It’s that time of the year again! Tax time is unfortunately not just a busy time for small businesses, but it is the prime time for prowling cyber criminals to attack. This is due to an increase in personal details being exchanged online and the ever-increasing sophistication of hackers and their methods of getting their hands on personal data.
The figures reveal a scary insight. The Australian Competition & Consumer Commission’s (ACCC) Scamwatch website received 56,531 reports for ‘Attempts to gain your personal information’ during 2017, resulting in $5 977 877 lost.
For most of us, we mainly communicate digitally making it no surprise that emails and phone messages were identified as two of the most common channels that spammers use to gain access to personal information. So how do you get cyber-savvy and spot a scam?
Spotting a scam
Tax time, more like Christmas time for scammers. It’s when valuable pieces of personal and business information (like names, date of birth, tax file number, bank details, BAS statements etc.) are often required from trusted authorities – in particular, the Australian Taxation Office (ATO), accountants and tax agents.
Scammers are getting more creative, crafting look-a-like official emails and impersonating official representatives via phone calls, SMS and voicemails. Here are some of the tell-tale signs to keep an eye out for, when trying to spot a scam (Stay Smart Online, 2018):
- Whilst the ATO does communicate with small businesses via email, they never request personal details like bank account details via email
- Receiving an email which is not addressed to you directly
- Be very careful with emails which may contain links or attachments, these may contain malware viruses
- Check the email address which the email has been sent from
- Scam emails will often be poorly worded and use incorrect grammar
- Emails, text messages or phone calls asking for your bank account/ credit card details to process a tax refund
Common scams that target small business owners
Phishing emails: Keep an out for emails that pretend to be from a trusted entity like the ATO. These emails usually will ask you to fill out a form or click on a link which then enables the scammers to infect your computer with a virus and malware. This is one of the popular ways a scammer will try and steal your identity and money.
Tax refund scam: A scammer may contact you advising that you have overpaid your tax and that you are entitled to a tax refund. The scammer may then ask for financial details or request you pay an administration fee via an electronic transfer.
Tax owed scams: A scammer may claim that you have underpaid your tax and required to repay the debt. They may ask you to purchase a pre-paid debit card which they will then ask for the details of so they can access the money.
Small Business in the sights of scammers
You may be wondering why small businesses are a prime target? Why don’t they just go after the big fish? The reality is, small businesses are viewed as soft targets and make up for 60% of reported cyber-attacks in Australia. Below are some of the reasons why small businesses are in the sights of cybercriminals:
- They hold valuable data: there is a misconception that just because your business is small, you don’t hold a lot of valuable data. This is often wrong. Do you gather or store customer or supplier data (including payment information), have intellectual property or keep sensitive business records electronically? The data that you hold can also act as a great pivot point to accessing the details of your valued partners and suppliers.
- IT infrastructure and network security is generally weaker: do you manage your own IT systems or do you outsource it to a professional IT consultant or company? What security measures have you put in place to protect your systems, for example, anti-virus software and firewalls, and are they updated regularly?
- Lack of education on cyber risks: are you and your employees adequately trained on what to be aware of, how to prevent a cyber incident from occurring and recognising when a data breach has occurred?
- Limited resources: do you have sufficient resources and an incident response plan to manage a potential cyber breach?
Did you know? - Australia faced over 10 million cyber attacks in 2017
- The average cost to an Australian business that has been attacked is $2.82M, with the average cost per lost record estimated at $144 (Dual Australia)
Protecting your business
Be a step ahead of the game by making sure your business is educated, aware of the different scams and cyber risks that are out there, and that you have a solid cyber-security strategy in place. The ACCC provides regular updates about scams which may be circulating and are a good resource for staying in the know. In addition, the ATO also lists the latest scam alerts in which they are being impersonated by scammers.
As they say, prevention is better than cure, and that’s where Cyber Liability insurance can be a valuable tool in protecting your business.
What is Cyber Liability insurance cover?
Cyber Liability is designed to cover your business against the expenses and legal costs associated with data breaches that may occur after being hacked, or from the theft or loss of valuable client information. A potential breach could occur from something as simple as accidentally leaving your laptop in a taxi where it can end up in the wrong hands.
What is covered?
- Business interruption costs
- Investigation and data recovery costs
- Fines and penalties
- Extortion costs
- PR and crisis management costs
What is not covered?
- Any amount misappropriated by fraudsters
- Replacement equipment
- Property damage
- Prior known facts/instances
- Intentional acts
How to report a scam
No matter how careful your business may be in preventing a scam, it, unfortunately, can still happen. These are some of the key government bodies you can report an incident to:
ACCC Scamwatch website provides an online form to report the crime through https://www.scamwatch.gov.au/report-a-scam
The ATO provides information on current scams involving the ATO, how to verify and report an ATO impersonation scam: https://www.ato.gov.au/general/online-services/identity-security/verify-or-report-a-scam/
Australian Cybercrime Online Reporting Network (ACORN) is a secure reporting and referral service for cybercrime and any online incidents which could be in breach of the law: https://report.acorn.gov.au/
The impact of falling victim to a scam or cyber attack can have a devastating impact on a business, especially if the financial capacity isn’t there to recover from the incident. Don’t let cyber criminals scam their way into your small business this tax time, start protecting your business today.
