FRAUD – Why Small Businesses are Sitting Ducks

Dianne KennedyBlog

FRAUD – Why Small Businesses are Sitting Ducks

Dianne Kennedy report on a discussion by Small Business Futures



Scams are unsolicited invitations to participate in something. It is a ruse to give away information or other data, e.g. bank account details, that can be used by the scammer to steal your money or your identity.

The invitations are delivered by email, phone, fax and sometimes by physical mail.


Scams and Fraud

Australian Bureau of Statistics (ABS) data shows that 1/3 of Australians will be approached by a scammer every year. Most don’t fall victim – only about 3% do.

However a Curtin University study in 2012 found small business is different. They are more likely to be approached and fall victim. 70% were approached and 12% fall victim.

It’s not just the money stolen, if it is. It’s the time to repair damage cause, changing bank accounts, new systems and procedures, lost trust, and the uneasy suspicion of new clients. Once bitten, twice shy. It’s obviously going to make you overly cautious with new clients or suppliers.

It is noted that men are more likely to be taken in. Women seem to have a stronger scam radar than men.Could it be they are less greedy?

Also retail establishments are more likely targets. This is probably because they are easier targets.

Scammers and fraudsters like routine activity. The Curtin University researchers call it RAT, Routine Activity Theory. Consequently anyone with a lot of online trading activity presents a fair target for a scammer. It’s called “phishing where the fish are”. If you are active and have a strong social media presents you are obviously visible to others, including scammers. Consequently online marketers need to be especially vigilant.

Scams come in various modes. Here are the most common:

  • False bills, e.g. subscriptions, invoices, late notices. They get under the target’s defences, especially if the business owner is busy, rushed, or unfamiliar with common invoices. The false bill can be paid because the business owner does not want to be known as a later payer. A good way to prevent this is for only one person in the business or organisation to pay the bills. That way they are familiar with the regular bills and can spot a false bill easily and not pay it.
  • Advertising solicitation that looks like the real thing. For example a Yellow Pages bill that looks like the real thing but has subtle differences that can’t be picked up without a close examination of the bill. Things like “Yellow Page” instead of “Yellow Pages”. The bill is paid and of course the funds go to the scammer’s bank account. Again, this type of scam can be overcome by having one person paying the bills, managing the advertising and having strong systems and procedures in place.
  • The overpayment scam. This works by the scammer paying for your goods or services with a stolen credit card. They deliberately overpay the bill. Then when you tell them they overpaid they request a refund to their bank account, not the credit card, when you supply the goods or service. This all happens before the stolen credit card is reported stolen.
  • The interception scam. This happens when hackers change the address and bank account details on an email which is sent through normal channels. It all works smoothly because you don’t notice any changes in the appearance of the email.
  • The tax time scam. This comes via an unsolicited email and the different sorts are phishing, the bogus Tax Refund and a bogus Business Grant. The scammers tell you they will give you your tax refund for the payment of a “small administration fee”. The ATO will tell you, they never email anyone telling them they have a tax refund waiting for you. At the very least you have to submit an income tax return before you will ever receive a refund. The refund then comes directly to your bank account or by cheque. Scammers also offer a business grant for the payment of a “small administration fee”. This just does not happen. To get a grant, you have to go looking for it first and then submit copious amounts of paperwork to justify the grant. Don’t get sucked in by these scams. A big reality check is necessary.
  • Firstly, put in place systems and procedures to safeguard yourself and your business. Recommended safeguards are:
    • Check the bona fides of people who contact you. For example, if someone says they are in Sydney, ask them something which will verify they are in Sydney, like asking “What’s the weather like there today?” then you check the weather bureau to see if they are right. Or ask them something else about the location that only someone in that location would know. The point is, always ask the question and check they are who they say they are.
    • Only one person in the business should pay the bills. That way they are familiar with everything in the business and what should, and should not, be paid.The designated bill payer will have a gut instinct if something is not right and can then go check. Of paramount importance is always check that you ordered the goods or services and that you received them before you pay any bill.
    • Use a separate credit card or debit card for small scale transactions. Then if the worst happens and someone does get a hold of the card details there is only a small limited amount they can steal.
    • Check out Scam Watch at to see what is on the current register of scams.
    • Protect your identity. Only give out your personal information where it is absolutely necessary and you have initiated the contact and trust the other party. Treat your personal details like gold – don’t leave it lying around. Order your


How to Fight Back and Protect Yourself

Systems and Procedures

Sound systems and procedures are essential in any business. Not only do they help prevent fraud and theft, they are one of the necessary factors for you to be considered to be in business in the first place. These systems and procedures will evolve over time as new and better methods are developed, but you have to have them in the first place. Then you can monitor their effectiveness and efficiency and tweak as necessary.

As mentioned before, always check the bill with the supplied goods or services. If you didn’t get it – don’t pay it.

Check the ABN, A.C.N., address, website, contact details of the invoice. Check that the ABN on the invoice matches the business name. I can’t tell you the number of times I’ve checked the ABN on an invoice for a client and found it to be incorrect. Either the ABN does not exist, or it’s for a different entity.

Make sure your virus protection, firewall, and back up procedures are up to date. Annual upgrade is essential and even more frequently if possible.

Do your back up. This should be done at least weekly and preferably daily. There was a Ransom Ware scam on a Gold Coast doctors’ surgery last year. The hackers got hold of the medical practice’s patient data and refused to release it to the practice until a ransom had been paid. If the practice had done daily back up they could not have been held to ransom. Not to mention that sensitive private information had been hacked.


If it Happens to You

Always report any fraud or scam to the police, ACCC, ASIC and your bank. Let them know the who, how, when and why of what happened to you so that someone else is not scammed.

You can go to the Australian Securities and Investments Commission (ASIC) website and do an online search of the company’s ABN and A.C.N. You can also check the disqualified persons register to see if the Australian person you’re dealing with is legitimate or bankrupt.

Go here to check whether the ABN quoted is registered and belongs to the person or entity billing you

Go here to check whether the entity is an Australian registered company. Search the ASIC registers for organisations and business names and disqualified persons.

The ACCC information number is 1300 302 502.

Sadly we no longer can take people at face value. If you are suspicious always check and ask questions. Questions like “How long have you been in business?” “Where are you located?” etc might flush out a rat.

Sadly also people are dis-incentivised to report fraud to their insurer for fear that the premium will go up. What this means though is that you might do yourself and the community a disservice because the crooks will continue to get away with it.


ASIC Scam Watch

ACCC re scams