Is your business ready for tax time scams?
The end of the financial year isn’t just a busy time for businesses – it’s prime time for scammers too.
The tax time flurry of activity and the related movement of funds attract the unwanted attention of scammers so it's a good time to stop and remind your employees of the increased risk and take a few additional precautions to protect your business.
Businesses can be particularly vulnerable to fraud and deception as they rush to juggle additional correspondence and documents from customers and suppliers, and email is often the weapon of choice for cyber attacks. Malicious emails disguised as invoices or delivery notifications are commonly used to target businesses and are known to spread ransomware.
Scammers know that businesses are more vulnerable at this time and will try to take advantage. Remember that when it comes to cyber attacks against small and medium businesses, it's not a question of if, it's a question of when.
There are a number of different scams and threats to be aware of including:
- Overpayment scams – scammers may claim that the business has been overpaid and request a payment for the difference.
- Tax refund scams – similar to other types of 'advance fee fraud', scammers claim that the business is owed a tax refund but ask for sensitive financial details or a processing fee in order to transfer the funds.
- False billing scams – business are billed for goods and services such as advertisements and office supplies that they never purchased or received.
- Malicious links and malware – with additional correspondence and documents flying around, employees might be more likely to open a malicious document or click on a malicious link. For example, last month an email purporting to be from ASIC was sent to tens of thousands of businesses containing a link to malicious software and this month, according the MailGuard, a similar malicious email campaign is impersonating MYOB.
- Spear phishing and whaling – scammers use information they gather about your company to target specific employees or make their requests for sensitive information seem more realistic (and more likely to be complied with).
You can reduce the risk to your business by taking a few important precautions:
- Talk to your employees, remind them of the increased risk at this time of the year and encourage them to be vigilant to potential threats. The ATO also provides some excellent information on common types of scams and how to report one if you see it.
- Teach employees to not click links unless they are 100% certain of the identity of the sender and the veracity of the message. Learn more about using email safely in your business.
- Disable Microsoft Office macros. (Macros are small programs used to automate simple tasks in Microsoft Office documents but can be used maliciously – visit Microsoft for information on disabling macros in your version of Office).
- Limit the number of people in your business with the authority to access sensitive information, buy anything or make payments.
- Use strong passwords and don't share them across the business. Learn about how to create strong passwords and use multi-factor authentication when available.
- Keep good records and encourage employees to check if they aren't sure if a request for payment or information is legitimate.
- Don't rely on contact details provided in an email, an SMS or even in a phone call. Don't even trust the number you see on the caller ID as scammers have been known to spoof these details. Verify contact details independently.
- Keep all of the software used in your company patched and up to date, and use security software such as antivirus software, a firewall and anti-spam. Learn more about software updates and antivirus software.
If you think your business has been targeted or been the victim of a tax-related scam, contact the ATO as soon as possible on 1800 008 540 and report the crime to the Australian Cybercrime Online Reporting Network (ACORN).