End of financial year scams – how to spot and handle them
The end of financial year is a busy time for all organisations in any country. Accounts teams have all hands on deck for pay runs, tax summaries and bookkeeping. But it’s also a busy time for scammers. Cyber threat actors take advantage of this busy time to capitalise on feelings of urgency and trick accounts teams and individuals through end of financial year scams. These cyber criminals will also target private individuals with fake tax related cons or tax time shopping deals.
Below, we’ll look at some of the most common end of financial year (EOFY) scams, and tips on how to keep you and your business protected.
Common end of financial year scams
There are many EOFY scams that have proven successful to victims in previous years. In fact, research by the Commonwealth Bank in 2023 found that around 1 in 4 Australians have been exposed to or experienced an EOFY or tax scam.
Here are some of the most common ones seen at this time of year:
- Fraudulent invoices. Also known as a false billing scam, this involves sending a fake invoice to a business an attempt to trick staff into paying for goods or services they never received.
- Fake tax refunds. Posing as government agency representatives, scammers will contact accounts teams or private individuals supplying falsified receipts for refunds or reimbursements that will require an action that will reveal personal or financial information.
- Phishing scams. Phishing isn’t limited to EOFY, but during this period phishing scams via email or phone will appear to be from a legitimate source, such as the tax office or a bank, and will request financial or personal information from an individual.
- Business email compromise (BEC). Similar to phishing scams, BEC attacks involve cyber criminals impersonating a business’s staff or executive leaders via email, urging staff complete fraudulent business transactions.
- Brand impersonation. Scammers impersonate popular brands, offering EOFY deals and sales, and collect money for non-existent goods and services through a fake website.
How to recognise an end of year financial scam
You can spot EOFY scams by looking for the following warning signs:
- Out of the ordinary requests for sensitive information, or payments out of cycle
- Unknown or unverified senders or vendors
- Incorrect details in email signatures, or low quality and outdated branding and logos
- Suspicious attachments and links
- Attractive offers that seem too good to be true
- A sense of urgency in the language used, or threatens you if action isn’t taken
- Basic grammar and spelling mistakes.
How to handle end of year financial scam attempts
If you or your organisation has been targeted in an EOFY scam, you can take action to stop the attempt in its tracks and alert others.
Unusual requests for information or urgent payments
If you’ve received an unusual request for sensitive information or an urgent instruction in the business setting, the best way to validate the request is by speaking to the sender directly. A short phone call to check can quickly clear up whether or not the communication is legitimate.
An offer that appears too good to be true
If you’ve received an offer that seems to perfect, study the email closely before clicking any links. Does the branding look right? Is the sender email correct/verified? Is there unusual language or spelling errors? Any of these will indicate a likely scam attempt. But similar to the business setting, contacting the brand or organisation using their website-published phone number is the fastest way to confirm legitimacy of any offer.
Block and report suspicious senders
Block and report the email addresses of senders you know to be fraudulent through your email client’s tools. This applies to both the business and personal settings, and will help email providers to improve their identification of phishing attempts.
Let people know
If you’ve encountered an EOFY scam attempt, particularly in the business setting, notify those around you. Ensure your IT team knows about it so they can take steps block further attempts, and advise your own team and colleagues. If an attempt has been made with one of you, it’s likely being tried with others.
Notify the authorities
Report scams your local authorities, such as the National Anti-Scam Centre via Scamwatch in Australia, or through Action Fraud in the UK. Reports help the authorities to monitor trends, disrupt scam attempts, and warn people about new scams.
Learning more about cyber scams
During EOFY, it’s vital to protect your organisation by promoting a strong security culture. Everyone should be aware of the specific risks that come with this time of year. Ensuring employees know how to tell the difference between real messages and suspicious ones is crucial. The best security training is interactive and ongoing, not just a one-time event. Regular training helps to reinforce what to watch out for, and keeps everyone up to date on new scam tactics.
Our team of experienced cybersecurity specialists can help design or optimise your employee security awareness training. Reach out to us to learn how.