How to use Scamwatch to protect your business

6 min read
Adam Turner

Small businesses are seen as soft targets by cyber criminals, because their smaller budgets often result in lax digital security. But the Australian consumer watchdog Scamwatch offers plenty of great advice to help you protect your business against online scammers.

Online threats are on the rise, as scammers take advantage of the chaos caused by the pandemic and more people working at home.

Australians lost more than $851 million to scams in 2020 and a record $2 billion in 2021. Early reports reveal that losses are expected to double again in 2022.

Related: Cyber security a rising concern for entrepreneurs in Australia

Watch out for these types of scams

Scamwatch home page

When it comes to business scams, some are designed to trick you into handing over money. This could be by asking you to pay a bogus invoice for things that you did not order such as:

  • Directory listings
  • Advertising
  • Domain name renewals
  • Office supplies

Another common scam is to trick businesses into paying a legitimate invoice to the wrong bank account. This is done through social engineering, where someone outside a company poses as an employee and convinces a legitimate employee to change the payee on an invoice.

Australian businesses lost $227 million to payment redirection scams in 2021, according to Scamwatch.

This was a 77% increase compared to 2020.

Instead of chasing money, scammers might instead try to fool you into revealing sensitive information such as your passwords or banking details. From here they can try to hack into your IT systems or clean out your business bank account.

Do not click that link graphic

Other scams are designed to trick you into clicking on a malicious link or opening an infected attachment, to sneak spyware onto your computer or infect it with ransomware.

Ransomware encrypts all your precious files, then hackers demand payment for their release. In 2021, the Australian Cyber Security Centre (ACSC) labelled ransomware as the most serious of the cybercrime threats to Australia due to its high financial impact.

Related: You owe it to your business to be anti-malware

Know scammers' tricks

Rather than luring you in with an offer which seems too good to be true, today's scammers try to trick people by scaring them with fake warnings which seem too important to ignore, such as an overdue invoice or unpaid utility bill.

They can create a false sense of urgency, like threatening to cut off the power, to encourage people to respond quickly before they can think twice.

A super urgent request should make you suspicious.

Alternatively, scammers' claims may seem too mundane to be dangerous, such as a notification of a missed parcel delivery or a small windfall from the tax man.

To come across as even more convincing, some scammers impersonate senior staff when asking employees to pay bogus invoices or transfer money offshore. They often do this by hacking into a senior staff member's email account, known as a business email compromise scam.

Turn to Scamwatch for help

Scamwatch, run by the Australian Competition and Consumer Commission (ACCC), is designed to help Australian businesses recognise scams and bolster their defences.

Each year, Scamwatch produces an annual Targeting scams report, explaining key trends in scam activity and highlighting the impact of scams on the community.

Scamwatch also offers a wide range of tools and resources to assist Australian businesses, including:

  • Publications, reports and guidelines designed to assist consumers, small businesses and industry in understanding and preventing harm from scams
  • Videos to help explain some common scams
  • A collection of online resources and useful sites to help people recognise and avoid scams

Businesses can also sign up for Scamwatch Radar email alerts regarding the latest scams. This way, you're always notified of any emerging threats, rather than needing to regularly check the Scamwatch website.

Great advice from Scamwatch

While some scams can be difficult to spot, Scamwatch offers lots of great advice to help businesses protect themselves.

Educate employees and suppliers

One of your best lines of defence is to encourage everyone in the business to treat every email, text and other incoming messages with a healthy level of scepticism – even if these appear to be legitimate or come from someone they trust.

Two women looking at a folder of documents

Ensure your people are not afraid to speak up and ask questions — especially if the matter appears to be urgent.

Some scammers deliberately target employees who they think are most likely to fall for their tricks.

Limit the number of people who can access critical tasks

It's important to limit how many people in your business are authorised to buy or order something, as well as make payments.

These people need to be trained to spot the tell-tale signs of a scam. Any change or inconsistency, no matter how small, should set of warning bells.

Along with this, businesses must keep their filing and accounting systems well-organised, making it easier for them to detect bogus accounts and invoices.

Those people in the business who are authorised to make payments must double-check everything.

If they notice a supplier’s usual bank account details have changed, they must call them to confirm – using the phone number listed on the supplier’s website, rather than trusting the phone number included in the email making the request.

Bar the digital gates

It's also important for businesses to keep their office networks, computers and mobile devices secure (watch network security video). This includes:

  • Regularly installing the latest updates
  • Routinely running security software
  • Changing passwords quarterly
  • Backing up data

Copies of backups should be stored both offsite and offline. Should your business suffer a ransomware attack, where a hacker takes control of your digital files, you can use the backups to avoid paying the ransom fee.

Saving a copy offline or in the cloud protects against lost data due to fire or flood.

Woman opening a shop door
You want your front door open, but your digital doors locked tight.

This all-in-one tool can help

GoDaddy's Website Security can also help businesses bolster their security by monitoring incoming website traffic and pre-emptively turning away suspicious requests. It can also offer:

  • Daily website scans for malware
  • Malware removal
  • A firewall, which scans incoming traffic and turns away anything suspicious
  • An SSL certificate to encrypt data flowing between your website and customers
  • Regular backups, which can minimise the damage in case of a hack

Scams are on the rise and scammers like to target Australian small businesses, because they don't think you'll know how to spot a scam. Scamwatch is a great online resource to help you protect your business and stay safe online.