Join ABN
Or Call 1300 856 710

Latest News

All the latest news and events from the Bookkeeping Industry

AI and Business Email Compromise marks a new era in hacker capability

AFP, Federal government, banks, and accounting insurers scrambling to combat the new threat to Australian small business.

It's no secret that over the last decade, the havoc to business caused by cyber-crime has grown to become the most financially damaging form of criminal activity bar none.

While that trend isn’t changing any time soon, the last twelve months have marked the first fundamental shift towards fraud targeting SMBs, increasing direct financial damages by up to 50x per incident.

To make matters worse, with over 21.6 million Australian user details compromised in the recent Optus, Medibank and MyDeal data leaks, public sentiment has shifted from empathy to anger when it comes to how companies are managing and securing their data. People have had enough.

Founder of cyber security technology company, Practice Protect, Jamie Beresford warns business owners of this new threat to our privacy.

Email technology is now giving hackers the means to pinpoint vulnerability and exploit trusted client relationships to steal huge sums of money from small business.

How it’s happening.

Gaining unauthorised access to Microsoft 365 and G-suite email systems is nothing new, the difference is the ‘payload’ that cyber criminals are adopting once they're in.

In previous years, the strategy has been to deploy an army of automated bots to propagate ransomware and send mass mail to contacts. That’s given way to more targeted and sinister tactics.

The bots have been put aside by criminal syndicates who are manually monitoring email communications, identifying trusted relationships then impersonating their victim by email in conversations using AI tools to mimic language styles.

It’s all with the intent to coerce an inadvertent bank transfer.

Anyone involved in a business-to-business payment or approval process is a prime target and that puts accountants and bookkeepers right in the crosshairs.

Reputational damage is one thing, losing huge sums of money is another.

“Gone are the days where an email breach was an embarrassing email to your clients or a short-term downtime event due to ransomware,” says Jamie. “The impact is so much higher now.

 “In some cases, six figure sums are being lost in transactions between bookkeepers and their clients” says Jamie. “This has gotten really serious.”

“Beyond the terrible reputation damage, what might have been a $5,000 cost to fix could easily now be a $100,000 exercise.

“The banks consider an inadvertent transfer between two parties as an ‘authorised transaction’ effectively washing their hands.

“Insurers are increasing premiums for these types of attacks to be covered and removing them from standard cyber policies. The writing really is on the wall.”

Tough new penalties for SMB business.

To get industry to take this more seriously, tougher penalties are now being rolled out, with the small end of town now in the firing line for what may be the first time ever. Maximum penalties have increased from $2.2million to $50 million.

The recent data breach from medium-size financial planning firm RI Financial saw them cop a $750,000 fine from the Office of the Australian Information Commission.

Insurers are tightening their policies.

There have been recent moves by insurance companies to up cyber fraud protection and exclude specific attack types associated with Business Email Compromise from standard policies.

An accounting or bookkeeping firm can now expect to pay thousands more for a comprehensive premium.

The Australian Federal Police (AFP) are acting.

The Australian Federal Police (AFP) have scrambled a specialised email fraud taskforce which signals a scary new era in hacker capability.

Jamie says the mood in the community insists that cyber protection must be a priority, especially among accountants and bookkeepers which are among the most vulnerable industries.

“People are angry,” said Jamie. “It’s the thought of what can happen to them if personal information is lost that makes the community hyper concerned.”

As for protecting your business, Jamie recommends a more comprehensive look at your cyber security.

“Practice Protect is taking a holistic approach to solve the defence against this,” said Jamie. “It’s more than just protecting access; it’s also considering devices and email systems.”

“Accountants and bookkeepers have moved more rapidly to the simplicity and efficiency of cloud than any other professional services industry and considerations need to be made on how systems, devices and email need to be secured.”

Australian Bookkeepers Network (ABN) invite you to enquire about cyber security protection with Practice Protect at Practice Protect is a complimentary partner association with the ABN, broadening the support available to bookkeepers.

17 May 2023
NEXT Bookkeeper Radio: Payroll as a Service
PREV EOFY backstop: ATO Lodgement Deferral Online
Back to news listing

Click here to subscribe