ASB: Act now to protect against cybercrime.
It has been a busy time for scammers targeting New Zealand, with conservative estimates showing it to be costing New Zealanders at least $200 million each year.
Businesses and organisations are not immune to scams and fraud. The financial loss to scams and fraud is thought to be much higher with many businesses unwilling to let it be known they’ve been compromised. If your business falls foul of a scam, the hard-earned trust of customers can be fast lost, and the reputational damage can be ongoing.
ASB says businesses should get ahead of fraudsters and put a proactive and preventative plan in place, to protect themselves and their customers from scams.
The two most common types of scams banks are seeing are phishing and smishing. Phishing is when criminals send out fake emails, such as invoices and usually with links to fake sites, which they use to gain access to devices or log-in details. Smishing is similar but uses SMS or text messages.
“These methods are really important for businesses to be aware of,” says David Bullock, ASB’s Executive General Manager of Technology and Operations. “Because, for example, your company invoices could be copied or impersonated and faked with a different bank account number, so your customers think they are paying a legitimate invoice to your business, but instead they are sending money directly to the scammers.”
“What we often see is some form of urgency, where scammers will encourage you to do something quickly or something bad will happen,” Bullock says. “We’ve all seen these over the past few months, whether it’s a toll payment or package delivery scam, your organisation could be targeted next, so it’s best to be prepared.”
ASB will never send out text messages with weblinks and Bullock is encouraging all businesses to do the same, as the widespread practice leaves the door open to scammers, that impersonate well-known brands and their commonly used communication methods.
Criminals are also targeting businesses via third party providers, like IT service providers, for example. Once a scammer has access to the provider, they can access your business. It’s important to ask your providers what proactive and preventative controls they have in place, and how they are protecting you and your data from cybercrime.
One up and coming scam to be aware of is the use of Quick Response (QR) codes which are being used more frequently as a convenient way to direct people to websites or to make payments.
“Unfortunately, they are also being used by cybercriminals to lure people to malicious websites, exposing them to malware and theft of their security credentials,” says Bullock. “Make sure you are only scanning QR codes from known, trusted sources.”
There are some straightforward and simple steps to take to protect your business and your customers.
- Set up all your accounts with two-factor authentication, including any social media accounts
- Use different passwords for personal and business accounts, so that if your personal data is compromised, your business data or banking is much less likely to also be compromised
- Make sure it’s easy for your customers to contact you through publicly listed channels, such as your website or by phone. If these contact points are not easily found, your customers are more susceptible to scammers sending them false phone numbers. If you’re ever unsure of who you are speaking with, you should hang up and call back on a publicly listed number
Getting in touch with your bank is a great first move to protect your business from scams. ASB holds regular education sessions for business owners to give more insight about trends in the market.
“We have a whole team of people working within the bank to stay one step ahead of scammers and we work closely with other banks in New Zealand,” Bullock says. “Combating scams really requires a collaborative effort across all parties, whether that’s businesses, banks, telecommunications companies and government, we are all working together to make an impact.”
If you’re concerned about something that could be a scam, the classic saying remains: if it sounds too good to be true, it probably is.
For more cyber security tips and tools head to Asb.co.nz/online-security