Online Christmas Scams to Avoid

As the Christmas season is here we’re writing to you about the increased scams we are all facing at present:  

ATO threats.
A number of clients have received phone or email contact purportedly from the ATO advising they have outstanding amounts due, and that immediate payment is required or else legal action will be launched. Although the ATO may contact by phone from time to time it will not make demands in this fashion. If you receive any such demand for outstanding amounts of which you are not aware, you should contact your accountant immediately to verify.   We realise this can be very distressing, and the callers can sound genuine. Do not under any circumstances give further personal details, or make payments on these demands.  

Bank account change advice.
We recently had a client who was impersonated, advising of a change of their bank account details for future payments for their clients. It turned out that their client was aware they had had their security breached, and the hacker had assimilated our clients data and put together credible looking advice on our clients letterhead, from what appeared to be a genuine email address.   Be extremely careful with such advice from your suppliers and if you are at all suspicious, contact the supplier direct for confirmation.  

Unusual emails.
Do not respond to emails that are at all dubious. In particular, do not open attachments, which are likely to launch malware onto your system. Examples include unexpected requests from software vendors, messages requiring a response or click and unanticipated Voicemail messages.  

iTunes vouchers.
A number of clients have received emails from supposedly a director of the business asking for iTunes vouchers to be purchased for a client. This scam is very clever where they will engage in conversation with the recipient making them believe it is actually the director. If you are unsure if it is actually the director or manager asking, please contact them via phone to verify before engaging in an email conversation. Please do not engage with the sender of the email as it will only be a matter of time before they try again.  

Clients have had an alarming email with somebody supposedly impersonating them using their email address and claiming they have hacked into their computer, taking photos and saving the browsing history on your PC, some of which they claim is crude. Their demands are to pay them in Bitcoin to erase the so called information they have on you. This is a pure blackmail extortion attempt to extract money from the user. They mask their email address to look like the recipient, but in fact the properties of the email you receive would have the actual origin of the source. Please delete and remove this email as it is junk.  

Basic cyber security measures.
There are a range of measures you can put in place to limit the damage from cyber-attack:
•             Train staff and users on careful, sceptical use of online resources
•             Ensure anti-virus and anti-spam software is up to date on all connected devices
•             Be careful with provision of sensitive information by email - consider the use of secure Document                       Management Systems if you are transmitting sensitive information.
•             Change passwords regularly and use 2 factor authentication where possible
•             Back up your information regularly and check that the backup works!
•             Have a disaster recovery plan in the event something major happens. Checkout the Australian                               Government's Stay Smart Online Small Business Guide for more information.  

 Wishing you a Merry Christmas and a Happy New Year. All the best for the holiday season.