Identify cyber threats to your business
Running a business comes with its share of risks especially if you conduct any part of your business online. Using the internet and emails can make your business a target for cyber criminals from anywhere in the world.
Cyber criminals will often go to great lengths to convince you that their offer or request is genuine. It’s important you remain aware of typical scams and malware and know what to do if you’re targeted.
Common scams targeting businesses
Your business holds sensitive data and information that cyber criminals would love to access. Whether it’s sent through emails or stored on your hard drive, cyber criminals have ways to gain access to your valuable data.
Learn to recognise common online scams to avoid getting caught out.
Phishing are fake messages trying to trick you into giving out your personal or financial details. Some messages may look real, by using company logos and branding, and linking to authentic looking websites.
Phishing messages are common scams that you receive by email, text message, social media or over the phone. You and your staff should never respond to unknown messages requesting personal information, or click on links to unknown sources. It’s important that you and your employees know how to identify scams.
Features to look out for:
- sender - check to see if the email is from someone you know
- misspelt words or poor grammar
- messages offering deals too good to be true
- messages asking you to validate or confirm your personal information
- messages claiming to be from a trusted business or government department but sent from a generic email address such as Hotmail or Gmail.
Pharming is another common scam where the scammer puts a malicious code on your device that takes you to a fake version of a legitimate website. Pharming is similar to phishing as criminals rely on a fake website and theft of personal details.
E-commerce and online banking sites have become popular pharming targets.
How to protect yourself:
- use a trustworthy internet service provider (ISP)
- check the URL is correct and doesn’t redirect to a slightly different spelling
- make sure the http changes to https when the online process asks for your payment details or user name and password. This indicates a secure browser
- look for a closed padlock or unbroken key icon at the bottom right hand corner of your browser window. This also indicates that the site is secure
- check the secure website has a valid certificate of authority and make sure that the name on the certificate matches the site you are visiting
- check the web address is correct - hover the mouse over the link to see that the URL address will lead to the correct destination
Malware is malicious software which spreads viruses, Trojans, worms and spyware through email messages, bogus websites, pop-up ads and infected files. It works by installing software onto your computer, which then allows the cybercriminal to access your files. They could then use your information to authorise purchases on your credit card or open accounts in your name.
Ransomware is a type of malware, often spread through phishing emails or a bad app, which locks your computer’s content. The victim clicks on a link or downloads a file that allows the cybercriminal to demand a ransom to unlock your computer.
- prevent you from using your devices
- encrypt your files so you can’t open them
- stop you from running applications.
It’s difficult to prevent a ransomware attack but there are ways to help protect yourself if one happens. The best way is to safeguard your data is by making sure you:
- have all your files and information backed up on a separate device
- disconnect your computer from the network and turn it off to stop the malware from spreading
- seek technical assistance to help clean up the infected computer.
It’s not wise to pay the ransom as you can’t guarantee the scammer will unlock your files. The scammer may also infect your computer again if they know you are willing to pay the ransom.
Invoice email scam
This scam involves scammers pretending to be legitimate suppliers advising changes to payment details. You may not realise until your business receives complaints from suppliers that payments did not occur.
To mitigate this risk, firstly be aware of potential scamming and have checks in place to ensure you pay the right suppliers. Ensure the supplier verifies all major invoices using contact details you already have on record before paying.
Find out more:
- Read keep your business safe from cyber threats for more on how to keep your business cyber secure.
- Find out more on how to protect your business from cybercrime.
- Check the ATO's Online security webpage for the latest updates on ATO related scams.
- Visit Scamwatch's Protect your small business page for more information on scams targeting small business owners, and learn how to protect yourself from scammers.
- Download the ACCC's Business scams fact sheet.
- Find recently reported scams by registering for free Scamwatch radar alerts to be sent to your inbox.
- Get the facts about Protecting your business from Stay Smart Online.
- Read The Little Black Book of Scams, published by the ACCC, to learn more about popular scams and tips to avoid them.
- Visit the ACCC's Avoiding scams webpage.
- Report a scam to Scamwatch online.