As we approach Fraud Awareness Week, we wanted to share some instances whereby Pilot and its clients have been approached by scammers. We believe fraud activity is on the rise and scammers are targeting businesses of all sizes.
Below are four deceptive activities we have witnessed in the past few months:
- Email Invoice Scams
- CEO Email Fraud
- Tax Scams
- Impersonating the ACCC
1. Email Invoice Scams
Recently all Pilot directors and managers received malicious spam emails requiring invoices to be paid. Each of the invoices had their own unique email signature.
Some of our clients have been targeted in a similar manner. However the scam invoices were from legitimate contractors. This means the attackers had reasonably detailed knowledge of the clients’ suppliers and associated projects. This was most likely obtained by hacking their supplier lists, bank account details or previous invoices.
Both Brisbane City Council and Townsville City Council have been scammed in a similar manner. Earlier this year it was reported that they were defrauded more than $750,000 after they were notified about changes to contractors’ bank account details and to amend records for all future payments.
Businesses dealing with overseas suppliers should especially take note of this particular style of scam.
2. CEO Email Fraud
Some of our clients’ staff have received fraudulent emails impersonating senior management in an attempt to obtain accounting information, access codes and other sensitive information.
Unlike traditional phishing scams, spoofed emails used in CEO fraud schemes rarely get caught in company spam filters. This because this type of scam is not part of a mass email. These attackers monitor employee email correspondence to identify certain words and language that the business’ leadership routinely uses. They then replicate that language to trick employees.
Earlier this year, toy manufacturer Mattel reported it had wired $3 million to a Chinese bank after hackers took advantage of a change in leadership. A senior finance executive received an email from her new CEO requesting the money to be sent to China. Mattel’s payment protocol required approval from two high-ranking managers. Both she and the CEO qualified, so the money was wired accordingly.
3. Tax Scams
This scam involves an urgent call from an Australian Tax Office (ATO) representative claiming that you have underpaid your taxes and are required to repay a portion of the debt immediately or face severe legal consequences. The caller usually states he or she are at the courthouse steps waiting for you to arrive, or worse, the police are on the way.
Pilot deals with the ATO on a daily basis. We can confidently state that they would never place an urgent, one-off, phone call to a taxpayer threatening jail time or looking for a quick (cash) payment. If you receive an unexpected and aggressive phone call from the ATO we recommend hanging up immediately and contacting your Pilot advisor.
4. Impersonating the Australian Competition and Consumer Commission (ACCC)
Another scam making the rounds is an email impersonating the ACCC. These malware-infected emails usually request the victim to respond to a formal complaint made about their business.
The link in the email is to the malware software (also known as ransomware) which will freeze your computer until a fee is paid. Payment does not guarantee the computer will be unlocked.
Scammers are taking time to learn about a targeted business before attacking. We recommend actioning the following in order to combat this criminal activity:
- Pick up the phone and never accept an email as authority – any new changes or unusual requests for payments should always be verbally confirmed.
- Revisit your management procedures – place clearly defined control points for verifying and paying invoices.
- Be detail-orientated – scammers usually have slightly different email addresses. Poor grammar can also be a giveaway.
- Communicate with your staff – share this communication so they also understand the risks.
- Be wary – always exercise caution when sharing account or personal details.
The ACCC estimates in 2015 more than $85 million was stolen from Australians as a result of scamming activity. If you believe your business may be at risk, contact Jason Bayliss from our Business Advisory division for a review of your internal controls.
Our partners can be contacted on (07) 3023 1300.