Some unpleasant individuals try to take even more advantage of others in uncertain times. They try to sow confusion, prey on somebody’s good nature, deceive and deprive people of their hard-won earnings. With the trend towards working from home, and the acceleration of technology in recent years, it's no surprise that scamming has become so widespread across Australia as the perpetrators become ever more sophisticated. How much of a problem has scamming become, and how can business owners protect themselves online?
Scams Awareness Week took place late last year to shine a spotlight on the problem. According to the organisers, Australians had lost over $222 million in 2021 and had lodged more than 226,000 reports. More worryingly, they reported that only one-third of people would ever come forward in these situations, so the actual numbers are undoubtedly higher.
One of the reasons someone who’s been scammed might not report it is that people can feel embarrassment about what has happened to them. However, by talking about scams we can reduce the stigma and work together to stop them.
What can be done to avoid joining the list of statistics and to protect against scams? Undoubtedly, the first line of defence is awareness.
Scams can come in all forms, and it can be difficult to keep up with the level of sophistication. Still, some will be opportunistic and try to 'confuse' an organisation by emailing a false invoice. In this case, they’ll typically target the larger companies that receive many bills each month, and the invoice will relate to some apparent service or product that may be difficult to trace. They may even create invoices that appear to be from a legitimate supplier but will have different payment details.
Some scammers may attempt to pose as a supplier. They will send a direct email or even call to remind the business owner that they are running short of a commodity and should reorder right away. If they agree, they may receive a heavily overpriced order. When the recipient baulks, they may harass for non-payment.
Another victim may receive an unusual email or text message that seems legitimate but requires them to take urgent action. They may need to click on a link to take the next step, but this will download malware to the device as soon as they do so. From there, the perpetrator can steal passwords, delete files or even install ransomware. If there are any weak passwords within the system, they may be able to crack those, access financial accounts and siphon money.
These are just a few of the ways scammers operate, and it’s essential to be aware at all times. Anyone who thinks they have been scammed, is advised to contact their bank or financial institution as soon as possible. They should also contact the platform on which they were scammed and inform them of the circumstances of the scam.
- It’s important to talk to others as well to gather more intelligence and find out how they may have been targeted. Many people who have been victimised feel embarrassed or ashamed and do not want to talk about it — but colleagues, friends, and family should open up, and this will help everyone going forward.
- It’s also crucial to be very careful with personal information, as this represents the 'holy grail' for the scammer. After all, snippets of personal data are used to verify accounts, open access to sensitive data and even apply for loans. This type of information should never be supplied unless the requester’s identity is clear. Be sure to verify the purpose and be ready to take additional steps if there is any doubt. All legitimate organisations will have a process in place to do so.
- As mentioned, some scammers will send a seemingly urgent text or email that requires the recipient to click on a link and provide personal information — threatening account deactivation for some clever reason, for example. Messages like this are illegitimate. The recipient should get in touch directly with the apparent organisation through a verified URL.
- Social media is an integral part of business life, but it can also be a great place for scammers. People should be cautious about how much information they share, knowingly or accidentally. Snippets of data here and there can be pieced together to set up an identity theft scam.
- Remember, always make passwords as strong as possible. Hackers can crack a password with a purely numerical number or with only lowercase letters in just a matter of seconds. Alternatively, it would take the same machine as long as five years to crack a 10-character password that had numbers, uppercase and lowercase letters and symbols.
- To counter those opportunists who aim to confuse, have robust accounting and management practices in place. Never pay an invoice without crosschecking it against known records, and always have a purchase order process in place. Also, ensure that multifactor authentication is set up where appropriate. This means that an account cannot be accessed unless a distinct process has been followed — for example, a password and a separate SMS message to a phone.
Remember, awareness is key, and it’s essential to have processes in place to counter even the most sophisticated scammer. Sometimes the best thing you can do is overhaul your IT system, ensuring that you have the infrastructure in place to support more sophisticated filters, better VPN's and backup routers.
If you're wanting to become more dynamic with your I.T, we offer financing solutions that let you respond quickly to evolving IT security requirements while also shaping your market.