8 Phishing scams businesses need to know about in 2020 

8 Phishing scams businesses need to know about in 2020

Cybercriminals have plenty of tricks up their sleeve, but one that most Australians are familiar with is phishing. The scam, which typically uses emails for spreading malware and stealing data, targets thousands of businesses a year. In fact, according to recent 2019 data breach figures, phishing scams make up 44% of cyber incidents in the country.

This probably won’t let up anytime soon, so you need to know what you’re up against. Below, we’ve compiled eight different phishing scams you’ll likely encounter in 2020. 

1. Company impersonation

The most common phishing scams are ones where scammers impersonate a legitimate company. To do this, they often spoof a company’s email address and insert authentic logos and signatures in the email body. Scammers will even use scare tactics to get you to click on a link or give away information. A phishing email from the Commonwealth Bank of Australia, for instance, may read like this:

“Your NetBank access and attached cards have been suspended. Log on to Netbank at [FAKE LINK] to restore your access.”

Should you encounter these messages in 2020, never click the link! Call the company directly to verify the authenticity of the message and warn other employees who may have received the same email. Then ask your IT team to update spam filters to reduce the likelihood of the same scams.

2. Fake rewards

Winning cash rewards or free tickets may be exciting, but if it’s too good to be true, it probably is. Keep your guard up, especially if the email or SMS leads you to a strange website to claim your prize. Since the 2020 Olympics are coming up, expect emails giving you the chance to win “free” tickets this year.

3. Bogus bushfire appeals

Australia’s devastating bushfire crisis has prompted Aussies and people abroad to offer support in any way they can. So far, millions of dollars have been raised to support the wildlife, indigenous community, and other fire relief efforts.

However, the Australian Competition and Consumer Commission (ACCC) has warned people to be careful of who they donate to. Reports found that scammers have been preying on the generosity of individuals, resulting in 86 bushfire-related scams. The scams included fraudulent fundraising websites and calls impersonating charity organisations to steal money from potential donors. Scammers also masqueraded as bushfire victims via text and email to solicit cash directly from people.

Unfortunately, these scams won’t end as long as there are twisted cybercriminals willing to take advantage of a bad situation. The safest way to avoid these scams is to do a thorough background check before donating. Make sure to verify any charities asking for donations through the Australian Charities and Not-for-profits Commission (ACNC). Some organisations you can trust include the NSW Rural Fire Service, the Red Cross, and the RSPCA bushfire appeal.

4. Government scare tactics

This type of phishing scam involves scammers impersonating government authorities such as the AFP to coerce victims into providing information. Messages will often look like an AFP-branded subpoena that demands you enter personal information on a fake website.

Despite how authentic these government emails may seem, don’t fall for them. The AFP doesn’t issue subpoenas via email, let alone ask for sensitive information. The same goes for other government agencies. If you ever receive these emails, don’t click on any links and delete the message right away.  

5. Australian Taxation Office (ATO) fraud

If you ever receive an SMS or email from the ATO regarding tax affairs, be careful. Scammers usually impersonate the ATO to trick users into clicking dangerous links or giving away personal details. Last year, ATO scams ranged from fake tax refunds to outstanding debt notifications threatening arrests for noncompliance. 

You can expect more of these scams during the 2020 tax season (July 1 to October 31), so be prepared. For starters, the ATO will never ask you to access online service or provider information over emails or SMS. If there’s a tax-related issue you need to know about, it’ll be on your official myGov account. You should also verify unsolicited ATO messages by contacting the ATO directly and reading up on the latest scams.

6. Business email compromise (BEC)

BEC, or CEO fraud, occurs when scammers impersonate senior staff over email and trick employees into making unauthorised wire transfers. Unlike with traditional phishing attacks, BEC scammers can circumvent basic spam filters because they don’t use malicious links or attachments. Instead, they spoof company emails and craft convincing messages tailored to inexperienced accounting staff.

For example, scammers masquerading as an out-of-town executive may request a wire transfer under the pretense of an emergency. Other times, scammers may impersonate lawyers or trusted suppliers and send fake invoices to your business.

If you or your employees receive unexpected emails requesting cash, always treat them with caution. Confirm the email directly (over the phone or in-person) with the executive, supplier, or legal staff that asked for payment. If something does not add up, inform your team, update your access restrictions, and patch your email security software.

7. Advanced vishing 

Phone phishing, or vishing, is a growing threat in Australia. Certain phishers prefer to deceive their targets over the phone because it’s much easier to do so. Phone calls create a sense of urgency and encourage people to answer quickly without questioning the source of the call.

What’s worse, cybercriminals are putting a high-tech twist to vishing scams by employing AI-generated audio to impersonate people’s voices. This means scammers will be able to impersonate CEOs and level up their BEC scams. That’s why it’s crucial to have strict policies against wire transfer requests or giving away sensitive information over the phone. 

8. Holiday-themed cons

Whether it’s Australia Day or Christmas, phishers are always standing by to ruin your company’s holidays. They may pose as genuine retail companies to steal credit card data or offer cheap travel tickets to private information. Don’t fall for these obvious ploys. Treat every email and text message with suspicion.

Whatever phishing scam crops up in 2020, always be critical of everything online. Empower IT also provides expert guidance and exceptional cybersecurity solutions to reduce the risk of phishing. Call now to get protection from Australia’s leading managed IT services provider.