Cybercrime impacts the lives of many Australians and is expected to increase as our reliance on technology grows.
Common types of cybercrime include hacking, online scams, fraud, identity theft and attacks on computer systems.
In recent months we have been made aware of several instances where clients have been targeted by cybercriminals. Here we share these examples as a warning to others. The financial ramifications are significant, in one case costing a business hundreds of thousands of dollars.
Example 1: Criminals hacked into the computer of a business and monitored emails between two people. One person sent instructions with bank account details where payment of $250,000 was to go by attaching a PDF to the email. However, the hacker amended the PDF with their own bank account details. Accordingly, the payment of the $250,000 was paid to the wrong bank account.
Example 2: Money was taken from accounts by “phishing”. The principal was in one office and the accounts person was in a branch office. The scammer pretended to be the principal and by email directed the payment of monies into a bogus account. The email addressed used by the scammer was very close to the correct email address, and therefore went unnoticed by the recipient.
Example 3: Scammers gathered enough information to get the telco to direct all calls to their own mobile telephone, and then to get the bank to forward the account details to the nominated mobile telephone number (thereby automatically transferred to the scammer). Next, the scammer used the account information to transfer money to their own accounts.
Example 4: An instance of large scale identity fraud where a business retained the identity documents of clients in their computer including passport photos, credit card details and Medicare details. These details were used by hackers to make a fraudulent loan application.
Protect Your Business
We have adopted the following measures and processes within our firm and recommend these steps to you;
- Always keep your computer security up-to-date with anti-virus and anti-spyware software and an efficient firewall.
- Ensure your business data back-ups are working.
- Make your staff aware of the scams and understand how they work so they can identify them.
- Adopt strict money transfer procedures, such as double-checking email addresses when receiving directions for payments. For all new bank account details, seek verification by telephone – call the number in your file and not the one shown on an email.
- Obtain cybercrime insurance through your business insurance broker. Fraudulent activities are not covered by normal business insurance.
We encourage you to be mindful of the sophistication of cybercriminals. If any online or email behaviour seems out of the ordinary, it pays to investigate further. In many cases it has been a last minute phone call, or a face-to-face conversation which led to the scam being discovered.