It’s that time of the year again! Tax time is not just a busy time for Migration Agents, but for any small business. Consequently, it is also the prime time for prowling cyber criminals to plan and launch scams and cyber attacks. This is due to an increase in personal details being exchanged online and the ever-increasing sophistication of hackers and their methods of getting their hands on personal data.

The figures reveal a scary insight. The Australian Competition & Consumer Commission’s (ACCC) Scamwatch website received 56,531 reports for ‘Attempts to gain your personal information’ during 2017, resulting in $5 977 877 lost.

These days most of us communicate digitally, making it no surprise that emails and phone messages were identified as two of the most common channels that spammers use to gain access to personal information. So how do you become cyber-savvy and learn to spot a scam?

Spotting a scam

Tax time, more like Christmas time for scammers, is often when valuable pieces of personal and business information, such as names, dates of birth, tax file numbers, bank account details and BAS statements,  are often required from trusted authorities - in particular the Australian Taxation Office (ATO), accountants and tax agents.

And scammers are getting more and more creative, crafting look-a-like official emails and impersonating official representatives via phone calls, SMS and voicemails. Here are some of the tell-tale signs to keep an eye out for, when trying to spot a scam (Stay Smart Online, 2018): 

  • Whilst the ATO does communicate with small businesses via email, they never request personal details like bank account details via email
  • Receiving an email which is not addressed to you directly
  • Be very careful with emails which may contain links or attachments, these may contain malware viruses
  • Check the email address which the email has been sent from
  • Scam emails will often be poorly worded and use incorrect grammar
  • Emails, text messages or phone calls asking for your bank account/ credit card details to process a tax refund

Common scams that target small business owners

Phishing emails: Keep an out for emails that pretend to be from a trusted entity like the ATO. These emails usually will ask you to fill out a form or click on a link which then enables the scammers to infect your computer with a viruses and malware. This is one of the popular ways a scammer will try and steal your identity and money.

Tax refund scam: A scammer may contact you advising that you have overpaid your tax and that you are entitled to a tax refund. The scammer may then ask for financial details or request you pay for an administration fee via an electronic transfer.

Tax owed scams: A scammer may claim that you have underpaid your tax and required to repay the debt. They may ask you to purchase a pre-paid debit card which they will then ask for the details of so they can access the money.

Small Business  in the sights of scammers

You may be wondering why small businesses, including Migration Agents, are a prime target? Why don’t scammers just go after the big fish? The ones with bigger profits to share? The reality is, small businesses are viewed as soft targets and make up for an alarming 60% of reported cyber-attacks in Australia. Below are some of the reasons why small businesses are in the sights of cybercriminals:

  • They hold valuable data: there is a misconception that just because your business is small, you don’t hold a lot of valuable data. In most cases this is wrong. Migration Agents in particular, hold a wealth of sensitive data about their clients, as well as their own business.  The data you hold can also act as a great pivot point to accessing the details of your valued partners.
  • IT infrastructure and network security is generally weaker: do you manage your own IT systems or do you outsource it to a professional IT consultant or company? What security measures have you put in place to protect your systems, for example, anti-virus software and firewalls, and are they updated regularly?
  • Lack of education on cyber risks: are you and your employees adequately trained on what to be aware of, how to prevent a cyber incident from occurring and recognising when a data breach has occurred?
  • Limited resources: do you have sufficient resources and an incident response plan to manage a potential cyber attack or data breach?

Did you know?

  • Australia faced over 10 million cyber attacks in 2017.
  • The average cost to an Australian business that has been attacked is $2.82M, with the average cost per lost record estimated at $144 (Dual Australia).

A study conducted by Clyde & Co found that 18.3 percent of the total costs incurred from a cyber claim are related to Data Breach Notification costs alone, with the average cost of managing and rectifying a breach being $140 per compromised record.

Protecting your business

Be a step ahead of the game by making sure your business is educated and aware of the different types of scams and cyber risks that are out there, and that you have a solid cyber-security strategy in place. The ACCC provides regular updates about scams which may be circulating and are a good resource for staying in the know. In addition, the ATO also lists the latest scam alerts in which they are being impersonated by scammers.

As they say, prevention is better than cure, and that’s where Cyber Liability insurance can be a valuable tool in protecting your business. .

What is Cyber Liability insurance cover?

Cyber Liability is designed to cover your business against the expenses and legal costs associated with data breaches that may occur after being hacked, or from the theft or loss of valuable client information. A potential breach could occur from something as simple as accidentally leaving your laptop in a taxi where it can end up in the wrong hands.

What does it cover?

  • Business interruption costs
  • Investigation and data recovery costs
  • Fines and penalties
  • Extortion costs
  • PR and crisis management costs

What is not covered?

  • Any amount misappropriated by fraudsters
  • Replacement equipment
  • Property damage
  • Prior known facts/instances
  • Intentional acts

How to report a scam

No matter how careful you  may be in preventing a scam, it can unfortunately still happen. Below are some of the key government bodies you will can report an incident to:

ACCC Scamwatch website provides an online form to report the crime through https://www.scamwatch.gov.au/report-a-scam

The ATO provides information on current scams involving the ATO, how to verify and report an ATO impersonation scam: https://www.ato.gov.au/general/online-services/identity-security/verify-or-report-a-scam/

Australian Cybercrime Online Reporting Network (ACORN) is a secure reporting and referral service for cybercrime and any online incidents which could be in breach of the law: https://report.acorn.gov.au/

The impact of falling victim to a scam or cyber attack can have a devastating impact upon a business, especially if the financial capacity isn’t there to recover from the incident. Don’t let cyber criminals scam their way into your small business this tax time, start protecting your business today.

BizCover is the official insurance partner of Migration Alliance. As a member of Migration Alliance, we’ll give you an exclusive discount on top of our already low price. Click here to get a quote and enter code MABIZ001 at checkout, or mention the code over the phone.

BizCover™ Pty Ltd (ABN 68 127 707 975; AFSL 501769). This is general advice only and does not take into consideration your personal circumstances.