South Australian businesses are being hit by a growing wave of financial fraud, with cybercriminals impersonating trusted SA businesses in an attempt to receive fraudulent payments.
This ongoing scam is designed to look incredibly convincing—so much so that businesses are unknowingly handing over sensitive details.
How does the scam work?
Cyber criminals – or threat actors – send emails that appear to come from familiar South Australian or Australian businesses, vendors, and service providers.
In these emails, they ask to update contact and banking details of the impersonated business to the new details provided by the threat actor.
They might also request a copy of a remittance advice, either in the same email or after the details have been changed. To make their requests seem even more credible, they may follow up with a phone call or include a fake contact number in the email.
In the weeks that follow, threat actors often send an invoice with new banking details, using a signature from accounts or finance staff of the impersonated company. The emails include the updated contact information, but the legitimate ABN of the business.
Common warning signs
- Changes in the email address: Threat actors often create email addresses that closely resemble those of legitimate businesses, sometimes adding extra letters like "pty" or "au," or intentionally misspelling the company name.
- Generic messaging: Threat actors often address recipients using vague terms like "Sir/Madam," "To Whom It May Concern," or simply "Team."
- Urgency: Threat actors often create a sense of urgency by using phrases like "effective immediately" or imposing time limits to pressure targets into complying with their requests.
If you receive an email asking for updated contact or banking information, don’t act on it immediately. Always verify the request directly with the business in question before making any changes.
How can you protect your business?
The South Australian Government is helping small businesses to manage their cyber risks and protect their operations and customers through the Small Business Cyber Uplift Program (CUSP).
Delivered in partnership with the Australian Cyber Collaboration Centre, the program offers affordable cyber security education and support to help you develop the skills and knowledge to implement cyber security measures quickly and efficiently.
For a contribution fee of $500, participating business can get access to:
- One-on-one consultations with a cyber coach
- A cyber security roadmap tailored to your business
- Online training and tools
- Workshops and networking events
- One-year affiliate membership with Aus3C.
