The Queensland Police Financial and Cyber Crime Group is warning small businesses of a cyber scam that has cost at least one local business a $1.9 million loss.
A local company trading in Brisbane has been targeted in a cyber attack that saw malware access its systems in order to acquire the business client list.
In this particular attack, the perpetrator accessed the invoice template the company issues to its customers and modified the account details. The cyber culprit then forward that email to companies on the business's client list, which ultimately resulted in this business losing almost $2 million.
“What we want to do is spread the message as early as possible to prevent much larger scams or much wider number of businesses being targeted,” Detective Inspector of the Financial and Cyber Crime Group, Melissa Anderson, told ARN.
Attackers often get access to the businesses' systems through an employee inadvertently clicking on a malicious link contained within phishing emails. There are also cases where the attacker takes advantage of an access point made possible by lapsed or inadequate anti-virus software.
The unit is running a campaign called Are you in control? warning businesses of such scams. Just days ago, it revealed that small businesses being targeted by cyber scams in the state reported losses of up to $90,000.
The Financial and Cyber Crime Group receives referrals from the Australian Cybercrime Online Reporting Network (ACORN). Queensland police have recently noticed a small spike in this attack trend.
“We’ve published the information to help the community protect themselves and their account so they are not a victim of that event,” Anderson told ARN.
Anderson said that, where Australian banks are involved, the unit can investigate to try and find the criminals as they have jurisdiction over the local financial institutions.
At this point, a perpetrator or group has not been identified and it is possible the attacks are from across a number of different places.
The Queensland police is urging businesses that believe they have been a victim of cybercrime to contact either ACORN or the Queensland Police service.
“The best way to prevent yourself from this scam is to always make a follow up phone call when receiving notice of changes to bank account or payment details. A five minute phone conversation could prevent significant issues down the track,” Queensland Police warned.
“Make sure you keep security, anti-virus and firewall software up to date and remind staff about email safety and the need for constant vigilance.”
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.