The Australian Competition & Consumer Commission (ACCC) has issued a warning from Scamwatch “calling on businesses to urgently review how they verify and pay accounts and invoices as reports of business email compromise (BEC) scams to Scamwatch have grown by a third this year.”
The ACCC reports that BEC scams occur when a hacker gains access to a business’s email accounts, or ‘spoof’ a business’s email so their emails appear to come from the company. The hacker then sends emails to customers claiming that the business’s banking details have changed and that future invoices should be paid to a new account. These emails look legitimate as they come from one of a business’s official email accounts.
Other variations of the scam have included “intercepting house deposits that have been sent to conveyancers, real estate agents and law firms,” the ACCC notice states. The ACCC recommends that all staff involved in transfers of money should be aware of these scams and businesses ensure that effective management procedures are utilised to minimise risk.
The regulator suggests that businesses “should consider a multi-person approval process for transactions over a certain dollar threshold and keep their IT security up-to-date with anti-virus and anti-spyware software and a good firewall.”
Read more here.