Scammers target small business

Scammers are homing in on Australia's 2.5 million small businesses, preying on their lack of time and resources in a rising wave of attacks.

Self-employed people and small business owners are reporting more than twice as many scams as bigger businesses report, ranging from false billing and dodgy classified ads to fraudsters hijacking their technology.

New research by cybersecurity firm Norton LifeLock found that almost two-thirds of small and medium-sized enterprises have been targeted by fake email scams.

• How to pick a safe password

• Millennials caught by online scams

Four out of five self-employed people, micro businesses and small businesses are worried about online identity theft, it found.

Norton senior director Mark Gorrie said fake invoice scams and Australian Taxation Office impersonation scams were common at the end of financial year.

"Tax time in particular is like Christmas to cybercriminals," he said.

Mr Gorrie said the weakest link in a business was often the safety habits of its employees.

Hackers are targeting employees, individuals and small businesses rather than big companies.
Hackers are targeting employees, individuals and small businesses rather than big companies.

"Employers need to educate their workers on security policies and best practices such as having up to date comprehensive security software, strong and varied passwords, and the ability to identify fake emails to mitigate risks," he said.

"Look for misleading signals in an email and never open attachments if you are unsure. If you receive an email from someone claiming to be the ATO, call the number on the official website to make sure you're speaking with a legitimate employee."

The Commonwealth Bank's executive manager of business customer solutions, David Budzevski, said it was important to keep information private.

"Don't be too liberal sharing information with third parties," he said.

Ensure a web page is legitimate before clicking on a link, and back up all business data regularly.

Mr Budzevski said small businesses were often seen by fraudsters as being naive or lacking the means or awareness to protect themselves. "They're a vulnerable cohort at risk of being actively exploited," he said.

"We have seen a growth in small businesses being targeted."

Some retail business owners have been scammed after their payment terminals were taken over. "Be very conscious of who you are handing a payment terminal to," Mr Budzevski said.

"Small businesses should engage with their financial institution for tips and insights."

Digital finance company Gobbill's CEO, Shendon Ewans, said invoice fraud had increased seven-fold in the past three years amid fake invoices, dangerous hyperlinks and emails that had been "brand-jacked by cyber-criminals".

"We have been surprised with the acceleration and sophistication of the types of fraud hitting small businesses," he said.

"We expect syndicates and overseas cyber criminals attempting to hit sectors like the National Disability Insurance Scheme hard in the coming years considering around $23 billion per annum is expected to be allocated to NDIS participants."

Fraud Watch is presented in partnership with the Commonwealth Bank. If you have a scams story, please let us know at To find out more, head to



• Don't unnecessarily share business data with others.

• Use comprehensive security software.

• Keep all device software up-to-date including on computers, tablets and smartphones.

• Never open attachments if you are unsure.

• Know the status of your accounts and tax affairs.

• Be wary about signing up for ads in obscure publications.