Introduction
With the end of the financial year (EOFY) fast approaching, it’s more important now than ever for businesses to be even more vigilant and take stock of their online security. Tax season is a time of increased cyber threats and is ripe for cybercriminals and scammers to strike.
Ways AI Is Being Utilised In EOFY Scams
While the types of threats remain similar, they have become more sophisticated due to artificial intelligence (AI), enabling more personalised and automated phishing attempts via email and SMS.
These scams often leverage themes like unclaimed refunds or urgent tax payments, using convincing logos such as the Australian Tax Office (ATO) and language such as the need to action an item in 24 hours, to pressure victims.
AI is often used in the following ways:
-
For quick, deep research on potential victims from a company’s external suppliers to internal staff or management team.
-
To execute fraud and scams in various forms. For example, robocalls can include a mix of video, audio and photos. These elements combined with deepfake content and AI-generated phishing text, encompass a very modern and highly effective way of conducting a scam or attack.
Types of Threats During EOFY
Business email compromise (BEC) is a significant threat during this period due to increased financial communications from the finance department to suppliers to tax auditors. Cybercriminals take advantage of this by masquerading and injecting themselves in the communication chain such as a bogus supplier providing a fake invoice and asking a business to click on a suspicious link, thereby increasing the threats to the organisation.
Invoice scams involving malware or malicious links in attachments are also prevalent and targeted at businesses during this period.
Identifying and Avoiding Business Scams
The customer service, finance and IT departments within a business are especially vulnerable during end of fiscal year. These departments typically experience more inquiries during this period as they must deal with a myriad of stakeholders that can range from suppliers to auditors to government personnel. Cyber threats are often masqueraded as a scam with phishing links to click on.
Top Tips for Business to Protect Themselves
-
Deploy defences against credential stuffing attacks, such as bot management solutions, and ensure that DDoS mitigation measures are in place and active.
-
Guard against sophisticated attacks like ransomware that can be introduced through malware, often via malicious attachments.
-
Ensure rigorous training for customer service, finance, and IT personnel to recognise and handle potential threats.
Steps to Take If Your Business Is Impacted By a Scam Or Breach
There are three things businesses should do if they fall victim to a cyber attack or scam:
-
Utilise verification channels and hotlines provided by the banks and government agencies such as the ATO, Australian Cyber Security Centre (ACSC) and Scamwatch to report suspected scams.
-
If a scam has occurred, immediate reporting to government agencies like Scamwatch and your bank or financial institution is crucial for guidance and potential recovery of funds.
-
For businesses experiencing a data breach, prompt reporting to authorities and swift mitigation efforts are necessary due to regulations.
In this era of rising cyber threats and scams, it’s not a matter of if a cyberattack or scam will occur but when. Building resilience, maintaining good cyber hygiene and remaining vigilant is key for businesses to mitigate from these cyber incidents. Furthermore, this can help minimise and avoid potential attacks which can result in serious financial and reputational loss.
