June 25, 2020
Business email compromise scams caused the highest losses across all scam types in Australia in 2019 according to the Australian Competition and Consumer Commission.
The ACCC’s Targeting Scams report says this type of fraud resulted in losses of $132 million.
“These combined losses from the ACCC, other government agencies and the big four banks show how financially harmful these scams can be,” said ACCC Deputy Chair Mick Keogh. “Scammers intercept legitimate invoices and change the details to include fraudulent payment information. The recipient will pay the invoice as normal and not realise they have been scammed.”
But another type of email scam doesn't involve compromising a target’s email account. Scammers simply create an email address that on casual inspection looks like a legitimate email account the target would be familiar with; using what's called a "lookalike domain name"
This practice can involve replacing characters in a domain name such as the letter l with the number 1; e.g. example.com becomes examp1e.com. If you're looking for this type of thing it can be relatively easy to see, but a cursory glance might miss the discrepancy.
Lookalike domains can take other forms. For example, in the case of businesses with Australian domain names ending in .com.au, a .com equivalent can be easily registered - and the lack of .au on the end might be overlooked by a target. Unlike .au domains that have strict eligibility criteria and are subject to checks, registering a .com can be done by pretty much anyone.
Using a lookalike domain, a scammer could impersonate the CEO of a company and request a transfer of funds; or pose as a supplier presenting an invoice.
The amounts of money involved aren't trivial; with the average loss to business email scams last year at $11,000, but some firms lost up to $200,000. Small and micro businesses appear to be particularly at risk; reporting more scams than medium and large-sized businesses.
“It is important for businesses and their staff to know that these scams are out there so they can learn how to avoid them,” Mr Keogh said.
The ACCC says the notion scam victims are naive is a myth.
"Anyone can be targeted successfully by scammers despite their level of education or business acumen. Some scams are conducted by organised criminals who are very experienced in fooling people."
The ACCC says businesses large and small should visit www.scamwatch.gov.au to learn more about scams targeting business - and how to protect themselves.
The full Targeting Scams report can be downloaded here.
Have a web site or blog? Get our free domain news widget.
How to register a name: Enter your choice in the search tool and click 'GO'. If after the check the domain names search results show your choice is available, you will then have the option to proceed to purchase registration; which is a very quick and easy process - start a search and find your ideal website address now.