JLT
Is your local government at risk of being targeted by scammers?
By: Rachel Fenner

More than $1,660,000 has been lost in Australia since the outbreak of COVID-19 due to people letting their guard down and falling for common scams.

Scamwatch received more than 3300 reports since the virus was declared a pandemic.

Some of these scams include:

  • Phishing – Government impersonation scams
  • Phishing – Other impersonation scams
  • Superannuation scams
  • Online shopping scams
  • Scams targeting businesses

Local governments are not immune to scammers.

Earlier this year, the City of Kalgoorlie-Boulder was taken in by a "man-in-the-middle scam".

The City believed it was paying $170,000 to a legitimate contractor.

However, this money was paid into a scammer's bank account.

The fraud involved creating legitimate looking emails, purchase orders and information to change bank accounts, which looked perfectly normal.

Meanwhile, a simple call to the contractor to confirm a change in bank account information would have stopped these swindlers in their tracks. 

The man-in-the-middle scam that impacted Kalgoorlie-Boulder has been successful all around the world. 

Four top tips that can protect your local government from the same fate include: 

  1. Checking spelling, tracking numbers, names, contact numbers, senders or URLs for legitimacy.
  2. Verifying any requests to change bank details by contacting the supplier directly using trusted contact details.
  3. Implementing a multi-person approval process for transactions over a certain dollar amount.
  4. Investing in data analytics to increase detection of fraud, irregular transactions or anomalies in the payments process.

It's also good to maintain communication with businesses you connect with regularly about scams they see, how they can protect you and how you can protect yourself.

As general advice, local governments should also invest in training employees in fraud prevention. 

Letting employees know about current fraud and cyber fraud schemes will help then spot and report suspicious activity. 

When handling emails employees should: 

  • Verify the sender and the email address – ensuring the spelling is correct.
  • Be cautious with clicking on embedded links. Verify that the website address is legitimate (official website with correct spelling).
  • Scrutinize attachments and do not click or open.
  • Treat a message as suspicious if there is a stated or implied urgency to it.
  • Never allow an unidentified source remote access to your computer.
Get in contact with the Risk Team for further support in managing scam risks.