The Australian Securities and Investments Commission (ASIC) urges small businesses to strengthen their defences against the growing threat of scams. These scams not only jeopardise financial security but also weaken Australia’s public sector cybersecurity. As cybercriminals become more cunning, businesses must actively safeguard themselves against fraudulent schemes targeting their resources and digital vulnerabilities.

According to the Australian Competition and Consumer Commission (ACCC), in 2023, businesses reported 4,933 scams, a 27.9% increase from 2022. Financial losses soared to $29.5 million, with small and microbusinesses alone incurring $17.3 million. Notably, false billing, investment, and remote access scams accounted for the majority of these losses, significantly threatening Australia’s cybersecurity landscape.

ASIC’s latest advisory emphasises that “the financial losses from scams are devastating for small businesses, and the potential impact on public sector cybersecurity is severe as businesses increasingly interact with government systems.”

Key scams threatening businesses

1. False billing scams

False billing scams cause the most damage, resulting in $11.8 million in losses. Scammers send fake invoices or request payments for unordered products or services. This scam poses a significant financial threat if not detected early. Businesses should verify all invoices’ legitimacy, confirm payment details directly with suppliers, and avoid acting on unsolicited payment requests without thorough verification.

2. Investment scams

Investment scams have cost businesses $6.2 million. Scammers promise lucrative, low-risk opportunities, often pretending to be legitimate financial professionals. These scams undermine small businesses and the broader investment ecosystem, affecting market confidence. ASIC advises businesses to consult family and trusted advisers and check the Investor Alert List before considering any investment offers.

3. Remote access scams

Remote access scams have caused $4.9 million in losses. Scammers trick business owners into granting computer access by posing as technical support. Once they gain access, they compromise sensitive data and financial accounts. ASIC advises businesses to never provide remote access without independently verifying the person’s identity and legitimacy.

Digital threats to businesses

The Australian Competition and Consumer Commission (ACCC) and the Australian Securities and Investments Commission (ASIC) have identified payment redirection and phishing scams as increasing threats to Australian businesses, especially small businesses with limited resources. These scams exploit digital communication channels to deceive employees and gain unauthorised access to sensitive information or funds.

Scammers impersonate trusted suppliers or employees to manipulate businesses into redirecting payments to fraudulent accounts. They often use ‘spoofed’ emails or ‘spear phishing’ tactics targeting specific individuals within an organisation. A scammer may send an email impersonating a regular supplier, requesting that future invoices be paid to a new bank account. Scammers also use deceptive emails, SMS texts, or websites to trick individuals into revealing sensitive information or clicking on malicious links. These links may download malware or direct victims to fake websites designed to steal login credentials.

Payment redirection and phishing scams pose a significant and growing threat to Australian businesses. By understanding the methods used by scammers and implementing appropriate preventative measures, businesses can mitigate their risk and protect their financial and operational integrity.

Safeguarding brand integrity

Business impersonation scams pose significant risks to brand integrity as scammers increasingly exploit trusted brand names to deceive customers. These scams involve creating fake websites, emails, and communications that closely resemble legitimate businesses. Scammers aim to defraud consumers, steal sensitive information, or damage the reputation of the impersonated brand. This issue has serious implications for businesses across various industries, threatening not only immediate financial losses but also long-term damage to customer trust and public confidence. 

In a typical impersonation scam, fraudsters produce counterfeit websites or emails that look nearly identical to those of legitimate companies. They utilise the brand’s logo, design elements, and customer service language to convince unsuspecting customers that they are interacting with the real business. Scammers then entice customers into making purchases, providing personal information, or completing transactions that ultimately benefit the fraudsters. 

According to a 2024 report by ASIC, these scams increasingly target small businesses that may lack the resources to quickly detect or counteract such threats. Scammers exploit the trust that customers place in well-known brands, making it easier to manipulate consumers and steal sensitive data. ASIC warns that “Impersonation of trusted brands erodes the public’s confidence in businesses and public institutions alike, making it critical for companies to remain vigilant.”.

Protecting against Scams

Businesses must take proactive measures to defend against these scams. ASIC advises small business owners to:

• Stop: Pause before responding to unsolicited emails or texts. Always verify their authenticity through trusted sources.
• Check: Verify the legitimacy of payment requests, invoices, and investment opportunities independently.
• Protect: If you suspect a scam, act promptly. Contact your bank, block the scammer, and report the incident to Scamwatch and ASIC. Reporting early can help reduce damage to your business and Australia’s public sector infrastructure.

As scams grow more sophisticated, they increasingly threaten not only individual businesses but also Australia’s national cybersecurity. Small businesses play a vital role in the public sector supply chain, meaning that successful cyberattacks can lead to consequences beyond financial loss. The ACCC highlighted in its 2023 Targeting Scams report that “the integration of small businesses into the broader public sector means that vulnerabilities in small business security could be exploited for larger attacks on government systems.” By staying informed, vigilant, and proactive, small businesses can safeguard themselves against scams and enhance Australia’s overall cybersecurity framework.

Editors Publicspectrum

Website | + posts

Public Spectrum is the first knowledge-sharing platform in Australia to embrace the entire public sector. This website is a platform where you can connect, collaborate, empower, inspire, and upskill with public sector professionals.

• Enhancing public services through data management
• AI enhances data security measures
• University to boost financial data protection
• ASIC on streamlining regulatory data in digital governance