Remember, scammers are sophisticated now
There are a few things that James Roberts, CommBank’s General Manager of Group Fraud, wishes more small business owners knew about staying safe. The first is perhaps the most important: “any business can fall victim to a fraud or scam,” he says, noting that the most authentic-looking invoices, emails and text messages and legitimate-sounding calls can be scams. There won’t always be spelling errors, red-flag email addresses or late-night time stamps. The small businesses that are more secure, understand that everyone has a role to play in raising awareness and educating each other on the risks. “The ‘Stop. Check. Reject.’ approach can help businesses avoid losing significant amounts of funds,” says Roberts.
Take a moment to consider your internal controls
“If a business doesn’t have adequate controls and if staff don’t adhere to risk mitigation practices, this can lead to potential fraud and scam losses,” says Roberts. “Knowing how to identify the red flags will empower staff members to stop, check and reject.” To help business owners fight the increasing number of scams and breaches, COSBOA – with aid from the Australian Government, support from CommBank and Telstra and in consultation with the Australian Cyber Security Centre – has created an initiative called Cyber Wardens. The free interactive e-learning platform delivers easy-to-use education to help people carry out cybersecurity inspections and risk audits, keep passwords and data safe, update software and report threats or suspicious messages. It promotes good cyber-safety habits, such as shutting down computers instead of putting them in sleep mode, using long, strong, original passwords, actioning software updates quickly and giving team members unique logins.
Use all the tools at your disposal
There are two security tools he urges businesses to embrace: NameCheck searches account details you enter when making a first-time payment in NetBank, the CommBank app or when making an individual first-time payment on CommBiz. “Based on our available payment data, NameCheck will then indicate whether the account details look right,” he says. CallerCheck is the other. It allows you to verify whether a caller claiming to be from CommBank is legitimate, by triggering a security message in your CommBank app. “It’s our preferred method of verification as a more secure way to complete the identification process.”
Understand how scammers get under your radar
When scammers try to infiltrate your small business, there are some common strategies it pays to understand. According to Roberts, there are three main scams to watch:
- Business email compromises. “This is the number one scam type impacting Australian businesses today,” says Roberts. An email or invoice containing altered account details is often sent from a “person of trust” such as a manager, CEO, relative or regular supplier, which underlines the importance of validating the details verbally and on a verified number.
- Bank impersonation scams. Scammers who convince customers they’re calling from the bank to gain access to online platforms or services.
- Phishing. SMS or emails sent to businesses containing phishing links. This form of social engineering can lead to online platforms or services, cards and corporate cards being compromised by scammers.
Stay curious about keeping safe
“Businesses that adopt key controls and robust security practices will be far more secure than those that do not engage with or understand the extent of these risks,” says Roberts. “However, as the world of fraud and scams continue to evolve, all businesses will still be at risk.” That means protecting your business requires constant vigilance and renewed education promoted by business leaders to their workforces, highlighting new and emerging trends that are regularly published by the bank.