Protect yourself against business impersonation scams
- Home
- Help
- Security
- Scams and fraud
- Business impersonation scams
Here are some common business impersonation scams and tips to help you stay protected
Business impersonation scams come in many forms, including phishing emails, cold calls, fake invoices and even IT support. By impersonating legitimate businesses, scammers aim to appear more trustworthy, making the scams harder to detect.
Learn about the common types of business impersonation scams and how you can spot them.
Phishing email scams
One of the most common types of business impersonations is phishing emails.
Scammers send emails that appear to come from a trusted organisation. These emails usually ask you to click a link or download an attachment to verify information or complete a transaction.
Example scam
You receive an email that appears to be from your bank, stating that your Internet Banking has been locked. It asks you to click a link to reset your password. The link takes you to a fake website designed to steal your login details.
Suspicious sender address
Scam emails may come from addresses with spelling errors or unusual domains (e.g. @myG0V.com.au or AusTax0ff@gmail.com). The addresses may closely resemble legitimate organisations but contain small errors.
Sense of urgency
Scam emails often create panic to pressure you into acting quickly without thinking.
Suspicious links
Do not click on unfamiliar links in any emails.
Spelling and grammatical errors
Emails containing spelling or grammatical errors are often a sign of a scam. Legitimate companies do not have errors in their emails.
Unexpected attachments
Some phishing emails include attachments instead of links. Be careful if you receive an email with an attachment you were not expecting, as it may contain malware.
Fake business invoice scams
Scammers can gain access to a company's email system and use this to contact their customers.
They pose as the real business you have recently dealt with and send a fake invoice for work completed. These invoices can look genuine as the scammers can copy logos and ABNs, while altering the payment details so you end up paying a scammer instead of the business.
Example
You receive an invoice via email from the company you hired. You pay the company based on the details on the invoice.
However the invoice you received was a fake generated by a scammer. Instead of paying the business, your funds went to the scammer instead.
Check the payment details
Make sure you check the payment details with the company by calling them on a number that you know and trust.
Compare invoices
If you have received an invoice from the company before that is confirmed to be legitimate, compare the new invoice with the previous one to check for inconsistencies.
Spoofed email addresses
Scammers can generate emails that appear to come from the legitimate company. Email appearance alone is not a reliable way to distinguish whether the email is real or a scam.
Unexpected invoice?
If you were not expecting an invoice and received one via email, call the company on a trusted phone number listed to confirm whether the invoice is genuine.
Remote access scams
These scams involve scammers posing as employees from IT support, claiming that your device has been compromised and needs immediate attention.
They may ask you to download remote access software, which gives them complete control of your device. This allows them to access to your emails, bank accounts, personal data and allows them to install malware.
Example scam
You see a pop-up warning you of a virus on your device and to get in touch with IT support. You contact IT support from the pop up, they ask you to install remote access software to "fix" the problem.
Once you download the software, you have given the scammer control of your device.
Pop-up warnings
Legitimate companies will not contact you about urgent security issues through a pop-up. Do not click on alerts or call the number provided in the pop-up. Always close the window.
Unsolicited phone calls
If you receive an unexpected call about issues on your device, hang up and contact the company directly using its official website number.
Sense of urgency
Scammers create a sense of urgency by claiming your device is at risk and you must act immediately.
Remote access software
Do not allow anyone remote access to your device. Once they have access to your device, they have free reign.
Cold call scams
Scammers may impersonate employees from legitimate organisations such as banks, government agencies, tech support and even law enforcement. They call you out of the blue claiming there is a problem that needs to be fixed immediately.
Example scam
You receive a call from someone claiming to be from your bank, stating your account has been compromised. They ask for your details and SMS one-time passwords to secure your account. In reality, the phone call you received was from a scammer to gain access to your account(s).
Ask to hang up
Legitimate companies will allow you to hang up and call them back if you are not sure. If the caller does not want you to hang up, do not continue the call and hang up immediately.
Request for sensitive information
Scammers will ask you to provide your personal information, PINs, or SMS passwords over the phone. If you receive a call out of the blue asking for personal information, hang up and call the company on a listed number.
Unsolicited phone calls
If you receive a phone call unexpectedly that doesn't sound right, hang up and contact the company using its official number.
Sense of urgency
Scammers always create a sense of urgency to make you act quickly. Do not feel pressured to make a decision over a phone call.
Inconsistencies
Ask probing questions and listen for anything that doesn't add up such as vague answers or overly scripted responses.
Business impersonation is at the core of most scams
Most scams involve a scammer pretending to be from a legitimate business in order to lull you into a false sense of security and let down your guard.
Make sure to pause and double check any email, invoice or call you have received. Even if something looks legitimate, make sure you are confident you are dealing with the legitimate business before you act. Taking that little bit of extra time could save you from the scam.
Sources:
The information in this communication is general in nature and is intended to raise awareness about common scam tactics and preventative measures. While the information may assist you in mitigating your exposure to scams and fraud, this is not guaranteed in any way. Examples are illustrative only and are subject to the assumptions and qualifications disclosed. Whilst care has been taken in preparing the content, no liability is accepted for any errors or omissions in this communication, and/or losses or liabilities arising from any reliance on this communication.