The End of Financial Year (EOFY) is approaching – a period that notoriously witnesses a spike in finance and tax-related scams affecting business worldwide. Just this past month, we’ve intercepted several such email scams, including those brandjacking banks like ANZ & other financial institutions, and those containing statements of accounts.
This year, however, things may be a little more treacherous. Multiple news outlets continue to report that COVID-19 has unleashed an unprecedented surge of cruel scams exploiting fears and uncertainty around the ongoing pandemic. And as EOFY approaches, the likelihood of these scams successfully tricking businesses rises significantly. It is imperative for businesses to be prepared anddefend themselves, because when these new scams collide with an environment that’s already made fragile by stressed and distracted professionals grappling with huge amounts of financial data, all against the backdrop of an global health emergency, it is a recipe for disaster.
The rise of new, sinister scams exploiting COVID-19 financial relief measures
The economic uncertainty triggered by the COVID-19 pandemic has triggered the introduction of multiple new measures to help businesses manage cash-flow challenges and retain employees.While these financial relief measures and economic stimulus packages are well-intentioned and welcome responses to the ongoing crisis, businesses and individuals also need to be vigilant and be wary of bad actors who exploit them.
Governments across the world have announced enormous economic stimulus packages, and these have presented huge opportunities for criminals. In the United States, it has been reported that scammers are posing as IRS representatives and tricking individuals into stealing their COVID-19 stimulus payments. One way they are doing is by issuing a bogus check, often in an odd amount, then telling victims to call a number or verify information online in order to cash it. Scammers are also telling individuals that they can get their Economic Impact Payment faster if they allow these scammers to work “on their behalf”. Meanwhile in Australia, the federal government has allowed individuals early access to superannuation to minimise financial hardship, but those measures have been seized upon by nefarious actors. Allegations of identity theft involving 150 Australians have forced the government to pause the early release of superannuation, after police froze $120,000 believed to have been ripped off from retirement savings. It was reported that a “sophisticated” attack including an “intrusion into a third party” had allowed the impersonation of workers seeking early access of up to $10,000 superannuation each. In another case, those seeking welfare payments from the government were targeted via a phishing email impersonating Services Australia. At MailGuard, we intercepted a similar scam email, that used “COVID-19 relief payment” to deliver malicious links. Here’s what it looked like:
All these scams are dangerous, not only because they attempt to manipulate users already suffering from financial turmoil and difficulties triggered by the COVID-19 pandemic, but because they, like the measures they exploit, are new and constantly evolving. Criminals are, in fact, closely watching government announcements and are changing their scams within hours to reflect the latest information being issued – information that may not yet be familiar to businesses and/or professionals, such as that related to financial support, making it harder to discern whether that information is legitimate or not.
(The phishing email impersonating Services Australia. Credit: 7news.com.au)
Global, disruptive events like COVID-19 have always been the epicentre of fraudulent schemes, and it’s not surprising to see more scammers exploit these to their advantage. However, the rise of these scams makes it crucial for businesses to ensure their teams are extra vigilant this EOFY.
Now, businesses not only have to look out for the usual invoice-related scams that often target themduring the EOFY period, or fraudulent emails offering discounted accountancy services to help out at tax time, but also be wary of those that may look like legitimate notifications about a new financial grant from the government – notifications that may not raise any red flags in light of the current environment.
Attacking stressed, distracted minds
The EOFY period is often characterised as one inducing stress and panic, with accounting and finance professionals having to work under stringent deadlines as they get relevant financials finalised and paperwork sorted according to their respective taxation bodies. It is common for businesses to receive a plethora of invoices, bills, payroll and finance related documents as suppliers, customers and accountants reconcile their numbers and file their tax returns during this time. However, this year, many companies are also finding themselves having to understand, implement and navigate the newly released financial benefits and schemes that have been released to curb the economic challenges unleashed by the COVID-19 pandemic.
And this hasn’t been easy.
In Australia, for example, it has been reported that applications for the $130 billion JobKeeper program are creating “an administrative nightmare for businesses”, increasing stress levels and uncertainty. Understandably, finance, legal and accounting departments would be among those facing intense pressure in these cases, having to navigate the complexities arising from these new financial measures in the middle of an already busy period. These complexities can range from unclear and complicated application procedures and deadlines, to changing criteria. That is perhaps why the Australian Taxation Office (ATO) has been called on to provide swift and extensive guidance on the government’s economic stimulus measures to help curb misinformation and assist businesses. It’s also little surprise that the ATO and the Fair Work Ombudsman are reporting a rise in queries and complaints about issues arising from the pandemic, including those arising from the economic measures introduced.
Unfortunately, what makes things worse is the lack of easy answers that can help overcome the complexities of understanding and implementing these new measures – especially with scammers eagerly exploiting them to cause further confusion.
With remote working becoming the norm for many businesses, finance teams can no longer seek quick answers and guidance from colleagues by leaning across the table when, for example, someone on the phone, supposedly from a government agency, unexpectedly demands their company’s banking details to wire a new relief payment (like what happened in the recent JobKeeper phone scam). Many government agencies and taxation bodies typically recommend calling their hotlines in these instances, but with the reported rise in queries and complaints, phone lines may end up being jammed, with long waiting times.
In addition, financial strains and limited resources further accentuate frustrations. Reduced business hours, for example, may pose limitations for accounting teams when attempting to meet stringent deadlines for filing for a new tax rebate, and the increasing termination of personnel in many businesses may make it harder to communicate and clarify relevant details.
All this increases the likelihood of scammers being able to successfully manipulate stressed, distracted minds and exploit them into doing their bidding – such as clicking on an innocent-looking phishing link or downloading a ransomware-ridden file, or revealing confidential business data over the phone. Time-bound finance and accounting professionals, who are dealing with a large volumes of financial data during EOFY, while navigating new & complex legal and business measures affecting payroll and taxation procedures, are particularly vulnerable to scams – and schemers are well aware of this.
The EOFY period has always been a busy one for scammers, but the ongoing uncertainty triggered by COVID-19 enables them to augment their attacks and take further advantage of the fragile physiological state of busy professionals – essentially, presenting them with an opportunity to use an enhanced sort of psychological warfare.
At MailGuard, we believe that a collaborative approach can help mitigate the risks of these scams. We recommend that you report any scam that you see or hear to the relevant authorities. Let this also be a good opportunity to re-evaluate how prepared your business is to defend itself from any fraudulent schemes or scams as the EOFY approaches. If you need more support protecting your business from cybercrime, feel free to reach out to us at firstname.lastname@example.org.