³Ô¹ÏÍøÕ¾

ASIC is urging small businesses to be on high alert as false billing, investment, and remote access scams cause significant financial losses in an environment of elevated inflation, surging operating costs and rising company insolvencies.

Scammers use increasingly sophisticated techniques to steal information and money from small businesses, taking advantage of the limited time and resources small business owners may have.

According to the Australian Competition and Consumer Commission (ACCC) , businesses submitted 4,933 scam reports in 2023, a 27.9% increase from 2022. Businesses experienced losses of $29.5 million, with small and micro businesses reporting $17.3 million of the total lost. The scams causing the highest financial losses are false billing ($11.8 million), investment ($6.2 million), and remote access scams ($4.9 million). In the 2022-23 financial year, the average cost of cybercrime for small business increased to $46,000 according to the .

Small business owners should also be on the lookout for common scams on the rise including (or fake invoice scams), phishing scams and business impersonation scams. These scams may compromise the security and operation of their business.

Most common scams affecting small business

False billing scams

False billing scams involve tricking businesses into paying for something that they didn’t want or purchase. Scammers will contact small business owners by phone or email unexpectedly asking for payment for services or products that haven’t been ordered. Double check invoices are from suppliers you trust that you ordered the goods or services from, verify the payment details directly with the business and if unsure, search for the official site of the organisation.

Investment scams

Small businesses may also be targeted with , where scammers offer a ‘once-in-a-lifetime opportunity’ to make easy money, pretending to be investment professionals. Scammers often impersonate legitimate finance companies, using convincing marketing to make their investment sound appealing. An investment offer may be a scam if the person is pretending to work for an Australian financial services licensee or has an investment prospectus that isn’t registered with ASIC. Small business owners are advised to sense-check investment opportunities with family, friends or a and check ASIC’s to know which companies, businesses or entities you shouldn’t deal with.

ASIC remains committed to disrupting investment scams and influencing the behaviour of our regulated population to uplift their anti-scams practices. We are one of several regulators whose remit touches scams, forming part of the government’s Fighting Scams initiative. ASIC took down over to protect Australians, including small business owners and recently released a .

Remote access scams

involve tactics to convince small business owners that they have a computer or internet problem requiring new software to fix it. Scammers trick owners into giving them remote access to their computer and personal information so that they can access their computer and bank accounts. Small business owners are warned against giving their personal, credit or online account details over the phone or providing unsolicited callers remote access to their computer.

Other scams to look out for

Payment redirection scams (or fake invoice scams)

Payment redirection scams are where scammers impersonate a business or its employees by email and request an upcoming payment be redirected to a fraudulent account. According to the ACCC, in 2023 . If unsure, small business owners should check payment details directly with a business before paying an invoice.

Phishing scams

With , scammers use phishing links to obtain personal, business, or financial information and trick business owners into revealing sensitive information. This often involves scammers impersonating a government department or legitimate business. The scammers can send the phishing link to small business owners by email or SMS text where the recipient is tricked into clicking on the malicious link. To protect yourself and your business from phishing scammers and improve your measures use anti-malware software, enable multi-factor authentication on your email, banking, and social media accounts and remember to back up your information.

Business impersonation scams

Scammers are defrauding small businesses with . Businesses impersonated by scammers may suffer brand damage and loss of customer trust and confidence. To protect yourself you should monitor the use of your business and brand name online, take action if your brand or website is being impersonated and let your customers know how your business communicates with them so they can identify when a message is fake.

Scammers impersonating ASIC

may contact small business owners to pay fees and give personal information to renew a business or company name. These emails often have a link that provides an invoice with or infects a computer with malware. Don’t click the link. If you receive a suspicious email from ASIC, send an with the details and delete it or call to verify the email.

Has your business been scammed?

If you , take these steps fast:

1. Don’t send any more money. Block all contact from the scammer.
2. Contact your bank or financial institution immediately. Ask them to stop any transactions.
3. Be wary of follow-up scams promising to help get your money back.
4. Report it to to warn others. If your report is about financial sector misconduct, you can .
5. Report the social media account to the social media platform if there is an option to do so.
6. Warn your family, friends, employees, and customers about the scam.

ASIC is Australia’s corporate, markets and financial services regulator.