Picture: stock
The growing sophistication of online scams is prompting the Australian Federal Police (AFP) to highlight ways people and businesses can protect themselves.
With October designated Cyber Security Awareness Month, the AFP-led Joint Policing Cybercrime Co-ordination Centre (JPC3) is talking about Business Email Compromise (BEC) scams and how to protect against them through multi-factor authentication (MFA).
AFP Detective Acting Superintendent Darryl Parrish says BEC scams are becoming increasingly complex as criminals hack into, or create near identical, business email accounts.
Quick report helps SA woman recover $777,000 from online scam
“Cybercriminals commonly target businesses and individuals making significant payments, like property transactions, in an attempt to divert victim’s funds to a fraudulent account,” he says.
“In many cases, cybercriminals gain access to a business’ email account, altering banking details and sending the new details to clients who unknowingly transfer funds to criminals.”
Actg-Supt Parrish says businesses can set up multi-factor authentication (MFA) to add an extra layer of security.
“In other cases, the criminal (can) create a fake email address that looks like the legitimate business email. It is crucial for people to double-check emails, particularly email addresses and banking details, to avoid becoming victims of BEC scams.”
According to the Australian Cyber Security Centre (ACSC), self-reported BEC losses amounted to almost $80 million during 2022-23.
On average, the financial loss from each BEC incident was more than $39,000, affecting individuals, and small-to-medium businesses.
Actg-Supt. Parrish said cybercrime is global and it is important that overseas and domestic law enforcement bodies work closely together.
Binance Investigations Specialist Robert Thomson says public blockchains, where all transactions are visible and trackable, makes it easier to trace and recover funds but that user vigilance is required.
“Binance works closely with law enforcement authorities around the world to help users impacted by hacks or theft to get the support they need,” Thomson explains.
“However, … we strongly urge all users to remain vigilant. Ultimately, users themselves play the largest role in safeguarding their assets, which is why we do our best to continuously educate and inform our users of potential scams.
“It is critical to stay informed, use strong security practices, and be cautious of potential scams.”
Protect yourself:
Turn on multi-factor authentication which uses two or more ways to verify a person’s identify such as.
- What you know: PIN or passphrase;
- What you receive: Code sent to you via an authenticator app, text or email; and
- Who you are: Biometrics like a face scan or fingerprint.
If you receive an email prompting you to make a payment:
- Contact the person or organisation separately, using different contact details you have verified separately to check if they are likely to have sent the message;
- Check details such as the spelling of a sender’s domain name. Double-check by comparing it to previous correspondence”
- Think before you click. Don’t click on links or download attachments from people you don’t know.
If you believe you have been the victim of an online fraud, report it immediately to your bank, then to Police via the Australian Cyber Security Centre; and to Scamwatch.
If there is an immediate threat to life or risk of harm, call 000.
If you are a victim of cybercrime, report it to police using Report Cyber.
If you, or someone you know needs help, you can contact Lifeline on 13 11 14 or Beyond Blue on 1300 224 636, who provide 24/7 support services.
