A new report from Reckon has shed light on the scams that have cost small and medium enterprises (SMEs) millions in recent years.
The report found that there was a 94 per cent increase in value lost from scams targeted toward non-employing, SMEs from 2021 to 2022. The following period, SMEs make up around half of all reported scams, bearing almost 60 per cent of losses valued at $17.3 million in 2022 and 2023.
False billing: False billing, where a person receives an invitation to pay for a product or service they never used, is the most common scam suffered by SMEs. The average loss of false billing scams was $8,641 per report, with a combined loss of over $3.6M.
Investment scams: Investment scams, or offers of investment opportunities that are bogus, are the most expensive scam for small-business owners. Although investment scams recorded only 50 reports, they resulted in the greatest losses for non-employing micro and small businesses of $3,714,097, averaging $74.2K per report.
Phishing: Phishing, or convincing a person to reveal sensitive information, was the second most common scam, recording 336 reports and costing businesses $104.6K.
On a somewhat positive note, the losses decreased from 2023 to 2024, which has been attributed to the establishment of the National Anti-Scam Centre that brought about partnerships between government and industry, alongside government funding, takedown of investment scam websites, public awareness campaigns, regulations, and legislation.
How to avoid these most common scams
Still scams remain rampant and Reckon has put forward five recommendations so SMEs can avoid becoming victims:
1. Stay informed
SMEs are advised to regularly check with resources like Scamwatch run by the Australian Competition and Consumer Commission (ACCC) to get updates on new scam tactics and strategies.Education and awareness of phishing and cybercrime are also critical.
2. Implement strong cybersecurity measures
SMEs must take steps to protect their account from unauthorised access. In particular, there are different account protection measures SMEs can use such as enabling two-factor authentication on all accounts, implementing regular updates on passwords and use of a reliable password manager, installation of a reputable antivirus and anti-malware software where relevant, and the use of passphrases instead of passwords as they are often harder for criminals to crack and change them regularly.
3. Avoid interacting with scam emails
SMEs should be wary of email addresses or domains where the name is misspelt, altered or attempts to mimic a legitimate email, as well as email with spelling and grammar mistakes. SMEs are also advised to be wary of unsolicited, unexpected, too good to be true, or coercive emails and to always follow the rule of “think before you click.”
4. Enable and automate backups
Business and customer data should be backed up regularly, which can be commonly done by enabling automatic cloud backups with a trusted cloud storage service. Multi-factor authentication on all data access should be strictly implemented as well.
5. Report and share information
In the event of a scam, SMEs should report such instances to Scamwatch, their bank, and other relevant authorities. Sharing experiences with other small-business owners can also help prevent future scams.
