SMEs warned about ransomware threat: Tips to make sure you don’t fall for the scams

Small businesses are being urged to back up their data and ensure their IT systems are up to date amid the rising threat of malware attacks on Australian businesses.

Ransomware scams – a type of malware that infects your computer to restrict use until you’ve paid a ‘ransom’ to unblock it – scammed several Australian businesses by over $10,000 last year.

The warning comes as the Australian Consumer and Competition Commission turns its attention to small business during National Consumer Fraud Week, revealing Aussies lost $82 million to scams last year alone.

At an event in Melbourne last night, ACCC deputy chair Michael Schaper advised small businesses to be more vigilant for such cons, revealing SMEs had lost almost $1 million from ransomware attacks last year alone.

“In a business context, it’s even harder [to spot a scam] because there are so many other pressures day in and day out,” he told a crowd of small business owners at the State Library of Victoria.

The consumer watchdog received over 2500 ransomware and malware complaints last year, many of which stemmed from small business owners opening attachments that appeared to be from reputable sources.

The businesses received emails purporting to be from the Australian Federal Police, Australia Post or Microsoft, prompting them to open a link or download an attached file, which then installed ransomware on the computer.

The computers would then freeze before a pop-up appears that states the user has been doing something illegal, such as using pirated software, and will need to pay a fee or fine to regain control of the computer.

Speaking to SmartCompany, Schaper says paying the fee will not usually restore your computer.

“Experience has shown us, they never get it back anyway,” he says.

But Schaper says the cost to businesses threatened with ransomware can not only be the sum they are scammed out of, but can include the loss of business and client records, as well as a a larger reputational cost.

“Losing client records, especially if you are within the professional service sector, can have a detrimental effect on a business and really damage credibility with customers,” he says.

Dr Louis Geneste of Curtin University last night presented research at an ACCC and IPA small business scams and cybercrime forum that shows a link between businesses with an e-commerce presence and those that are targeted by ransomware scams.

Generally, Geneste’s research showed businesses are at greatest risk of being scammed when making an online purchase of good and services, when sending emails to staff and suppliers and when asking for sales via the business’ own e-commerce solution.

“The more you trade online, the more likely you are to be a target,” Schaper says.

But the number of businesses affected by ransonware may be even worse than the ACCC is hearing about, with Schaper saying business owners are often more reluctant than general consumers to report falling victim to scams.

“Some people feel foolish and don’t want to tell anyone they’ve been scammed, while other business owners feel they have to suck it and soldier on,” he says.

“But thirdly, some business owners are under the misguided impression that if you get scammed your insurance premiums will go up, which is not true.”

As well as being wary to never click on dodgy links or attachments, Schaper says the best way a small business owner can guard against ransomware scams is to back up data regularly on at least one hard drive.

Schaper also suggests businesses pay accounts with a separate credit or debit card so, in the event your account is frozen, major cash flow issues won’t arise.

Beyond the ransomware threat, business owners and experts last night shared stories of other scams targeting small businesses, such as:

• Bogus phone calls from the banks telling business customers they can share in class action remuneration of they provide their bank details;
• Fake emails from Australia Post asking for personal information;
• Attempted identify theft through fake emails from banks requesting personal information; and
• Invoices being intercepted and slightly changed so that money is paid into the scammer’s account.

Here are some other tips from last night’s event, to make sure your business doesn’t fall victim to a scam.

• Make sure your computer has a firewall and up-to-date anti-virus and anti-spyware software.
• Do not click on links or download files in emails you receive out of the blue, especially if they are executable .exe or .zip files. These files are likely to contain malware and using such file types to get around firewalls.
• Use a pop-up blocker as a lot of ransomware is delivered after following links in pop- up alerts.
• If you are unsure of an email, Google the sender or call the phone number listed.
• Have at least two people sign off on payments – two heads are better than one!

If an offer sounds too good to be true, it probably is.