Such scams are becoming harder to spot, as the perpetrators are becoming increasingly sophisticated in their use of technology and guile. In many cases they will quite convincingly impersonate a friend or colleague, supplier or customer, trusted brand or government authority to con their targets.
For instance, the scammers may employ techniques such as –
Just a few types of scams to look out for are –
Emails containing links or attachments asking for payment of fake invoices or debts are quite prevalent, and increasingly, will appear to come from a supplier that the target actually uses on a regular basis. Unfortunately, it is very easy for hackers to make an email appear to come from a particular sender and the hackers have a variety of methods for obtaining email addresses.
Of late, many fake invoice emails have also been made to look like they have been sent from well known small business accounting software such as Xero or MYOB.
These scams typically involve the fraudsters impersonating a supplier and directing accounts staff within a business to change the bank details used for invoice or other payments.
These scams involve a hacker impersonating a staff member within an organisation, more often a senior manager or director, and directing an employee with banking authority (e.g. finance staff) to transfer funds to the scammer. As with the payment redirection scams, these are highly targeted and the scammers will often be well researched (by hacking emails and computer systems) to ensure they have enough information to maximise their chances of success .
The risks in terms of financial impact, business interruption and business reputation are significant - therefore it is important to be vigilant and know how to protect against these scams. Business owners should also be aware that often the scammers are actually looking to obtain sensitive data from customer or other databases in order to use these for fraudulent purposes, and there are new obligations for business under the Notifiable Data Breach laws which applied from February 2018 where this information is breached.
The ACCC maintain a small business specific section on their Scamwatch site which has some useful information for further reading: https://www.scamwatch.gov.au/get-help/protect-your-small-business
Some of the common ATO scams we see or hear about from clients are –
So what should you do if you receive an email or phone call claiming to be from the ATO and you are in doubt?
Firstly, don’t click any email links, open any attachments or respond in any way. If it’s a phone call, hang up and don’t provide any details to the caller. Then:
Note also that the ATO also maintains a page with details of current known scams on their website - https://www.ato.gov.au/General/Online-services/Identity-security/Scam-alerts/
We often see fake ASIC emails circulating which request payment of renewal fees for companies or business names and contain attachments or links to fake invoices or malicious software.
If BLG are acting as the registered office and ASIC agent for your company, please contact us to check if you are unsure if you have amounts outstanding.
Again, ASIC also maintains a page with information on known scams on their website -
https://asic.gov.au/online-services/service-availability/scams-targeting-asic-customers/