Brought to you by

Protect your construction business against invoice scams

Posted 4 weeks ago in Small business by Guest
Posted by Guest

Clinton Cowin is the Managing Director Tradiepad, which source and recommend technology and apps for different trade businesses. Today he shares some security tips to help you make sure your business is working securely online. 

Technology is strongly embedded into our daily lives. Whether it be for social or work purposes our dependency on devices and adoption of new technologies is forever growing. Tradies in particular are really embracing all the benefits of improved professionalism that mobile devices and cloud technology can provide for them and their business. But how up to speed are you on working securely online?

Recently one of our very good clients in Melbourne came to us in a state of despair after discovering their business email had been compromised. The complexity of the attack astounded us. We found that the sneaky hackers had retrieved PDF invoices from previously sent emails, doctored the banking details and were re-issuing invoices to their clients requesting payment be re-directed to the fraudulent account. They even went to the extent of covering their tracks with email filters and removal of sent emails.

Unfortunately their customers were none the wiser as the invoices matched the company’s brand identity and appeared to be authentic. It wasn’t until one of their more vigilant customers smelled a rat with the different banking details and the true story was uncovered. Our TradiePad support team helped re-secure their email account and identify what had been sent where, but regrettably the hackers had already cost them $$$ in lost payments.

Cybercrime on the rise

Sadly this is not an isolated case. Cybercrime is steadily increasing and recently we’ve been alerted to a spike in invoice scams which are targeting the building and construction industry which greatly concerns us. Here’s a scary statistic for you:

More than $1.2 billion a year is lost to cybercrime in Australia alone. Lets ensure that your hard earned dollars don’t make up part of that figure by putting a few simple measures in place to keep your account secure and safeguard you, your trade business and your clients, against hackers.

Six Steps to Protect your Trade Business Against Cybercrime:

1. A strong password is key

Be sure to create unique and hard-to-guess passwords for all your online accounts. Our tip is to use password management software to easily create strong, unique passwords for all your accounts and keep them safe.

2. Use Two-Factor Authentication

Significantly reduce the risk of your email account becoming compromised by setting up Two-Factor, Multi-Factor or Two-Step Verification. If your email provider doesn’t offer this additional layer of account protection, we recommend you change to one that does.

3. Customer confirmation

Ask your customers to always check with you first by phone or in person if they receive an invoice with a new payment bank account number. You should also do the same with your suppliers.

4. Stay in touch

Contact your bank or the online merchant immediately and request that they freeze the funds before the hackers move anything offshore and it becomes untraceable. You should also file a report with the police and report any incidents to Scamwatch.

5. Utilise software

Anti-virus and anti-spyware software and a good firewall help keep your computer secure at all times. They’re also one of the easiest methods of maintaining secure trading.

6. We are here to help!

For more information visit Xero’s Security page, get updates on the latest security issues on Xero’s security noticeboard or forward suspicious, Xero branded emails to phishing@xero.com. Also, TradiePad customers can contact support@tradiepad.com.au for assistance.

By following these easy steps you can continue to enjoy the huge benefits of running your trades and construction business online, while confidently knowing that you are working in a safe and secure environment.

Leave a reply

Your email address will not be published. Required fields are marked *