This post was originally published here: post

 

At first glance, the email from the chairman of the school board to accounts payable did not seem too odd.

Key points:

  • The average cost to business hit by an online scam is $10,000
  • 85pc of business scams are initiated by email or phone
  • Total cost of cyber crime in Australia is estimated to be at least $3 billion

While the chairman’s email address was not familiar to Launceston Church Grammar School accountant Jason King, it had the aura of authenticity.

Even the request to transfer money to a Hong Kong business was not that unusual. The school deals with suppliers there.

What stood out was the amount — $121,000 — well outside the $2,000 to $5,000 range Mr King was used to dealing with.

After a brief call to the chairman, Mr King sooled the Australian Federal Police and Australian Competition and Consumer Commission onto the case.

“I got another email from Hong Kong that day asking how the payment was going, I told them, ‘Really well, I’ve left in the hands of the police’, and that was the last I heard from them,” Mr King said.

Not every business is as alert.

Brisbane City Council lost more than $450,000 last year, paying out on nine fake invoices it received.

Most scams go unreported

Put together Australian Competition and Consumer Commission (ACCC) data with another federal agency, the Australian Cybercrime Online Reporting Network, and the reported losses from online scams across the nation come in at around $300 million.

Extrapolate that number using the Australian Bureau of Statistics’ Personal Fraud Survey and the actual, rather than reported, cost to the Australian economy is closer to $3 billion and rising.

While the WannaCry and Adylkuzz ransomware attacks capture headlines for the massive reach of their crimes, there is plenty of scamming bubbling away that garners little attention.

The less ambitious end of the market is where a fair bit of the action is with around 85 per cent of scammers making contact with business via targeted emails or phone calls, rather than the random, global approach of the WannaCry’s of the world.

In its latest report on business scams, the ACCC found online scamming it is a thriving — if illegal — industry.

The ACCC’s Scamwatch program found reported business scams were up more than 30 per cent in 2016.

Out of 6,000 business-focus scams reported, about 6 per cent said they had paid out at an average of about $10,000 a pop.

“That’s probably just the tip of the iceberg,” ACCC deputy chairman Michael Schaper said.

“A lot of small businesses shrug their shoulders and wipe it off [when they have been scammed].

“They think it’s too much trouble to report, or it will get back their insurers who will hit them with higher premiums.”

Small business an easy target

The online scamming landscape can be broadly divided up into three groups: ransomware, business email compromise scams and the time-honoured investment scam, with a digital twist.

The investment scammers generally propose business investment opportunities with inflated returns that are “too good to be true”, but are really nothing more than a sink to drain a business of its funds.

Ransomware often uses the guise of a legitimate business, such as Australia Post or Fedex, to install a virus which corrupts a computer until a ransom is paid.

The email compromise is the type of scam Launceston Church Grammar dodged, but Brisbane City Council did not.

It generally starts with an email purporting to be from a senior manager or established supplier requesting money to be transferred to a new account.

Small businesses make ideal targets for email scams — they generally have an online presence with email details, they are used to paying accounts and paying them quickly.

The losses are not covered by insurance in most cases as the banks are not to blame for the transfer of funds.

Dr Schaper said small and micro-businesses (fewer than five staff, or self-employed) are particularly susceptible to email scams and ransomware.

“We know small business are often reluctant to upgrade their systems, it’s expensive and time consuming,” he said.

“However, financial loss and the loss of data can just kill a small business.”

  • Read more here: http://www.abc.net.au/news/2017-05-19/cybercrime,-online-scamming-of-business-up-30pc:-accc/8537992