Australian Businesses Lose $14 Million to Cyber Scams: ACCC
March 30, 2021 10:32 pm
Tags: ACCC, Australia, Businesses, International, payment, Scam, spoofing, World
Categories: ACCC Australia Businesses Epoch Times International JoshWho News payment Scam spoofing World
The ACCC is reporting that Australian businesses have lost more than $14 million as a result of payment redirection scams, with the average losses in 2021 more than five times higher than average losses in the same period last year.
The scams, also known as business email compromise scams, impersonate businesses or employees via email and request payments to a fraudulent account.
ACCC Deputy Chair Delia Rickard said that there were increasing reports from businesses, sports and community clubs of significant losses.
“An increasing number of reports are coming from sports and community clubs which reported more than $55,000 in losses to payment redirection scams last year. It is likely we will see similar figures this year, with $18,000 already reported lost so far in 2021,” said Rickard.
One victim, the ACCC said, lost an estimated $16,500 in a single transaction after a scammer sent updated bank details to a customer after hacking a staff member’s email and redirecting the payment to the scammer’s personal bank account.
The ACCC recommends that all companies now take the time to consider whether an email is real by looking carefully at the email address before acting on any financial instructions.
“Payment redirection scams impact businesses across many industries, including real estate, construction, law, recruitment, and universities,” Rickard said. “It can be difficult to recover money lost to a payment redirection scam, so prevention is really important.”
“Scammers tend to target new or junior employees, or even volunteers, as they are less likely to be familiar with their employer’s finance processes or the types of requests to expect from their supervisors,” Rickard said.
“We recommend organisations ensure their staff are well trained in the company’s payment processes and remain aware of payment redirection scams,” she said.
Currently, the ACCC has noted that they have received reports of cybercriminals utilising a variety of methods in these schemes, including posing as staff members, where they request the employee’s salary be paid into the scammer’s bank account to hacking into legitimate email accounts and intercepting real invoices to amend bank details before releasing emails to the intended recipients.
“Whenever there is a request to change payment details, always check with the organisation using stored contact details, rather than those in the requesting communication,” Rickard said.
- UK Summons Chinese Ambassador Over Beating Of BBC Journalist December 2, 2022
- November Payrolls Preview: A Miss Will Be Good For Stocks But A Huge Miss Means Recession December 2, 2022
- America To Unveil World’s First Sixth-Generation Bomber Friday December 1, 2022
- Why Is Booz Allen Renting Us Back Our Own National Parks? December 1, 2022
- Congress Adds $45 Billion To 2023 Military Budget December 1, 2022
- San Francisco Approves Lethal Police Robots After ‘Unhinged’ Board Of Supervisors Hearing December 1, 2022
- White House “Isn’t Taking A Side” On Cause Of Anti-Lockdown Protests In China December 1, 2022
- Lava Flows From Mauna Loa Volcano Could Reach Major Hawaii Highway “In Days” December 1, 2022
- This Is Of Course Insane December 1, 2022
- Here Are The Best And Worst Performing Assets In November And YTD December 1, 2022
- Railroaders Say Morale, Quality-Of-Life At All-Time Low December 1, 2022
- GOP Senators Say They Will Block Military Funding Unless Vaccine Mandate Scrapped December 1, 2022
- Court Rejects Joe Biden Push to Remove Block on Student Debt Transfer Program December 1, 2022
- Continuing Jobless Claims Hit 10-Month Highs As Layoffs Exploded In November December 1, 2022
- Schiff: Fed Soft Pivot In Play; Markets Ignore Powell’s Hawkish Talk December 1, 2022
- Fed’s Favorite Inflation Signal Dips (Holds Near 40 Year Highs) As Savings Rate Crashed December 1, 2022
- EU Threatens to Ban Twitter Over Elon Musk’s Free Speech Plans December 1, 2022
- Biden Admin Pledges $53 Million To Help Restore Ukraine’s Damaged Power Grid December 1, 2022
- EU Threatens Musk With Twitter Ban Over Content Moderation December 1, 2022
- ‘Operation Pelican’: Details Of UK’s Secret Op To Seize Assange Revealed December 1, 2022
- Not Acxiom (unverified) - 51,730,831 breached accounts November 22, 2022In 2020, a corpus of data containing almost a quarter of a billion records spanning over 400 different fields was misattributed to database marketing company Acxiom and subsequently circulated within the hacking community. On review, Acxiom concluded that "the claims are indeed false and that the data, which has been readily available across multiple environments, […]
- GGCorp - 2,376,330 breached accounts November 8, 2022In August 2022, the MMORPG website GGCorp suffered a data breach that exposed almost 2.4M unique email addresses. The data also included IP addresses, usernames and MD5 password hashes.
- Lolzteam - 398,011 breached accounts November 6, 2022In May 2018, the Russian hacking forum Lolzteam suffered a data breach that exposed 400k members. The impacted data included usernames and email addresses which were later redistributed via another hacking forum. The data was provided to HIBP by a source who requested it be attributed to "ZAN @ BF".
- Doomworld - 34,478 breached accounts October 24, 2022In October 2022, the Doomworld fourm suffered a data breach that exposed 34k member records. The data included email and IP addresses, usernames and bcrypt password hashes.
- E-Pal - 108,887 breached accounts October 24, 2022In October 2022, the service dedicated to finding friends on Discord known as E-Pal disclosed a data breach. The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. The data was subsequently distributed via a popular hacking forum.
- Wakanim - 6,706,951 breached accounts October 6, 2022In August 2022, the European streaming service Wakanim suffered a data breach which was subsequently advertised and sold on a popular hacking forum. The breach exposed 6.7M customer records including email, IP and physical addresses, names and usernames.
- Bhinneka - 1,274,340 breached accounts October 6, 2022In early 2020, the Indonesian consumer electronics website Bhinneka suffered a data breach that exposed almost 1.3M customer records. The data included email and physical addresses, names, genders, dates of birth, phone numbers and salted password hashes.
- TAP Air Portugal - 5,067,990 breached accounts September 23, 2022In August 2022, the Portuguese airline TAP Air Portugal was the target of a ransomware attack perpetrated by the Ragnar Locker gang who later leaked the compromised data via a public dark web site. Over 5M unique email addresses were exposed alongside other personal data including names, genders, DoBs, phone numbers and physical addresses.
- Brand New Tube - 349,627 breached accounts September 8, 2022In August 2022, the streaming website Brand New Tube suffered a data breach that exposed the personal information of almost 350k subscribers. The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages.
- START - 7,455,386 breached accounts August 30, 2022In August 2022, news broke of an attack against the Russian streaming service "START". The incident led to the exposure of 44M records containing 7.4M unique email addresses. The impacted data also included the subscriber's country and password hash. START subsequently acknowledged the incident in a Telegram post and stated that the data dated back […]