Scam emails and cybercrime are becoming common as data and businesses move online. It used to be a prince from Nigeria emailed, saying you will receive large amounts of money if you help get the money out of Nigeria by providing your bank account details.
Now, these scammers and hackers have evolved with technology to produce more sophisticated ways to trick unsuspecting victims and take advantage.
What these scammers are doing is called phishing, which is a form of fraud in which the attacker tries to learn information such as login credentials or account information by posing as a legitimate, reputable entity or person in email or other communication channels.
To help you we have provided some examples, and what you can do to protect yourself and your business, giving you peace of mind.
Recent email scams
A few examples of scam emails:
Scammers can disguise themselves as government agencies, such as the Australian Taxation Office (ATO), to trick you into revealing details such as your tax file number (TFN) over the internet. They use the ATO logos, however they are not from genuine ATO email accounts.
Visit the ATO website for known ATO scams
If you are unsure of any emails from the ATO requesting money, please Contact your accountant.
Scammers pretending to be from ASIC have been contacting Registry customers asking them to pay fees and give personal information to renew their business or company name.
An email is probably a scam and is not from ASIC if it asks you:
- to make a payment over the phone
- to make a payment to receive a refund
- for your credit card or bank details directly by email or phone
If you are unsure of any emails from the ASIC requesting money, please Contact your accountant.
Invoice changing bank details
This type of scam is when sent items in email accounts are hacked and invoices are duplicated (with authentic logos and details), bank account details on the invoice are then changed to a different bank account. Email are then sent to the customer with the modified invoice and ask the customer to instead pay into the new, fraudulent account number. The email looks authentic as they have also copied the email signature across.
For businesses, it is important if you notice a change in payee bank account details that you verify the change over the phone with the payee. Also, look out for invoices coming from email addresses that are not quite right. For example emails from a business may be email@example.com as the original address and firstname.lastname@example.org as the fake by missing the last ‘s’ in business.
Signs of an email scam
Scam emails can contain the following signs:
- Alarmist messages and threats of account closures.
- Promises of money for little or no effort.
- Deals that sound too good to be true.
- Requests to donate to a charitable organisation after a disaster that has been in the news.
- Bad grammar and misspellings.
- Email addresses that are not from the company.
What can you do?
- Do not download or open any attachments you are unsure of in an email.
- Check the email address is legitimate and the message has no misspellings/bad grammar.
- Make sure you have the latest anti-virus software installed.
- Never give out your personal details unless you know who you are giving them to and are 100% sure they are legitimate.
- Automatically set regular scam emails to send to junk mail and if you use Outlook you can right click and ‘Report Junk’.
- Google the email subject and check it is not a scam, or go to ScamWatch for all the latest scams.
- If you are a small business, use accounting software for your invoicing (not sure who, then speak to use and we can point you in the right direction).
- If there is a request for a bank account change, ring and confirm there is an update and the details.
- If your business has a large amount of data you might like to consider cyber insurance.
- Regularly change passwords.
What to do if you think you are a victim of a scam:
- Change the passwords or PINs on all your online accounts you think might be compromised.
- Contact the bank and make them aware of the fraud, and check what you need to do. If it is an invoice scam and you are affected, you will need to advise the police.
- Do not follow on any links in the fraudulent email message.
- If you know of any accounts that were accessed or opened fraudulently, close those accounts.
- Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn’t initiate.
With the growth in scams there is also an upgrade in security by businesses to prevent system breaches, however everyone needs to be vigilant of scam emails. Remember, if you are unsure do not open the email or attachment until you verify its authenticity, Nigerian prince or not.
Note: all examples are based on a few recent scam emails that we have seen and suggestions only on what may help to protect you, contact an IT professional for any IT security concerns.