You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
accountants daily logo

Payment redirection scams cost SMEs $7m, warns ASIC

Regulation

Small and microbusinesses were hit hardest by the swindles in 2021.

By Josh Needs 11 minute read

ASIC is urging businesses to be wary of payment redirection scams after the ACCC revealed micro and small businesses had been affected by them the most in the last year. 

In 2021 ACCC’s Scamwatch received 3,624 reports from businesses regarding payment redirection scams with $13.4 million reported lost, of that $7 million was attributed to small and microbusinesses with small businesses impacted by the highest median loss of $3,812.

The ACCC defined a microbusiness as those with zero to four staff and small business as only having five to 19 staff. 

Payment redirection scams involve defrauders impersonating a business or its employees via email and requesting an upcoming payment be redirected to a fraudulent account, said ASIC.

The commission said that payment redirection scammers have a number of ways of implementing their scams, in some cases they hack into a legitimate email account and pose as the business by intercepting actual invoices and amending bank details.

While in other instances scammers impersonate people by using a registered email address that is very similar to one from a legitimate business.

==
==

The increase and costly result of scams has led to ASIC re-emphasising steps businesses can take to protect themselves.

The four steps that ASIC provided were, to understand your duties, take action, aim for continuous improvement and remain vigilant.

Within step one, to understand your duties, ASIC said that company directors and business owners need to recognise the cyber-security risk and how to best protect the business, to assist with this ASIC had published a list of cyber-risk governance questions to be considered.

Step two was to take action, this step is for heads of companies to ensure vigorous cyber-security resilience strategies are in place to protect against threats and scams, said ASIC.

Under step three ASIC said that implementing cyber security was not a set-and-forget job but required constant revision and improvement to be able to stay ahead of constantly evolving threats.

The final step, to remain vigilant, ASIC said that businesses needed to constantly be assessing new ways individuals are trying to scam them.

For a business that has been scammed ASIC said it needed to stop sending money to the company, contact its bank, be wary of follow-up scams posing as offers to recoup lost funds and report the scam to Scamwatch.  

ASIC said that if your business has been scammed in relation to a financial product or service it needs to lodge a report of misconduct to ASIC, report it to the bank and consider reporting the matter to police.

Josh Needs

Josh Needs

AUTHOR

Josh Needs is a journalist at Accountants Daily and SMSF Adviser, which are the leading sources of news, strategy, and educational content for professionals in the accounting and SMSF sectors.

Josh studied journalism at the University of NSW and previously wrote news, feature articles and video reviews for Unsealed 4x4, a specialist offroad motoring website. Since joining the Momentum Media Team in 2022, Josh has written for Accountants Daily and SMSF Adviser.

You can email Josh on: This email address is being protected from spambots. You need JavaScript enabled to view it.

You are not authorised to post comments.

Comments will undergo moderation before they get published.

accountants daily logo Newsletter

Receive breaking news directly to your inbox each day.

SUBSCRIBE NOW