Cyber Brief for CFOs: November / December 2024
All the news, tactics and scams for finance leaders to know for November / December 2024.
Phone scams are on the rise. Australian organisations are being targeted as never before. Telcos are working hard to stop the threat, but face a range of constraints, not the least of which is the ability of scammers to circumvent any new controls.
In this blog we explore the phone scams now impacting Australian organisations, and how to ensure they don’t result in your organisation facing costly financial and reputational consequences.
In December 2020, the Australian Communications and Media Authority (ACMA) introduced new rules to force telcos to do more in the fight against scam phone calls.
Under the rules, telcos need to take steps to block scam calls originating in their networks. They also need to block those calls transiting through their network. Importantly, the telcos are expected to identify characteristics of scam calls and to share that information with other telcos. The idea behind this initiative is that through the sharing of information, all telcos will be better placed to keep a lid on scam phone calls.
One of the more challenging aspects of the rules requires telcos to take measures to combat number spoofing, in which scammers over-stamp the originating telephone number with another number, so the call appears to be from a legitimate organisation.
Yet, despite the best of intentions, the problem of scam phone calls has not gone away.
In the ten months since the new rules were introduced, Australian telcos reportedly blocked over 200 million scam calls. Yet not only does the problem persist, it seems to be getting worse. Text and phone call scams have exploded during the pandemic. The latest data shows that Australians reported a record $77.8 million in losses so far this year in phone scams.
While the focus has primarily been on the impact these scams are having on individuals, there is no doubt that businesses are also being impacted.
Despite the best of intentions, telcos in Australia continue to struggle against cyber-criminals and scammers who are regularly embracing new tactics.
The industry’s peak body, the Communications Alliance, recognises more needs to be done. They are developing a new industry code that aims to identify, trace, block and disrupt SMS scams. According to John Stanton, CEO of the Communications Alliance, the proposed code had been delayed due to regulatory concerns around accessing confidential data, but that a new code was expected by the end of the year.
Even though the telco sector in Australia is seeking to clamp down on phone scams, the reality is that there will always be a limit to what can be done.
Some of the most common phone call scams currently being perpetrated against Australian business include:
Whether it’s a reminder of an unpaid bill, or a pre-recorded political message at election-time, Australians have become used to receiving automated phone calls.
Known as “robocalls,” these computer-generated calls are also now widely used by cyber-criminals. When answering a robocall, you’ll either hear a computer-generated message, or the call might disconnect within seconds.
There are a number of robocall tactics doing the rounds. Cyber-criminals may be trying to obtain information about you for use in a future scam. They may even be seeking to record a snippet of your voice for use in Deepfakes.
Never follow the instructions provided to you in an automated phone call. Any message claiming to be from a Government agency, such as the ATO, is almost certainly fake. You should also avoid saying the word “Yes” during a robocall, as criminals have been known to use a recording of this word in a variety of identity theft scams.
Cyber-criminals understand that unsuspecting victims are more likely to answer a scam phone call if the number being displayed looks vaguely familiar.
With many of the cyber-criminal syndicates based overseas, they know people are less-likely to answer a call originating from another country. Therefore they resort to spoofing by over-stamping the CLI of a call to display a number that resembles the phone number of the person receiving the call. They usually change the last couple of digits.
Cyber-criminals may attempt to deceive staff in your organisation to transfer funds, or reveal sensitive data, through fake products, investments or even by pretending to represent charities.
Many cyber-criminals find that live phone calls are more effective than robocalls when launching impersonation scams. They may impersonate representatives of Government agencies or trusted commercial partners. The aim is usually to obtain sensitive data from your organisation.
Phishing is a well-known tactic where cyber-criminals send emails containing malicious links or attachments. Another increasingly common tactic is SMS phishing, otherwise known as smishing. Just like the email version, this attack sees cyber-criminals sending malicious links, however their delivery tactic is via SMS rather than email. Often the SMS is spoofed to appear to be sent by a well-known brand or Government agency. Clicking on the malicious link in the SMS allows the cyber-criminals to steal sensitive information.
With so many phone call scams currently being perpetrated against Australian organisations, every organisation should be doing more than simply relying on staff to identify these sophisticated attacks.
Most staff are not trained experts in identifying and blocking scams. It places undue stress on staff when they think they are their organisation’s only line of defence. Furthermore, it is placing your organisation at heightened risk of losses and reputational damage.
There is a better way to stop phone scams.
Most scammers looking for ways to steal from your organisation. With eftsure integrated into your accounting processes, you can gain assurance that outgoing EFT payments are only being sent to legitimate recipients. Payments being sent to unidentified third-parties will be flagged, giving your Accounts Payable team valuable time to pause the payment pending a deeper investigation.
To learn more about eftsure, and how we can help your organisation avoid the risks of phone scams, contact us today for a free demonstration.
All the news, tactics and scams for finance leaders to know for November / December 2024.
Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all …
Discover key insights from the OAIC report on data breaches, including the impact of human error and strategies for CFOs to protect their organisations.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.