7 small business scams to look out for in 2018

A recent spate of sophisticated scams targeting Australian small and medium business owners has cast a spotlight on email fraud and cyber crime.

This month, Fairfax Media detailed how online homewares store Sage and Clare inadvertently paid a scammer $10,000 purporting to be a supplier who had recently changed their bank details.

In a similar incident, Brisbane based children's retailer Cocoon Petite Living reported to News.com.au a scammer had gained access to her business email account, used information gleaned from past invoice payment details and started demanding payments under the guise of an existing supplier. Fortunately, suspicions were raised after emails to the supplier's fake email bounced back and no money was transferred.

The cost of small business scams in Australia

According to the most recent figures released by the ACCC, scammers cost small businesses $4.7 million in 2017, a 23% increase year-on-year. The average amount lost by small business scam victims was $11,000. However, these figures represent only those scams reported to the ACCC and the true cost could be much higher as some businesses may be hesitant to report falling victim to fraud.

According to a separate study commissioned by the NSW Business Commissioner in 2017 the cost of cyber crime to Australian businesses was estimated up to $1 billion per year.

Source: ACCC Targeting Scams Report May 2018

The first step to combating online scams and fraud is to increase awareness. We've listed the top 7 scams targeting Australian businesses in 2018:

1. Fake Invoicing and False Bill Scams

Scammers will send your business a payment notice or invoice for a false service or product. Common examples include:

  • Website domain and hosting renewals
  • Invoices for advertising services

A more sophisticated version involves the scammer successfully phishing a business' email account details, and using information from past emails to impersonate a supplier requesting a change to their payment details to a bank account controlled by the scammer.

2. Fake Awards or Accolades Scam

In this scam, a business is informed they have won an award, either from a real or made up organisation. In order to receive their award or advertise their award on their own marketing, the business is asked to pay a fee to the scammer.

3. Fake Directory Listing Payments

The scammer will contact a business purporting to want to update their details in a directory. They may claim to be from a large, well known directory such as the Yellow Pages or their own directory they have created for the purposes of the scam. The call will be recorded and at a later date the business receives an invoice for having their details placed in the directory. If the company disputes the charges, the scammer threatens legal action for payment, citing evidence of the phone call recording as authorisation for payment.

4. Overpayment Scams

Scammers target businesses that might be selling items or services through online classifieds ads. The scammer will make an offer that is usually greater than the original offered price and pay with a cheque, credit card or wire transfer. Soon after, the scammer will contact the business again and inform they have accidentally overpaid by mistake, requesting a refund of the difference.

After the difference is paid, the business discovers the original payment from the business was invalid - for example, a bounced check, charge back from a stolen credit card or doctored payment receipt.

5. Bank Details Phishing Scams

Businesses are targeted over the phone or email by scammers requesting details of their bank account logins and pretending to be representatives of the bank. Usually, the business will be informed there has a security breach with their account and they are asked to 'verify' their details by providing their login and password over the phone, or by entering them into a fake online form designed to look like exactly like their bank's website.

6. Online Virus Scams

Businesses are contacted over the phone and informed they have a virus on their computer. The scammers will often pretend to be from a well known technology company, such as Microsoft. In order for the virus to be removed, the business will be asked to pay a service fee, or give the scammer remote access to their computer by installing a third party remote desktop viewer application.

7. Business Intercept Scams

Scammers will study employee profiles of larger businesses on professional directories such as LinkedIn and target employees in specific roles, particularly those that may control payments or have access to account logins and passwords.

These employees will then receive an email purporting to come from a senior manager or maybe even the CEO, requesting details to access bank accounts, or to re-route future payments to a destination controlled by the scammer. The scammer may not have access to an email account from anyone in the organisation, but instead will register a domain that appears very close to that of the company's. At first glance the recipient will not realise that the email is fake and follow the instructions emailed by the scammer.

Reduce your business energy costs with Make it Cheaper

At Make it Cheaper, we know how important it is for small businesses to minimise their costs. Our free electricity and gas comparison service can save you time and money by instantly comparing multiple offers from our panel of energy retailers.

Are you overpaying on your energy bills?

Get your FREE energy comparison

Find savings now →