25 March 2020

With recent events impacting us globally, and businesses adopting and depending on digital technology, the risks of doing business evolve. 

Around times of crisis, cybercriminals may attempt to exploit vulnerability, goodwill, desperation, or fear, making businesses more vulnerable to fraud.

Businesses are at greater risk of email compromise in times of heightened uncertainty. It’s one of the leading causes of financial loss due to fraud in Australia, and business owners cannot afford complacency according to Macquarie Group Associate Director - Jonathan Martin.

“You need to look at the details – even if an email looks and sounds familiar”.

Here are some common red flags to look out for.
  • Changes to bank account details for regular clients or suppliers
  • Payment urgency
  • Request out of usual business hours
  • Unusual terms, like ‘wire transfer’
  • Vague payment purpose
  • Unusually large sums of money.

It’s important to set up processes to handle these types of requests. Jonathan suggests steps should include:

  1. Ensure everyone in the business is aware of these fraud red flags and escalation points
  2. Segregate duties, so different people are responsible for requesting and authorising payments
  3. Obtain verbal confirmation if:
    • payment instructions are received via email
    • there is a request to change payment details, or
    • if payment is requested outside of usual business.

“The telephone is one of the best anti-fraud tools we have,” Jonathan emphasises.

Beyond fake invoice scams, businesses of all sizes can be vulnerable to malware and ransomware. “Malware is malicious software that can be downloaded inadvertently if an email attachment is opened or a link is clicked,” explains Jonathan. This is one way that malware can compromise a device. Some malware (worms) can spread through a network; some malware can pose as legitimate software.

Scammers then have access to your computer, and could freeze your systems while files are encrypted. A payment demand may follow, which is called ransomware. Other demands such as banking malware may interfere with payments.

Look out for these warning signs before you click through:
  • Does the sender have a webmail email address (such as gmail) rather than a business address?
  • Is it addressed to ‘Dear Customer’ rather than your name?
  • Does the email ask for more information than the sender would need (such as a driver’s licence number)?
  • Does it include a very strong request for action involving clicking a link? 

Your bank will never ask you for confidential information via email, such as your PIN or date of birth. And even if a link looks like a website you trust, it’s safer to visit the website, independent of the email.

“Typically, people think these things will happen to others and not them. It’s only when it does happen that it really hits home – and this can be a costly lesson for the business,” says Jonathan.

If you think you’ve been the victim of fraud, contact your bank straight away. Every day that you don’t report your suspicions lowers the chance of recovery.

Additional information

This material has been prepared by Macquarie Bank Limited ABN 46 008 583 542 AFSL & Australian Credit Licence 237502 ("Macquarie") without taking into account your personal objectives, financial situation or needs. Before acting on this general information, you must consider its appropriateness having regard to your own objectives, financial situation and needs. The information provided is not intended to replace or serve as a substitute for any accounting, tax or other professional advice, consultation or service.