With scammers likely to ramp up activity during the Easter period, the Commonwealth Bank is warning small and medium-sized enterprises (SMEs) to be extra vigilant.
According to new survey data commissioned by CommBank, a growing number of SMEs are taking proactive steps to shield themselves from rising scam threats, with 84% of business owners and senior managers either implementing or planning scam prevention measures.
The caution follows findings that more than one in three SMEs (36%) have been targeted by scams at least once since launching their business.
Rebecca Warren (pictured), executive general manager of small business banking at CommBank, said it's promising to see more small businesses prioritising protection.
“We know running a small business involves wearing many hats… business owners may be less likely to spot some of the red flags, which can make them vulnerable to scams,” Warren said.
SMEs are adopting a range of strategies to boost their resilience against fraud. The most common measures include:
Warren noted that busy holiday periods like Easter often see a spike in scam attempts, as criminals exploit staff absences and reduced oversight.
“Scammers recognise business owners or key staff are often on holiday... this affords them more opportunity combined with less chance of being caught,” she said.
The most dangerous scams impacting businesses today are business email compromise (BEC) scams, where fraudsters gain access to a legitimate email account and manipulate payment details.
These scams often involve emails that appear to be from trusted sources—such as employees, suppliers, or senior managers—requesting altered payment information or bank account updates.
Warren warned that AI is increasingly being used by scammers to craft more convincing communications, making scams harder to detect.
“The more business owners and their staff are aware of the risks, the more likely they’ll be able to spot red flags,” she said. “People truly are the first line of defence.”
CommBank outlined three critical areas to focus on when building defences.
Staff awareness is paramount. Education on scam tactics significantly reduces risk.
CommBank reported a 70% decrease in customer scam losses over two years, largely thanks to increased awareness.
Verification steps such as calling suppliers on known numbers before making payments or requiring dual authorisation for account changes are essential safeguards.
Using multi-factor authentication and regular antivirus updates can prevent cyber intrusions and protect business systems from threats.
Business owners are encouraged to enroll in the free Cyber Wardens course, a program developed by CommBank, Telstra, and COSBOA. The latest version now includes content on AI threats, aligning with the evolving tactics used by cybercriminals.
CommBank continues to lead initiatives that protect customers through advanced security features like NameCheck, CallerCheck, and CustomerCheck.
The bank also urges immediate action if a scam is suspected: contact your bank and local authorities without delay.
For more information on how CommBank supports small businesses against scams, visit: commbank.com.au/business/security.
