Tasmanian businesses fall victim to scammers as national cybercrime remains 'most significant threat'

From hacking emails to changing invoices, ruthless criminals are managing to scam thousands of dollars from business owners every month.

In one case, a Tasmanian business owner's personal email was hacked, and $40,000 was paid to a scammer.

Fortunately that business owner reported the matter, and police were able to save the funds. But for many, the end result is different.

At least six to 10 cases of business-related scams are reported in the state monthly, and this month alone, as much as $100,000 was stolen in individual cases.

RELATED: Tasmania Police detectives investigate hundreds of thousands of dollars worth of online scams

Business scams make up roughly 6.5 per cent of all scams reported in Tasmania, with more than 100 in total each month. And the most common method used is Business Email Compromise, otherwise known as a BEC scam.

Often scammers will compromise an email account to access legitimate invoices, only to edit the contact and bank details so the funds are instead sent to the criminal's bank account.

Another way scammers compromise business emails is by impersonating employees, most commonly a senior manager, to create false invoices.

Launceston-based Detective Sergeant Paul Turner, who is the head of the state's Serious Financial Crime Team, said businesses needed to be vigilant to avoid these types of scams.

"Business owners also need to make sure their staff are trained in relation to detection, and protection of the systems they use, and to report anything suspicious immediately," he said.

Detective Sergeant Turner said there were a number of ways businesses could protect against scammers, including using passphrases instead of passwords, using multi-factor authentication for access, and backing up devices.

While BEC scams remained on the radar for Tasmanian investigators, cybercrime more generally was reported across the country every 10 minutes, with about 164 cybercrime reports made every day.

The Australian Cyber Security Centre's Annual Cyber Threat Report for July 2019 to June 2020 found cybercrime was "one of the most pervasive threats facing Australia, and the most significant threat in terms of overall volume and impact to individuals and businesses".

During the reporting period, the ACSC responded to 2266 cyber security incidents and received 59,806 cybercrime reports.

IN OTHER NEWS:

The annual report also revealed a "significant" national increase in BEC scams.

"There are lucrative underground marketplaces offering cybercrime-as-a-service (CaaS), or access to high-end hacking tools that were once only available to nation states," the report said.

"Business email compromise is a common attack vector available within CaaS markets."

Another tool to protect Australians from cyber criminals was released nationally on Wednesday.

The country's Serious Financial Crime Taskforce launched the Identikit, which outlined 10 criminal personas commonly involved in financial crime, and included a checklist of warnings signs.

Since the SFCT was set up in 2015, 15 of Australia's worst financial criminals have been convicted.

SFCT chief Will Day said victims ranged from people who had lost their life savings to scammers to people who had their identity stolen.

Led by the Australian Taxation Office, the taskforce focuses on cybercrime affecting the tax and superannuation systems, offshore tax evasion, and illegal phoenix activity - where a new company is created to continue the business of an existing company that has been deliberately liquidated to avoid paying outstanding debts, including taxes, creditors and employee entitlements.

"Every one of us is a victim because of the millions of dollars that doesn't go into our tax system for essential services such as education and health," Mr Day said.

"We also know that money obtained through tax evasion, tax fraud and crimes like money laundering may be used to fund other crimes such as drug trafficking that cause significant harm to people and communities."

The criminal personas identified by the taskforce include:

The key instigator, overseer and beneficiary of the most serious financial crimes. Often, these individuals are members of or linked to organised crime syndicates or groups.

The person on the ground who works for hardcore criminals to source and manage the different resources and enablers they need. They will typically not be aware of the full extent of the crimes that 'their employer' is involved in. They will only know about their piece of the puzzle.

Enablers are professionals who use their skills, structures and networks to help facilitate serious financial crime.

An opportunist who takes advantage of situations as they arise, works with professional 'enablers' to conduct and conceal their crimes and tries to bluff their way around the system.

These criminals use technology to gain access to information and sensitive data which can be used to facilitate a range of crimes, including tax crime and identity theft.

A person who profits by facilitating offshore tax evasion. More specifically, they help individuals, dodgy companies and criminal syndicates conceal the source of money.

Someone who deliberately winds up or abandons a company leaving its debts behind and no one to chase. They may then start another company up immediately to take over where the 'failed' company left off, or else they often flee the country.

The director of a company/companies destined to be liquidated within a short period of, or a shell company that has been set up with the intention of avoiding tax and other liabilities. However, in some cases, straw directors are not complicit in serious financial crimes, instead they are best described as 'victims'.

An individual who lies or withholds information to fraudulently access a range of government subsidies -including COVID-19 stimulus measures.

Sets up companies and money flow structures that make dirty money appear clean.

To report cybercrime locally, contact Tasmania Police on 131 444.

Cybercrime can also be reported to the ACSC by visiting cyber.gov.au or calling 1300 CYBER1.

Access the Indentikit here.

Our journalists work hard to provide local, up-to-date news to the community. This is how you can continue to access our trusted content:

Follow us on Google News: The Examiner