Cybersecurity: four things to watch for this month

As trading volumes ramp up in the lead up to the end of the year, so too do scam risks – and family businesses are not immune. Cyberattacks have become an increasingly thorny problem for Australian family owned businesses, and if you do fall prey to a cyberattack, the costs can escalate. What’s more, depending on the type of attack, your business’ reputation may also take a hit.

According to the Australian Government’s 2030 Cyber Security Strategy, cybercrime costs are growing by up to 14% each year for Australian businesses.[1]

And, if you also have a family office, it too is vulnerable. Keeping information secure, and preventing cybercrime, rank in the top three issues facing family offices. Yet only 20% of family offices believe their cyber protections are ‘resilient’.[2]

Stronger seasonal trading in the lead up to the end of the year sees extra stock arriving and a spike in enquiries, purchases and returns. Cyber criminals may take advantage of the seasonal peak, hoping that you and your employees are stretched thin and miss things you might usually catch.

Here are three things to watch out for to help prevent cybercrime this festive season: 

1. Fake customer complaints

Look out for fake customer complaint emails or social media private messages asking for a refund. Scammers might report damaged or missing goods and ask you to click a link to download a ‘photo’.

Before you engage with the complaint:

• Confirm that you’re dealing with a real customer by checking the name against your customer records.
• Check that the request for a refund is legitimate. Refund scams occur when buyers purchase items and then ask for a refund on the pretence that the goods are damaged, or they allege they’ve mistakenly overpaid you.
• Check that every refund goes back to the same card used for the original purchase. Don’t click on links as these might hide malicious software downloads to your computer or phone.
• Limit the number of employees who are authorised to process refunds.

For more information on refund fraud, what to do if you’ve been scammed, and how to protect your business, see Business fraud prevention | ANZ

2. Fake invoices

According to the ACCC, fake billing scams were the number one cause of losses for businesses in  2023. These types of scams were up 37% from 2022 and the median loss for each scam was $7,000.[3]  

Invoice fraud scams cover a range of situations where scammers impersonate your business, or a supplier you’ve dealt with, to extract funds from unsuspecting victims.

Before you or your staff members pay invoices:

• Double check that both the business and the request for payment are legitimate.
• Ensure the invoice matches previous invoices, particularly the bank account details and the email address.
• Seek confirmation if you receive an email or phone request to change banking details from a supplier or employee. Always confirm by contacting the supplier or employee directly on a trusted contact number. 

For more information on invoice scams, see What is invoice fraud & billing scams? | ANZ.

3. Business email compromise

Business email compromise scams involve scammers gaining access to one of your business email accounts and using it to send fraudulent emails requesting payments or sensitive information. These scams can start with a phishing email that tricks an employee into revealing their login credentials, allowing access to their email.

Once the attackers have access to an email account, they monitor email traffic to understand your business’ operations and identify potential targets. They then use this information to craft convincing emails that impersonate a trusted source, such as a senior executive or a supplier, requesting urgent payments or sensitive information.

Protect against business email compromise scams by asking your employees to:

• Look out for suspicious activity in their email account, such as unfamiliar login locations, changes in email settings or emails sent from their account that they didn’t send.
• Ensure there are no unauthorised forwarding rules set up to forward emails to the cyber criminal’s own accounts.
• Use security tools to check if your business’ email accounts have been compromised.

4. Bank impersonation scams

A bank impersonation scam is what it sounds like – scammers will impersonate a trusted financial institution, like ANZ, to try and take advantage of their customers. Often they will send emails or SMS messages, asking for information so they can gain access to your account.

ANZ will never ask you to:

• Share sensitive information like your One Time Passcode (OTP), verification code (for payment), PIN or card details.
• Transfer money to another account.
• Open a new account.
• Provide access to your device.
• Download software.

Learn more about cybersecurity

In this busy trading season, don’t leave your business unprepared and susceptible to cybercrime. Learn about the latest trends in cybersecurity and how to protect your business at ANZ’s business cybersecurity hub.

Important Information:

The information is provided for information purposes only, and you should consider your own personal situation, including by obtaining professional advice if required, prior to making any decisions. Articles are current as at the date of their publication but are subject to change. Articles represent the views and opinions of the authors and do not necessarily reflect the opinions or views of ANZ, its employees or directors. Whilst care has been taken in preparing these documents, ANZ and its related entities do not warrant or represent that the document is accurate or complete. To the extent permitted by law, ANZ and its related entities do not accept any responsibility or liability from the use of the information.