ASIC is urging small businesses to be on high alert as false billing, investment, and remote access scams cause significant financial losses in an environment of elevated inflation, surging operating costs and rising company insolvencies.
Scammers use increasingly sophisticated techniques to steal information and money from small businesses, taking advantage of the limited time and resources small business owners may have.
According to the Australian Competition and Consumer Commission (ACCC) Targeting Scams report, businesses submitted 4,933 scam reports in 2023, a 27.9% increase from 2022. Businesses experienced losses of $29.5 million, with small and micro businesses reporting $17.3 million of the total lost. The scams causing the highest financial losses are false billing ($11.8 million), investment ($6.2 million), and remote access scams ($4.9 million). In the 2022-23 financial year, the average cost of cybercrime for small business increased to $46,000 according to the ASD Cyber Threat Report.
Small business owners should also be on the lookout for common scams on the rise including payment redirection scams (or fake invoice scams), phishing scams and business impersonation scams. These scams may compromise the security and operation of their business.
Most common scams affecting small business
False billing scams
False billing scams involve tricking businesses into paying for something that they didn’t want or purchase. Scammers will contact small business owners by phone or email unexpectedly asking for payment for services or products that haven’t been ordered. Double check invoices are from suppliers you trust that you ordered the goods or services from, verify the payment details directly with the business and if unsure, search for the official site of the organisation.
Investment scams
Small businesses may also be targeted with investment scams, where scammers offer a ‘once-in-a-lifetime opportunity’ to make easy money, pretending to be investment professionals. Scammers often impersonate legitimate finance companies, using convincing marketing to make their investment sound appealing. An investment offer may be a scam if the person is pretending to work for an Australian financial services licensee or has an investment prospectus that isn’t registered with ASIC. Small business owners are advised to sense-check investment opportunities with family, friends or a trusted adviser and check ASIC’s Investor alert list to know which companies, businesses or entities you shouldn’t deal with.
ASIC remains committed to disrupting investment scams and influencing the behaviour of our regulated population to uplift their anti-scams practices. We are one of several regulators whose remit touches scams, forming part of the government’s Fighting Scams initiative. ASIC took down over 7,300 phishing and investment scam websites since July 2023 to protect Australians, including small business owners and recently released a report into the anti-scam practices of 15 banks.
Remote access scams
Remote access scams involve tactics to convince small business owners that they have a computer or internet problem requiring new software to fix it. Scammers trick owners into giving them remote access to their computer and personal information so that they can access their computer and bank accounts. Small business owners are warned against giving their personal, credit or online account details over the phone or providing unsolicited callers remote access to their computer.
Other scams to look out for
Payment redirection scams (or fake invoice scams)
Payment redirection scams are where scammers impersonate a business or its employees by email and request an upcoming payment be redirected to a fraudulent account. According to the ACCC, in 2023 Australians reported losing $16.2 million to payment redirection scams. If unsure, small business owners should check payment details directly with a business before paying an invoice.
Phishing scams
With phishing scams, scammers use phishing links to obtain personal, business, or financial information and trick business owners into revealing sensitive information. This often involves scammers impersonating a government department or legitimate business. The scammers can send the phishing link to small business owners by email or SMS text where the recipient is tricked into clicking on the malicious link. To protect yourself and your business from phishing scammers and improve your cyber security measures use anti-malware software, enable multi-factor authentication on your email, banking, and social media accounts and remember to back up your information.
Business impersonation scams
Scammers are defrauding small businesses with scam websites that impersonate well-known brands. Businesses impersonated by scammers may suffer brand damage and loss of customer trust and confidence. To protect yourself you should monitor the use of your business and brand name online, take action if your brand or website is being impersonated and let your customers know how your business communicates with them so they can identify when a message is fake.
Scammers impersonating ASIC
Scammers pretending to be from ASIC may contact small business owners to pay fees and give personal information to renew a business or company name. These emails often have a link that provides an invoice with fake payment details or infects a computer with malware. Don’t click the link. If you receive a suspicious email from ASIC, send an online enquiry with the details and delete it or call ASIC’s Customer Contact Centre to verify the email.
Has your business been scammed?
If you think your business has been scammed, take these steps fast:
- Don’t send any more money. Block all contact from the scammer.
- Contact your bank or financial institution immediately. Ask them to stop any transactions.
- Be wary of follow-up scams promising to help get your money back.
- Report it to Scamwatch to warn others. If your report is about financial sector misconduct, you can report this to ASIC.
- Report the social media account to the social media platform if there is an option to do so.
- Warn your family, friends, employees, and customers about the scam.
Top tips for small business owners:
STOP – Don’t give personal or business information or act on instructions or requests that have come through a suspicious email, SMS text or on social media. If you have any doubts, stop communicating with them.
CHECK – Ask yourself if you really know what the email, SMS text or invoice is about. Find the supplier details yourself and check the payment request and details are accurate and legitimate.
PROTECT– Act quickly if something feels wrong. If you have shared your business or financial information or transferred money, contact your bank immediately. Help other businesses by reporting suspicious emails, SMS texts, instant messages, and social media posts to Scamwatch.
ASIC is Australia’s corporate, markets and financial services regulator.