Information Centre

Cyber security for small businesses: Stay safe from cyber scams this tax season

Written by Jen Perrin | Jun 18, 2024 10:21:34 PM

Tax time is stressful enough without having to worry about cyber scams. Yet, every year, scammers ramp up their efforts to steal tax and super portal login details, targeting unsuspecting small business owners. According to experts, cyber scams spike by an alarming 400% during tax season.

In this blog post, we’ll explore how these scams work, why small businesses are at risk, and practical steps, including basic security measures, you can take to protect yourself.

Why cyber scams spike during tax season

It’s no coincidence that cyber scams spike during tax season. Scammers know this is when businesses are most vulnerable. The rush to meet tax deadlines, combined with the complexity of tax filings, creates a perfect storm for cyber attacks. Commonwealth Bank of Australia (CBA) has warned that scammers use AI-enhanced phishing emails and texts to trick business owners into revealing their login details. Implementing multi factor authentication can provide an additional layer of security during this vulnerable period.

Bec Warren, a small business banking executive at CBA, explains that these scams often involve emails or texts that appear to be from legitimate sources. They ask for taxation portal login details, creating a sense of urgency to get you to act quickly. Once scammers gain access, they alter payee details so that tax returns or superannuation payouts go into accounts controlled by them.

The four-fold increase in reports of member portal scams during tax season highlights the determination of scammers to exploit small business owners.

Understanding member portal scams

Member portal scams are a common tactic used by cyber criminals during tax season. These scams aim to steal your tax or superannuation member portal credentials and other confidential information. Scammers send emails or text messages that look like they’re from legitimate organisations, asking you to log in and verify your details.

Once they have your login information, they can access your accounts and alter payee details. This means your tax returns or superannuation payouts are redirected to accounts controlled by the scammers. It’s a simple yet devastating tactic that has left many small business owners out of pocket.

Why small and medium businesses are most at risk

Small businesses are particularly vulnerable to cyber scams during tax season. Small businesses often store critical business data, making them attractive targets for cyber criminals. Unlike larger corporations, small businesses often don’t have dedicated IT departments to handle cyber security. They’re usually family-run enterprises with limited resources and little free time, making it easier for scammers to slip through the cracks.

Bec Warren from CBA notes that small business owners are more likely to miss red flags during the busy tax season. The demands of running a business and meeting tax deadlines can make it difficult to spot suspicious emails or texts.

The mid-market tipping point

Medium-sized businesses aren’t immune to cyber scams either. As businesses grow, protecting the business network from both external and internal threats becomes increasingly important. In fact, the mid-market represents a tipping point for cyber threats. These businesses have outgrown the basic security solutions they used when they were smaller but may not yet have the robust defences of larger corporations.

According to a recent survey by MYOB, three out of five medium businesses experienced a cyber attack or incident, with the number rising to 81% for businesses in finance and insurance. Head of cyber security Peter Wolski emphasises that cyber security should be a top priority for businesses of all sizes.

The role of AI in modern cyber scams

Artificial Intelligence (AI) has made it easier for cyber criminals to craft sophisticated phishing messages. AI tools can analyse large datasets to create highly personalised and convincing scams. This makes it harder for business owners to identify scam communications. AI can also be used to identify and exploit sensitive data within your business.

Peter Wolski from MYOB warns that businesses shouldn’t get complacent. Even if you’ve carried out system upgrades or cyber training, the threat is very real. AI doesn’t just benefit legitimate businesses; it also helps cyber criminals find and exploit security vulnerabilities.

Practical cyber security steps to protect your business

Stay vigilant

The first step in protecting your business from cyber scams is to stay vigilant. Be cautious of any emails or texts asking for your tax portal login details. Always verify the source before clicking on any links.

Be particularly cautious of emails or texts claiming to be from government agencies, as these are common phishing tactics.

Use strong passwords

Ensure that all your accounts are protected with strong, unique passwords. Consider using a password manager to keep track of them.

Enable two-factor authentication

Two-factor authentication (2FA) adds an extra layer of security to your accounts. Even if a scammer gets your login details, they'll still need a second form of verification to access your accounts.

Train your team to handle sensitive data

Make sure everyone in your business is aware of the risks and knows how to spot phishing attempts. Regular training sessions can help keep cyber security top of mind.

Training should also cover how to protect customer information and other vital data from cyber threats.

Keep software up to date

Ensure that all your software and systems are up to date with the latest security patches. Outdated software can be a gateway for cyber criminals.

Monitor your accounts

Regularly monitor your accounts for any unusual activity. The sooner you spot a problem, the quicker you can take action to resolve it.

What to do if you fall victim

Despite your best efforts, it’s possible to fall victim to a cyber scam. If this happens, it’s crucial to act quickly. Contact your financial institution immediately and inform them of the breach. They may be able to freeze your accounts and prevent further losses.

Report the scam to the relevant authorities, such as the Australian Cyber Security Centre (ACSC). They can provide guidance on what to do next and may be able to help recover lost funds.

Finally, review your security measures and identify any gaps that allowed the scam to happen. This will help you strengthen your defences against future attacks.

Conclusion

Cyber scams are a serious threat to small and medium businesses, especially during tax season. The spike in scam activity, driven by sophisticated AI tools, makes it more important than ever to stay vigilant and protect your business.

By understanding the risks and taking proactive steps to enhance your cyber security, you can reduce the likelihood of falling victim to these scams. Remember, the best defence is a good offence. Stay informed, stay prepared, and protect your hard-earned money from cyber criminals.

For more tips and resources on keeping your business safe, sign up for our newsletter or book a consultation with one of our experts today.