A close call

Every day in my role as Head of Transaction Banking at ANZ I see the sinister ways scammers are adapting their tactics to target the hard-earned revenue generated by Australian businesses.

“The ANZ fraud detection worker reacted so fast that the Benton’s employees were still on a live chat with the scammers when ANZ called to alert them to the danger.”

It is a growing scourge. For example, last year a total of $84 million was lost due to Business Email Compromise (BEC) scams alone.

This type of scam is considered a significant and growing threat.

BEC scams represented 33 per cent of the 87,400 reported cybercrime incidents – with 13 per cent of these having a financial loss from the incident.

The average loss per incident was $55,000. This is worrying as it is up from $39,000 the previous year.

The average cost of a cybercrime incident for small businesses was $49,000, which is a rise of eight per cent from the year before.

But what is going on and what can we do about it?

Real people impacted

To understand this increase we need to look through the statistics to see how people are really caught up and impacted by this targeted criminal behaviour.

For many small to medium sized businesses in Australia handling large transactions is not a new experience. Paying staff, buying equipment and stock are the lifeblood of how we grow our businesses.

To sophisticated scammers this is an area of increased interest, with even the most experienced business owners being targeted.

Longtime ANZ customer, Benton’s Plumbing Supplies, who have been with the bank since they started in 1987 has grown their East Keilor business to employ 200 people and serve the plumbing, gas and water industries as well as the public. 

A close call for their business shows how criminals are adapting their techniques.

Recently, their staff were involved in a near miss with scammers who used live chat technology to impersonate a genuine business contact. The staff had been convinced to hand control of their computers to the scammers.

It was only the intervention of ANZ fraud detection workers who had been alerted by ANZ Falcon technology that Benton’s was trying to transfer large amounts to a suspicious address in Dubai.

The ANZ fraud detection worker reacted so fast that the Benton’s employees were still on a live chat with the scammers when ANZ called to alert them to the danger.

The session with the scammers was promptly ended by the Benton’s workers shutting off the computers, fortunately resulting in no financial loss.

This was a close call - but it is the type of scam and fraud we see occurring more frequently.

“The ANZ team was extremely quick and efficient, and thankfully, the scam was identified and prevented” says Aleks Nawrocki, Chief Financial Officer of Benton’s.  

“Since the incident, our team has been more scam aware and confident in identifying when something doesn’t feel right. It is extremely reassuring to know that we have been protected by the ANZ security team and want to encourage other businesses just like us to operate with caution.” 

The front foot

Like a sporting team wanting to win, it is the small one per cent actions that will help win this battle.

If you look at your favorite sports team closely, you will realise it is the small defensive acts that happen in every game – which often go unnoticed – which create the solid culture of winning.

We need to take a similar mindset with our businesses and develop a stronger cyber safe culture if we want to see these figures turned around.

October marks Cyber Security Awareness Month - an ideal time to remind ourselves of these principles.

Cyber Security Awareness Month is dedicated to raising awareness about the importance of online safety, encouraging all Australians to take action and learn how to help protect themselves and make personal devices safer.

When I reflect upon the trend for BEC attacks I see some of those “one percenters” we can help our business clients build into their cyber culture.

These include:

• Installing all software updates to keep your devices secure. Outdated software is a key gateway for cyberattacks. Updates often contain critical patches that fix vulnerabilities cybercriminals could exploit, helping protect your personal and professional data. Turn on automatic updates on all your devices so your devices stay protected without you having to think about it - set it once and forget it. 

• Using a unique and strong passphrase on every account. Passphrases combine length and complexity, making them far more secure than traditional passwords.  It’ll be easy for you to remember but harder for hackers to predict. And when you add numbers, symbols, and uppercase letters to the mix, you can turn a string of random words into an impenetrable passphrase for your accounts.  Also think about using a reputable password manager which can help you create and store complex passphrases.   

• Always set up multi-factor authentication (MFA). This uses more than one way to verify your identity when logging into an account or making a large transaction.  Once activated, even if a cybercriminal managed to guess your password, they might not be able to access anything without that second layer of protection, such as your unique code or fingerprint. All of your accounts – but particularly email – should have MFA activated. 

 What we do

At ANZ we continue to reinforce with our business clients the importance of establishing clear processes for employees to verify and validate requests for payment and sensitive information, such as;

• Seeking supplier confirmation by phone rather than email if they receive a change of banking details from a supplier or a new supplier they have not paid before.

• Request two authorisations for payments to create an extra level of security, particularly for large transactions or those that are sensitive or urgent.

• Review how you update supplier details making sure employees are aware of the new or updated policies.

Given the sheer volume of emails, text messages, instant messages and social media messages we all send and receive, it’s not surprising we tend to act on things straight away and sometimes overlook inconsistencies in correspondence.  

Power in our hands

Yes, we face a challenge from scammers trying to compromise our businesses for personal gain.

But the power is in our hands to do the serious work of building a culture which means we can transact confidently – and safely – knowing we are protected.

Cosi De Angelis is Head of Transaction Banking at ANZ