Technology has transformed business efficiency and customer experience – but it’s also transformed organised crime. 

Speaking at Macquarie Bank’s recent breakfast briefing on fraud awareness, he emphasised how advanced cyber-attacks and scams are today – making fake emails highly believable.

“Cyber criminals are early adopters of new technology, and they will use it to take advantage of you,” he said.

Phishing is the typical starting point for malware or business email compromise. It casts a wide net out, hoping to catch a few fish via generic emails from a ‘trusted provider’.

“Phishing emails typically begin ‘Dear Customer’. But the next level, ‘spear phishing’ is more targeted,” explains Jonathan. “They already know your name and other details, and will use that to gain trust.”

‘Whaling’ takes this to the next level, where the fraudster will impersonate the business owner or a senior director requesting urgent action – like an invoice payment. “In a small or medium business, you want to keep the boss happy,” says Jonathan.

The dark web is a nefarious place, where there is a market for client data and identity documents. These can be used to take out fraudulent loans, or for future attacks.
Observes Macquarie Group’s Associate Director - Fraud Investigations Jonathan Martin.

The next-generation of Whaling may even use AI-powered voice impersonation to make phone calls requesting payments, a very convincing form of ‘vishing’ or voice solicitation.

Make sure your people don’t take the bait

Phishing emails, texts or phone calls typically seek to extract personal information – such as passwords, credit card numbers or bank account details. The ACCC received over 24,000 reports of phishing scams in 2018.

“We’re well past the days of a dodgy email arriving at 2am, from an unknown sender and riddled with typos,” says Jonathan. “The fraudster may access details about the staff who transact on behalf of the business from your website’s ‘about us’ page, and target them directly.”

Think it won’t happen to you? Globally, almost 22% of employees clicked on a phishing email link in 2018 – putting their own identity at risk, but also business data and systems. Jonathan emphasises the importance of ensuring your staff know what a phishing email looks like and won’t click on the links or attachments.

Once they have access to your systems, fraudsters can review your emails for information about who you bank with, your clients and suppliers, and typical communications between clients and staff. This makes it even easier to impersonate someone you trust.

How vulnerable is your business?

Every minute, $2.9million is lost to cybercrime – including $17,000 a minute through phishing emails.

“It’s a good idea to speak with your insurance broker to check what you are covered for, as there is confusion between fraud insurance and cyber insurance, suggests Jonathan. “Otherwise, you’ll only know what you’re not covered for when you go to make a claim.”

For a checklist of email compromise and fraud warning signs, read our guide to email compromise.

Talk to a specialist

Fill out our form so we can connect you with the right banking specialist.

Business banking

Monday to Friday 8:30am – 6:30pm (Sydney time)

1800 442 370

Vehicle finance

Monday to Friday 9am – 5pm (Sydney time)

1800 620 673

Additional information

The information on this page has been prepared by Macquarie Bank Limited ABN 46 008 583 542 (AFSL and Australian Credit Licence 237502) and does not take into account your objectives, financial situation or needs. Before making any financial investment decision or a decision about whether to acquire a financial, credit or lending product, a person should obtain and review the terms and conditions relating to that product and also seek independent financial, legal and taxation advice. All applications are subject to Macquarie’s standard credit approval criteria. This information is intended for recipients in Australia only.

Source: PwC Global Economic Crime Survey 2014 .