Warning to small business operators over SMS banking scam
Thursday, February 11, 2016/
Small business operators are being warned about the risks associated with doing their banking from mobile devices in light of a widespread mobile scam that is targeting major Australian banks.
The Australian Communications and Media Authority (ACMA) yesterday issued a public warning about what it termed a “persistent and sophisticated” SMS scam that is targeting customers of at least nine banks.
The banks that have been hit by the scam include ANZ Bank, the Bank of Queensland, Bendigo Bank, GE Money, Heritage Bank, Macquarie Bank, National Australia Bank, St George Bank and Suncorp Bank.
ACMA said banking customers are receiving short text messages that contain urls to fake mobile banking websites, which closely resemble legitimate banking sites.
The messages contain few words, typically beginning with “Account notification”, “Dear customer” or “Verify your identity”, while the urls themselves also closely resemble the legitimate domains of the banks by including the bank’s name and words such as “mobile”.
According to ACMA, if a customer clicks on the link, the website they are directed to contains a series of webpages that mimic the bank’s branding. The webpages are designed to obtain the customer’s account details.
ACMA said the scam is “constantly evolving”, with the perpetrators continually “refining their messages and the associated fake imitation banking websites to increase their chance of success”.
Banking customers who are concerned they have been the victim of the scam are encouraged to contact their financial institution and report the incident to the Australian Cybercrime Online Reporting Network.
A full list of the scam messages that have been reported to ACMA is available from theACMA website.
How to protect your business
According to AVG security advisor Michael McKinnon, small businesses owners are vulnerable to SMS banking scams in the same way individual bank customers are.
“The risk of banking fraud for business owners is that when business owners log into mobile banking, they usually have full access to the business’ trading accounts, which are the lifeblood of any business,” he says.
“If you’re putting the funds of the business at needless risk, that is concerning.”
While McKinnon says mobile banking offers convenience to small business operators, they should be mindful that smaller mobile screens “can hide the little details that would otherwise tip you off” to a scam, such as the complete web address of the page you are visiting.
McKinnon says small business owners can fall into a trap of using consumer banking services when most banks offer specific services for business customers that utilise different methods of authentication.
One such measure now offered by banks is access tokens, which can replace SMS confirmation messages.
“If you are running a business … I would recommend considering talking to your bank about other alternatives,” McKinnon says.
McKinnon says business banking services can also allow business owners to create additional logins for their employees or accountants and limits can be placed on those logins to ensure the correct controls are in place.