or head over to our online store download our Data Breach Response Plan.
Boring legal stuff: This article is general information only and cannot be regarded as legal, financial or accounting advice as it does not take into account your personal circumstances. For tailored advice, please contact us. PS - congratulations if you have read this far, you must love legal disclaimers or are a sucker for punishment.