Detecting cyber fraud as a small business owner
As a small business owner, you may have already had an experience with a scam targeting your business. It’s reported that Australian small businesses lost more than $2.3 million from cyber attacks in the first half of 2018, with nearly 18 per cent of small-to-medium-sized businesses in Australia having been impacted by a cyber scam.
While this seems like it would only affect you, it can also impact your customers. For example, hackers can “spoof” your business email account so their emails look like they belong to you. They can then contact your customers and request payments be made to a different account instead of your own. One Australian business recently reported losing $300,000 to such a scam.
In another version of this attack, scammers can intercept your correspondence with suppliers, and then pretend to be the supplier in order to get you to pay them instead. Other popular tactics include ransomware attacks in which your data is encrypted and held hostage until you pay the scammers a ransom. Thieves being thieves, you can never be sure if you’ll receive your data back even if you pay.
With so many ways you could be targeted, detecting cyber fraud is a top priority. To help you, here are several tips we suggest you follow to recognise and prevent a potential scam.
1. Never click on any links or attachments in an email unless you know the source and can verify its legitimacy. Poor spelling and grammar usually gives away fake emails.
2. Install anti-phishing software.
3. Never wire money to anyone you don’t know in person. Asking for wired money via services like Western Union is a very common scam.
4. Never fall victim to an urgent transaction. Typically, cyber attackers want to get your money as soon as possible so they can disappear. Confirm the transaction with your usual contact if things seem suspicious.
5. Make sure you keep back-ups of all your data. This will enable you to return to business as usual in the event you fall victim to ransomware without having to pay the attackers.
6. Check the URL of any website you’re asked to access, especially ones where you have to enter sensitive information, to make sure the website is legitimate. A fake URL may look similar but can have spelling errors. If it is hyperlinked, you can check the website by hovering your mouse over the link. Otherwise, type the address in the search bar yourself if it’s a website you know, such as an online banking portal.
7. Make sure that any financial transaction you engage in online requires you to enter your details only after the URL changes from “http” to “https”, this means the connection is secure – all Australian bank log-in pages are https.
8. Limit who in your business has access to sensitive financial details to those who absolutely require it.
9. Trust your gut. If something feels odd, or you see an offer that seems too good to be true, then it probably is.
10. Report suspicious activity. Most Australian banks, telcos, and energy providers – the industries most frequently impersonated by scammers – have sections on their websites where you can report a scam. They also publish details of current illegitimate activity.