With our recent email hacking it’s a great time to take a look at Cyber Threats. Using the internet and emails can make you and your business a target for cyber criminals. Learn about some of the common scams, and what to do if you’re targeted.
Cybercriminals are using websites, emails and text messages that claim to provide official information about the coronavirus, but are attempts to get your personal or business information.
Scammers are impersonating, by phone, email and text messages a range of official Australian and international organisations such as the Department of Health and the World Health Organisation, other government authorities and legitimate businesses including, financial institutions, travel agents and telecommunication companies.
Phishing is fake messages to trick you into giving out your private personal, commercial or financial details. Some messages may look real, by using company logos and branding, and linking to authentic looking websites. Phishing messages are common scams that you receive by email, text message, social media or over the phone.
You and your staff should never respond to unknown messages requesting personal information, or click on links to unknown sources. It’s important that you and your employees know how to identify scams. Look out for:
- the sender – check to see if the email is from someone you know
- the domain name of email address – check the domain name (after the @ symbol, e.g John@example.com.au) is genuine. Criminals can use very similar or deceptive domain names
- messages asking you to open an unknown or suspicious attachment, picture or link
- spelling errors or poor grammar
- messages offering deals too good to be true
- messages asking you to validate or confirm your personal information, such as login credentials or passwords
- messages asking you to perform a specific activity, or to provide them access to your system to perform the activity remotely
- messages creating a sense of urgency or actions that are overdue
- messages claiming to be from a trusted business or government department but sent from a generic email address such as Hotmail or Gmail
o TIP: you can hover your mouse cursor over a link or picture to see where you will be redirected – if it looks suspicious, is too long, or you’re unsure, don’t click it.
o TIP: if you’re unsure contact the person or organization. Use contact details through a legitimate source and not those contained in the suspicious message. Ask them to describe what the attachment or link is.
o TIP: be very cautious of callers claiming to be support desk officers that direct you to access your computer to walk you through a system issue
Tax time scams
Tax time is a popular period for scammers to target businesses. Keep one step ahead by being aware of these scams. The Australian Taxation Office (ATO) will not email you and ask for your bank details or tax file number (TFN).
Pharming is another common scam where the scammer puts a malicious code on your device that takes you to a fake version of a legitimate website. Pharming is similar to phishing as criminals rely on a fake website to trick you into logging in with your credentials (i.e. username and password). E-commerce and online banking sites have become popular pharming targets because criminals are able to log into the real sites with your stolen credentials.
Invoice email scam
This involves scammers pretending to be legitimate suppliers advising you about changes to payment details. You may not realise until your business receives complaints from suppliers that your payments didn’t occur.
Be aware of potential scamming and have checks in place to ensure you pay the right suppliers. Before paying, ensure the supplier verifies all major invoices using contact details you already have on record.
Have you been scammed?
Keep an eye out for anything suspicious. Don’t open links on emails if you have any suspicions about the email. Research any offers you receive that are too good to be true. Change your passwords often. If you think you’ve been the victim of a scam, report the scam to ACCC via Scamwatch.