Over the past 15 years, financial institutions and service providers have increasingly sought to communicate and provide statements through electronic means. Whilst its good for the environment, efficient and provides significant postage savings, it has enabled simple and more sophisticated cyber-criminal activity.
The widespread disruption caused by COVID-19 compounded our reliance on online systems as employers sought to maintain their businesses and employees worked from home. Simple communications like email have been expanded to include access to business systems, reports and servers. Unfortunately, this increased online activity has provided opportunities for criminals to hack into corporations, businesses and residential online systems including email.
The Australian Federal Police (AFP) advised that the Business Email Compromise (BEC), is now a persistent threat worldwide. In Australia, financial losses in the past 12 months have been significant, with fraudulent transactions exceeding $79M. These Cybercriminals actively seek to steal from and defraud businesses and households through data ransoms and unsolicited actions. The AFP has advised that “cyber criminals are using both basic and sophisticated techniques to target and trick their targets.”
If you are transferring money online to a friend or business, “do your due diligence.” Call the person or institution you are dealing with to confirm the correct bank account and ensure you are comfortable with the transaction. Given the opportunity, these criminals will intervene in money transfers or instigate transactions seeking to change bank details into fraudulent accounts.
If you receive any unsolicited or communications seeking to change payment instructions or advising you to deposit funds into a revised or new banking account, please call your services provider immediately to confirm the correspondence received and account details. If you have any doubts, do not proceed.
These simple steps may take a few minutes, but it may prevent you from falling victim to these fraud scams. Ironically, a simple phone call verification remains one of our best defences against these cyber criminals.
Separately, mobile phone scams targeting parents, grandparents and friends are now widespread. These scammers seek urgent funds deposited into a specified bank account to replace a lost mobile phone and expenses. Cybercriminals access mobile networks, and text message data, targeting people they believe may have the resources to make a quick payment.
Again, please ring and speak to, or email the person involved, and do not transfer any money until you are satisfied. If you receive a text, respond with personal questions these criminals cannot answer and await the response.
Whilst we have undertaken to prepare this newsletter to ensure our clients are reminded and informed about potential cyber-criminal risks, we have and will continue to apply a two-factor identity and transaction checks when we receive client requests. To add further to these security measures, we have also introduced password protected attachments to emails. This will ensure future financial reports, documents and statements can only be accessed through passwords which will be provided via phone.
In developing this update, we hope that you and your friends and business colleagues heighten their awareness of cybercriminal activity. These criminals actively seek to access and then monitor online facilities looking for opportunities. Do not respond to payment directions until you have verified the account details with the recipient. We also encourage all clients and related parties to consider the material and content provided through email and mobile phone exchanges.
Andrew Moo – CFP
(Darwin Financial Services)