Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
If you’re one of the 21.3m regular social media users in Australia, you’ll have no doubt come across some social media scams. While some are more obvious than others, social media is the perfect hunting ground for cybercriminals looking for prey. In 2022, Australians reported losing $80.2 million to social media scams, which was up 43% on the previous year.
ASIC is onto it – it’s currently taking down 20 scam investment websites every day – but regardless, Facebook is littered with scams.
In fact, 62% of Facebook users say they encounter scams on a weekly basis (that’s the highest of any social media channel) – so it’s wise to be armed with some idea of what to look out for before your next social media scroll.
Facebook Marketplace scams are rife, and a common one revolves around the potential buyer not being able to come and view or pick up the item as they are overseas or away from home. They say a friend will collect, but they’ll send you the money first. So far, so good. They then ask if they can pay via PayID, which again is no cause for concern on its own. However, they’ll then send you a transaction message, which shows there was a problem crediting your account as you’re not a business user.
To upgrade to a business account, you need to deposit an additional sum of money. Of course, this money would go straight to the fraudster, rather than your account. PayID doesn’t have personal and business accounts – it’s simply a mechanism of associating your phone number, email address or ABN with a specific bank account to make it easier for people to pay you.
As well as PayID scams, watch out for ‘too good to be true’ deals (they are), ignore any requests to move conversations off Messenger, and if the buyer wants to receive payment in gift card or any ‘unusual’ payment platform, run.
Check out any potential buyer’s Facebook profile before responding. If they are genuine, they will usually be local and have a ‘full’ profile.
An increasingly common one on Facebook, especially for business users, is a message pretending to be from Facebook admins, letting you know your account will be suspended due to copyright infringement or similar, and to keep your account active you need to click a link. Rather than clicking the link, click on the profile of the sender to see that, while they may be using the Facebook logo, they certainly are not Facebook. Report and delete.
You will no doubt have received friend requests from people you don’t know. If you don’t know them, don’t accept. But what about requests from people you do know, and you thought you already had as a Facebook friend? This is happening increasingly, and should be reported. Criminals clone your friend’s details and create a new account, sending friend requests to their contacts. If you accept, not only are you giving them access to your personal information, but increasing the risk of clicking on links they send you.
Another tactic is a message from ‘a friend’ (a.k.a a scammer who’s hacked your friend’s profile) sharing a link to a ‘video of you’. OMG! THIS IS YOU! HAVE YOU SEEN IT YET?! No, it’s not you, and no, you should never click on the link.
We all love a bargain. Who doesn’t like to feel like we’re getting a good deal? But that desire shouldn’t outweigh good security habits. Hackers are increasingly promoting apps through Facebook ads that purport to give you fantastic discounts and coupons for all of your favourite brands. But in reality, the app you download will be malware – malicious software – that gives cybercriminals access to your phone.
Basically, if it feels like a good deal, take a step back. Often, it really is too good to be true.
A similar approach to the discount codes apps, this one will offer benefits such as ‘we’ll notify you if someone unfriends you’ and ‘find out who’s been looking at your profile’. Generally, you’ll install it, and while it might give you some insights, you’ve also given it access to a lot of personal information.
Quizzes can be a lot of fun on Facebook – but think twice about the questions you’re being asked and the answers you’re giving. Because if those quizzes are asking for sensitive information – for example, your mother’s maiden name, the name of your first pet, or your favourite cooking ingredient – you might be handing over your own Facebook password recovery questions.
Cyber crooks have used a number of high-profile personalities to endorse phony investment opportunities – which, of course, are scams. David Koch is one who’s been famously vocal about the lack of action Facebook has taken after his image and name has been used to endorse such scams. Around 60% of scam losses involve fraudulent investments – so if a celebrity is endorsing something on Facebook, it’s probably best to scroll right on by.
Romance scams have been around on Facebook for years, and the premise is simple but effective. A romance scam involves a person you’ve never met engaging with you on Facebook – for example, in response to a comment you’ve made. They gain your trust and begin direct messaging you over weeks and months – this is definitely a long game. Eventually, after winning your trust, they’ll create some type of scenario that requires you to transfer them some money – it could be to buy a flight to see you, it could be to help their sick child. Bottom line: never send money to someone you’ve only ever met online.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.