“We know running a small business involves wearing many hats, and it often means you’re incredibly busy with not much time to spare. As a result, business owners may be less likely to spot some of the red flags, which can make them vulnerable to scams,” Ms Warren said.
Steps SMEs have taken to combat scams include checking bank accounts and invoices more regularly and thoroughly (58 per cent), upgrading software (50 per cent), providing additional training for staff (30 per cent) and engaging third-party suppliers such as security consultants (25 per cent).
Ms Warren said there is often a spike in scam events during busy holiday periods, calling for extra caution during the upcoming Easter break.
“While we have seen a 70 per cent reduction in customer scam losses across the bank over the past two years, scammers recognise business owners or key staff are often on holiday at this time of year and this affords them more opportunity combined with less chance of being caught,” Ms Warren said.
“It’s important to keep up with the trends as scams are constantly evolving and becoming more sophisticated, particularly with AI use being so prevalent.
“Small businesses are often affected by the same scam types as individual Australians such as phishing, investment scams, and romance scams. However, the primary scam type that impacts businesses of all sizes is the business email compromise scam.
Business email compromise scams involve obtaining unauthorised access to an email account for the purpose of intercepting and redirecting payment requests.
For example, a business will receive an email that appears to be from someone they know such as an employee, member of senior management, supplier, customer, or service provider. It will request a change of beneficiary account details for a new or upcoming payment, often including an altered invoice.
With scammers now leveraging AI to create highly sophisticated and convincing communications, making it even harder to identify fraudulent activity, Ms Warren said it is more crucial than ever to upskill on cyber safety and scams awareness.
“The more business owners and their staff are aware of the risks, the more likely they’ll be able to spot red flags. People truly are the first line of defence, and it’s encouraging to see scams protection is top of mind for so many business owners.
“Awareness, combined with robust processes and technology, will significantly reduce risk for hard-working Aussie small business owners,” Ms Warren added.
Tips to protect your small business from scams
According to Ms Warren, there are three main parts to ensuring a business is protected from scams and fraudulent activity – people, processes and technology.
- People: at CBA we have seen customer scam losses decrease by 70 per cent over two years, and we know that knowing what to look out for is an important defence against fraud and scams. People are truly the first line of defence, which is why education and scams awareness is key.
- Processes: call your supplier on a verified/trusted number before making an invoice payment to a new supplier or in situations where existing suppliers are updating their banking details. It is really important to make sure at least two people sign off any payments or changes in beneficiary details as this will significantly reduce the risk of falling victim to a payment redirection scam.
- Technology: installing and regularly updating antivirus programs and applying multi-factor authentication for your business applications like email, and accounting software will provide a much-needed third layer of defence.
“Small business owners and their staff can sign up for a free Cyber Wardens course, which was created in partnership between CommBank, Telstra and the Council of Small Business Organisations Australia (COSBOA) and designed to upskill Australian businesses in cyber safety,” Ms Warren added.
“They have launched an updated course with a focus on AI, given scammers and cyber criminals increasingly use this technology to target unsuspecting Australians.”
How CommBank protects your business
Helping customers stay safe by improving early detection and prevention of scams is among our highest priorities, and we continue to work hard to make Australian small businesses more resilient to scams.
We are focused on delivering initiatives that help customers stay safe by improving early detection and prevention of scams, such as NameCheck, CallerCheck and CustomerCheck, as well as progressive advances in our cyber protections.
If something goes wrong and you suspect you’ve been scammed, contact your bank and law enforcement immediately.
For more on how CommBank protects your business, visit commbank.com.au/business/security
