The director of security strategy for Asia Pacific and Japan at Akamai Technologies says the end of the financial year means it’s more important now than ever for businesses to be even more vigilant and take stock of their online security.
“While the types of threats remain similar, they have become more sophisticated due to artificial intelligence, enabling more personalised and automated phishing attempts via email and SMS,” said Reuben Koh.
“These scams often leverage themes like unclaimed refunds or urgent tax payments, using convincing logos such as the Australian Tax Office and language such as the need to action an item in 24 hours, to pressure victims.”
“Tax season is a time of increased cyber threats and is ripe for cybercriminals and scammers to strike,” he added.
Koh says AI is often used in the following ways:
- For quick, deep research on potential victims from a company’s external suppliers to internal staff or management team; and
- To execute fraud and scams in various forms. For example, robocalls can include a mix of video, audio and photos. These elements combined with deepfake content and AI-generated phishing text, encompass a very modern and highly effective way of conducting a scam or attack.
Business email compromise is also a significant threat during this period due to increased financial communications from the finance department to suppliers to tax auditors.
Cybercriminals take advantage of this by masquerading and injecting themselves in the communication chain, such as a bogus supplier providing a fake invoice and asking a business to click on a suspicious link, thereby increasing the threats to the organisation.
Invoice scams involving malware or malicious links in attachments are also prevalent and targeted at businesses during this period.
“The customer service, finance and IT departments within a business are especially vulnerable during end of the fiscal year,” says Koh. “These departments typically experience more inquiries during this period as they must deal with a myriad of stakeholders that can range from suppliers to auditors to government personnel. Cyber threats are often masqueraded as a scam with phishing links to click on.”
Koh says businesses can protect themselves by:
- Deploying defences against credential stuffing attacks, such as bot management solutions, and ensure that DDoS mitigation measures are in place and active;
- Guarding against sophisticated attacks like ransomware that can be introduced through malware, often via malicious attachments; and
- Ensuring rigorous training for customer service, finance, and IT personnel to recognise and handle potential threats.
- Utilise verification channels and hotlines provided by the banks, and government agencies such as the ATO, Australian Cyber Security Centre (ACSC) and Scamwatch to report suspected scams;
- If a scam has occurred, immediate reporting to government agencies like Scamwatch and your bank or financial institution is crucial for guidance and potential recovery of funds; and
- For businesses experiencing a data breach, prompt reporting to authorities and swift mitigation efforts are necessary due to regulations.
“In this era of rising cyber threats and scams, it’s not a matter of if a cyberattack or scam will occur but when,” said Koh. “Building resilience, maintaining good cyber hygiene and remaining vigilant is key for businesses to mitigate from these cyber incidents. Furthermore, this can help minimise and avoid potential attacks which can result in serious financial and reputational loss.”
