Australian small businesses, often overworked and under-resourced, are at a high risk of falling prey to the growing threat of cyber scams. According to the Australian Competition and Consumer Commission (ACCC), Australian businesses lost over $277 million to payment redirection scams in 2023, a significant increase from previous years. Chris Dahl from Pin Payments explains how to keep your business safe from threats.

Likewise, the Commonwealth Bank’s Small Business Cyber Threat Awareness Research (2024) found 4 in 10 small businesses have little to no confidence in their ability to respond to a cyber threat.

The rise in sophisticated attacks, particularly those leveraging artificial intelligence (AI), has made it even more challenging for businesses to detect and prevent fraud. A report from the Australian Cyber Security Centre (ACSC) revealed a 63% increase in phishing attacks, highlighting the urgent need for SMBs to improve their cybersecurity.

With cybercriminals continuously refining their tactics, it is crucial for businesses to stay informed. So, here are seven common cyber scams targeting SMBs.

Seven cyber scams targeting small businesses

1. Invoice scams

 Scammers often take advantage of the fact that businesses are frequently overwhelmed with daily operations by sending fraudulent invoices while impersonating legitimate suppliers. These fake invoices typically appear authentic, carry a sense of urgency, and may include charges for products or services that were never delivered. To protect against this type of fraud, businesses should enforce strict verification protocols for all invoices. This includes confirming orders and meticulously cross-checking invoice details with purchase records. Additionally, training staff to recognise these scams is crucial in preventing financial loss. The ACC also provides great resources on invoice scammers.

2. Payment redirection

Payment redirection scams, also known as Business Email Compromise (BEC), occur when cybercriminals hack into a business’s email account and alter bank account details to divert payments to their own accounts. This form of fraud is particularly challenging to detect and can lead to substantial financial losses, as businesses may unknowingly transfer large sums to scammers instead of the intended recipients. To guard against this, businesses should secure their email systems with robust passwords and two-factor authentication. It’s also important to directly verify any changes to payment details with the supplier using trusted contact information. Regularly monitoring business accounts and customer transactions for any irregularities or unusually high-value orders is key to identifying and addressing potential threats.

3. Phishing emails

 Phishing attacks, a persistent issue for businesses, are becoming more sophisticated with the use of AI. Scammers leverage AI to imitate language and communication styles, deceiving employees and customers into revealing sensitive information. The ACSC reported a significant increase in phishing attacks in 2023. Business Email Compromise (BEC) scams, a specific type of phishing, are particularly dangerous as they involve scammers requesting money transfers from employees. To mitigate these risks, businesses should implement stringent email policies that include guidelines on handling links, payment requests, and identity verification, even for internal communications.

4. Friendly fraud

Also referred to as chargeback fraud or first-party fraud, friendly fraud occurs when customers unjustifiably dispute charges with their card issuers to obtain a refund, causing financial and reputational harm to businesses. To combat this type of fraud, businesses should establish a clear return policy and meticulously track orders. Offering exchanges instead of refunds can also reduce the risk associated with chargeback fraud. If a chargeback does occur, it’s advisable to submit all relevant data, such as IP addresses, device fingerprints, and billing and shipping details, to assist banks in resolving the dispute.

5. AI-generated deepfakes

Deepfakes, created using machine learning to replicate faces and voices, are now being used in business scams. These include fake invoices and impersonations of executives to deceive employees. CEO impersonation scams are also on the rise, with fraudsters using fake emails, voicemails, and videos to trick employees into disclosing confidential business information. The key to countering deepfakes is to remain vigilant and verify any suspicious communications directly with the individual or organisation before sharing sensitive information or processing payments.

6. AI-assisted cyber crime

 AI’s capability to analyse vast amounts of data allows scammers to create highly personalised attacks by studying customer behaviours and business operations. These targeted attacks are swift and sophisticated, often bypassing standard security measures. Furthermore, AI-assisted cybercrime can execute thousands of fraudulent transactions in the time it takes a human to process one. To defend against these evolving threats, businesses must continuously update and review their security protocols to ensure they are following best practices.

7. Charity scams

While giving to charities is a noble act, it also provides an opportunity for scammers to create fake campaigns and exploit the generosity of businesses. These fraudsters often develop convincing fake websites and send mass emails soliciting donations for non-existent causes or by impersonating real charities. Before making any donations, businesses should thoroughly research the charity, verify its legitimacy through official registries, and ensure donations are made only through trusted channels. It’s also important to avoid clicking on suspicious emails or links that could lead to phishing attempts.

Resources to protect your business

With Australian businesses continuing to fall prey to scams, here are a few resources to

help you stay across the latest scams and prevent cyberattacks.

• The Small Business Cyber Security Guide: This guide provides basic security measures to help protect small businesses against common cyber security threats.
• The Business Continuity in a Box (BCiX): This tool helps businesses to create and test a business continuity plan (BCP). A BCP is a plan that outlines how a business will respond to a major disruption, such as a cyberattack.
• Stay Smart Online: An Australian Government initiative that offers online safety and security advice, tailored guides, and alerts about current cyber threats.
• Scamwatch: Run by the ACCC, Scamwatch provides information on the latest scams targeting Australian businesses and consumers, along with tips on how to protect yourself and your business.

Want more? Get our newsletter delivered straight to your inbox! Follow Kochie’s Business Builders on Facebook, Twitter, Instagram, and LinkedIn.