A recent report has revealed that small businesses in Australia, commonly referred to as “mum and dad” businesses, are the primary target for cyber criminals. These businesses have fallen victim to email-related scams, resulting in significant financial losses. In the 2021/2022 period alone, businesses reported losing over $98 million, with an average loss of $64,000 per successful breach. The Australian Federal Police (AFP) has been working diligently to retrieve the stolen funds and compensate affected companies.

One of the most frequently used tactics by scammers is known as business email compromise. This involves hacking into businesses’ email accounts or creating fake accounts that mimic a legitimate company. From there, fraudsters alter bank and contact details on invoices, redirecting funds into their own accounts or tricking employees into revealing sensitive information.

The AFP has identified cyber criminal networks located in Africa and Eastern Europe, as well as domestic scammers and groups, as the culprits behind these online scams. Chris Goldsmid, AFP Cybercrime Operations Commander, described cybercrime as the “break-in of the 21st Century” and highlighted the need for businesses of all sizes to stay vigilant and take necessary precautions to protect themselves and their sensitive data.

Commander Goldsmid emphasized that anyone who becomes a victim of cybercrime should report it immediately. He advised securing compromised accounts and notifying any affected third parties. Businesses are encouraged to utilize the Australian government’s reporting tool, ReportCyber, and contact their banks within 24 hours of discovering stolen funds to increase their chances of recovery.

The impact of cybercrime on small businesses cannot be underestimated. Commander Goldsmid acknowledged their importance as the “engine room of Australia” and reassured business owners that the AFP is actively working to safeguard them from cyber criminals looking for an easy payday. Under Operation Dolos, the AFP has successfully returned $45 million worth of stolen funds to businesses over the past three years.

To protect themselves and their businesses, individuals and organizations are advised to adhere to a few key measures. Firstly, caution should be exercised when opening links or attachments in suspicious emails or from unknown senders. It is essential to train employees to identify potential phishing emails to minimize risk. Secondly, access levels within the business should be limited to reduce vulnerability, and access should be revoked when employees change roles or leave the organization. Additionally, it is urged to move away from simple passwords and adopt multifactor authentication and strong passphrases. Finally, before making any transactions, it is crucial to verify account details to ensure the legitimacy of the request.

By following these recommendations and remaining vigilant, businesses can enhance their cybersecurity measures and mitigate the risks posed by cybercriminals. The AFP continues to prioritize the protection of businesses and is committed to combatting cybercrime effectively. As technology evolves, it is crucial for individuals and businesses alike to stay informed and educated on the latest threats and preventative measures to safeguard their digital assets.

Source link