The Print & Visual Communications Association (PVCA) has urged its members to immediately review and update their cyber security after an unnamed printing industry business lost over $100,000 in a so-called CEO email scam. This publication has also been the target of two attempted scams recently.
“There is a significant increase in cyber fraud targeting SME businesses,” PVCA CEO Andrew Macaulay told members via email. “PVCA is receiving increased reports from members across the country. PVCA itself has been subject to attacks, which we have only thwarted due to constant increase in our IT security procedures.”
Macaulay has urged all members to review their cyber security with their IT service provider immediately and follow these steps:
1) Install dual factor authorization on all email accounts
2) Introduce personal checks in payment processes that require verbal staff interaction, not just email interaction.
3) Ensure you have appropriate insurance
4) Continually update yourself on the types of scam that are going around
5) Do not trust any emails in the first instance
If your business does not have a reliable IT advisor, PVCA can refer you to one.
Macauley shared a testimonial he’d received from the unnamed “associate” who was scammed over the recent long weekend:
Last Wednesday our business was the victim of the “CEO email scam”. Unfortunately, we lost over $100,000 so I want to warn all our customers and suppliers what to look out for, so you don’t fall for the same thing.
The scammers managed to hack into my email account (through Office 365). We assume that they were watching activity for a number of days if not weeks. While I was in a meeting at the end of the day the scammers sent an email from ‘me’ to accounts requesting urgent payment of an invoice.
This was queried by accounts by replying to the email and they got an immediate email back from ‘me’ confirming in their mind the request was genuine. The payment was authorized by another Director because it was from ‘me’ and had some relevance to projects occurring in the business.
During Covid-19 I have been monitoring all payments and receipts daily, however last week we were on a 3 day week so this wasn’t identified until Monday by which time there is nothing anybody can do. Of course my email account had been modified so that I was not copied on the email thread.
We were also to learn that our Cyber insurance does not cover criminal theft although this is an option.
It is unlikely we will see the money again.
This publication has also been the target of two attempted scams recently. An email to Wide Format Online claiming to be from a print technology manufacturer provided details of its “bank reconciliation auditing…following the Covid-19 virus pandemic outbreak” and gave notice of alleged “new and updated bank details.” Wide Format Online advertisers also received emails requesting they ‘hold payment until we advise new banking details.' None were fooled by the attempted fraud.
Examples of text messages that appear to |
The ACCC’s Scamwatch reports that scammers are using the spread of COVID-19 to target people across Australia.
“Scamwatch has received over 2,700 scam reports mentioning the coronavirus with over $1,114,000 in reported losses since the outbreak of COVID-19 (coronavirus). Common scams include phishing for personal information, online shopping and superannuation scams.
“If you have been scammed or have seen a scam, you can make a report on the Scamwatch website, and find more information about where to get help.
“Scamwatch urges everyone to be cautious and remain alert to coronavirus-related scams. Scammers are hoping that you have let your guard down. Do not provide your personal, banking or superannuation details to strangers who have approached you.
“Scammers may pretend to have a connection with you. So it’s important to stop and check, even when you are approached by what you think is a trusted organisation.”
Scammers are also impersonating myGov, claiming they’ve made adjustments to your tax return and you’re now eligible for a tax refund. “If you get an email like this, (see below) don’t click the link or provide any details,” Scamwatch says. “If unsure, contact the ATO using trusted details you have sourced yourself.”
Phishing – Government impersonation scams
Scammers are pretending to be government agencies providing information on COVID-19 through text messages and emails ‘phishing’ for your information. These contain malicious links and attachments designed to steal your personal and financial information.
“Scammers are also cold-calling people claiming to be from organisations that can help you get early access to your super,” ACCC Deputy Chair Delia Rickard said. “The Australian Taxation Office is coordinating the early release of super through myGov and there is no need to involve a third party or pay a fee to get access under this scheme.”