By Emma Koehn
As the end of year rush hits small businesses, the threat of false billing scams looms large and the consumer watchdog is warning vigilance is key as losses pile up.
Over the past two months, firms like email security business Mailguard have raised the alarm about a range of PDF and invoice emails impersonating brands and services that small businesses regularly interact with.
ACCC deputy chairman Delia Rickard has warned businesses to review the process they use to pay accounts as losses from fake billing jump.
Last week Mailguard released a warning for an MYOB invoice scam doing the rounds, where a link to a professional-looking invoice leads to a blank page which likely contains phishing software.
MYOB general manager of clients, Nick Burkett, says its users should never open an invoice from an unfamiliar company or one they are not expecting.
"Only open emails and links sent by trusted email addresses. Legitimate invoices from MYOB small business products will only come from accountright[at]apps.myob.com or noreply[at]apps.myob.com and links from genuine MYOB emails to external sites will start with links.apps.myob.com," Burkett says.
Other similar brand impersonations Mailguard has identified over the past year have included cloud accounting firm Xero, courier FedEx and banks like Westpac and ANZ.
ACCC deputy chair Delia Rickard says there are a range of false billing scams out there which have the capacity to be "particularly damaging" to businesses' bottom line, warning them to review accounts practices in the lead-up to the end of year.
"It’s vital they have effective management procedures such as a clearly defined process for verifying and paying accounts and invoices. For example, this might include a multi-person approval process for transactions over a certain dollar threshold," Rickard says.
Losses jump
The value of losses to fake billing scams is up 46 per cent so far this year compared with 2017, with two months' worth of data still to collect.
The ACCC's Scamwatch project reports that 8880 Australians have reported these kind of schemes so far this year, leading to $4.1 million in losses.
Across the whole of 2017, $2.8 million was lost to this kind of scam activity.
Business owners like Harry Baruhas says fake bills from genuine-looking sources hit his inbox multiple times a day.
"They're from companies I've never heard of — I take a quick look and delete," he says.
Baruhas runs Info-Organiser, providing clients with data management solutions for compliance purposes. He deals with hundreds of thousands of invoices a year.
But even this business says it's constantly being hassled by scammers sending through fake bills in hopes of either harvesting banking details or securing a direct payment.
Baruhas says he's always warning clients not to fall for such emails, but says it's tough because these operators are becoming "sneakier and sneakier".
"The messages they create look like a message that's coming from legitimate software," he says.
November has proved a challenging month for false billing in the past. Last year, more cash was lost to false invoices in November than any other month, with more than $700,000 evaporating, according to Scamwatch.
Just over five 5 per cent of scam reports last year resulted in a financial loss, but so far this year that number is 11 per cent.
Founder of cybersecurity firm Combo David Markus says the threat game has changed for small businesses.
Previously, businesses had to watch out for spam emails pretending to be from genuine accounting software providers.
These days, business owners should also be double checking the details on invoices that they are genuinely expecting, because scammers are now also intercepting emails to tailor fake bills that dupe actual invoices.
"They often actually know the value of an invoice now, and these invoices appear absolutely genuine in their appearance," Markus says.
The only way to guarantee an invoice is genuine is pick up the phone, he says.
"The only way to short circuit it is to call [the invoicer's] finance department on a number you know."