With the latest ACCC data revealing that the losses from Australian financial crime have now exceeded $2.7 billion last year, non-bank SME lender Banjo Loans is encouraging small and medium business owners to remain alert to increasingly sophisticated fraudulent activity.
Banjo’s Head of Credit, Portfolio Management Christopher Cam, warned that SMEs need to keep a sharp eye on doctored financial information, fake invoices, phishing emails, and other online scams as they continue to grow in scope and complexity.
“Creating fake invoices to skim money out to different accounts and payroll fraud is increasing. And businesses need to ask themselves, where you have people dealing with customer data – are there enough internal controls to ensure that customer data is not leaked to the dark web?” he said.
Compromised executive emails a cause for concern
Cam also pointed out the prevalence of compromised business email addresses from executive teams, which should be a cause for concern for businesses.
“They usually have a flavour of urgency to them, saying something like the CEO saying they’re stuck at a conference so they can’t talk, but asking for gift cards to be bought for an upcoming function. The messages will often say the purchaser will be reimbursed for the expense, but it never happens,” he explained. “They feel silly going to another colleague or HR to check that it’s legitimate. They just think, ‘Oh, well, it’s just buying gift cards, and the email itself seems very plausible’.”
Tips for avoiding fraud
Cam shared strategies for SMEs to quickly detect fraud and minimise their risk. First and foremost, he recommends using the services of a reputable external auditor.
“Appoint external fraud detection and prevention experts to conduct an audit of your business, including regular penetration testing. Not only will an external auditor be able to see if fraud is already happening, but they can also identify where it may be at risk of it occurring,” he said.
Cam also suggested that companies introduce and implement an anti-fraud/ethical conduct policy, especially on handling financial transactions. In addition, business owners should implement strong internal controls such as assigning different duties to different employees, especially in financial transactions, to improve oversight and lessen the likelihood of irregular or illegal activities.
“Knowing what to do when you spot fraud is critical. It clarifies a ‘chain of command’ for reporting a suspicion of fraudulent activity and it provides a strategy for minimising further losses,” Cam said. “If related to a cybercrime attack, an action plan should outline the steps to follow to protect other sensitive data and ensure business continuity. For directors, it should also clarify who to speak to in terms of legal and professional advice.”
