That’s a lot of money. The statistics are in and we thought we would share some practical information to help you avoid becoming a statistic. We have seen instances where a client or their customer has become subject to a scammer gaining access to and changing bank details on invoices being sent or received via email. Reports indicate that this is being done after an invoice has been emailed.

How they are doing it – Email Scams & Xero Invoice Scams

Contrary to common belief, the scammers are not getting access to accounting software but are mostly intercepting the delivery of the email containing the invoice before it gets to the customer.

Scammers are intercepting these legitimate invoices by hacking either a business or customer’s email and changing the invoice details to include a fraudulent bank account. The customer then pays the invoice, none the wiser that their hard-earned money is not going where intended. In most cases, the scammers are creating a new email address that is very similar to the sender’s email and resending the invoice advising the customer to make payment to their ‘new bank account’.

Types of Cyber-Attacks You or Your Business May Face

1. Phishing: Involves sending emails that appear to be from a legitimate source, such as a bank or a trusted vendor, in order to obtain sensitive information like usernames, passwords and credit card details.

• Malware: Refers to malicious software that is designed to damage, disrupt, or gain unauthorised access to computer systems. Examples include viruses, worms, Trojans and ransomware.

• Distributed Denial of Service (DDoS) attacks: Involve overwhelming a server or network with traffic, which can cause it to crash or become unavailable.

• Man-in-the-middle (MITM) attacks: A cyber-criminal intercepts communications between two parties, allowing them to eavesdrop or alter the messages being sent.

• SQL injection: Involves exploiting vulnerabilities in web applications to access databases and steal sensitive information.

• Password attacks: Attempts to gain access to a system or account by guessing or cracking passwords.

• Social engineering: Involves tricking people into revealing sensitive information or taking certain actions, often by impersonating someone else.

• Zero-day attacks: Exploits vulnerabilities that are unknown to the software vendor, which makes them difficult to defend against.

How to avoid being scammed

• Check that the email address you received and invoice are both correct.

• Call the supplier and check their bank account details before making payment.

• Make the payment via more secure means, ie BPay.

• Change your email password if you think you may have been hacked.

Want to know more?  

If you would like to discuss this further, speak to our expert team at Meridian Accounting today. Email or call us on (07) 4927 4625 to learn more about scams and how you can prevent them from having an impact on you or your business. Serving clients throughout Rockhampton and Central Queensland, we are committed to keeping you informed and providing you with essential accounting services.