ANZ warns small businesses after AUD $84 million cyber losses

ANZ is highlighting the risks faced by Australian small businesses from scams and cybercrime, urging vigilance as new data reveals losses and trends over the past year.

Cybercrime continues to pose major challenges for businesses in Australia, with national figures showing that businesses lost more than AUD $84 million to scams in 2024. According to the Australian Signals Directorate's latest Cyber Threat Trends Report, there were over 87,400 cybercrime reports lodged during the 2023-24 financial year, equating to a report every six minutes. This volume marks a 7 percent decrease from the previous year, but substantial financial risks remain, particularly for small businesses.

One of the most prominent threats to businesses is Business Email Compromise (BEC), which involves the impersonation of trusted contacts to steal money or sensitive data. BEC was responsible for 13 percent of reported incidents. Typically, this scam involves cybercriminals exploiting weaknesses in email systems or business processes, sometimes hacking into email accounts to alter invoice payment details and redirecting funds into accounts they control.

Scammers are also targeting small businesses by posing as banks, government agencies or other financial institutions in an attempt to trick individuals into sharing personal information, making funds transfers, or clicking malicious links. Data from 2024 indicates that small businesses, in particular, are disproportionately affected: the average cost per cybercrime incident for a small business reached AUD $49,000, an increase of 8 percent on the previous year.

Expert view

ANZ Head of Transaction Banking, Cosi De Angelis, commented, "Cyber Security Awareness Month offers an opportune time for us to remind businesses about the kinds of scams out there, and how they can help keep their staff and finances safe.

He continued, "At ANZ we're serious about helping businesses stay safe. We combine robust fraud protections with 24/7 support, and provide practical education, like our 'Stop. Check. Protect' approach, which encourages busy business owners to slow down and be wary of threats, helping them identify red flags and stay one step ahead of scammers."

"Too often, I see scammers attempt to target small business owners by impersonating trusted business partners or long-term suppliers. Business owners are often run off their feet, and cybercriminals will look to exploit this and take advantage of hardworking Australians. Given the sheer volume of emails, text messages, instant messages and social media messages business owners and employees send and receive each day, it's not surprising we tend to act on things straight away and sometimes overlook inconsistencies in correspondence. Scammers will take advantage of this - I implore Australians to double check all communication and if in doubt, contact your vendors and suppliers."

ANZ reports that between October 2024 and June 2025, its teams prevented and recovered over AUD $100 million in funds relating to scams and fraud. The bank's fraud detection systems and dedicated teams work around the clock to help safeguard small and medium-sized businesses from cybercrime.

Case study

Melbourne-based Benton's Plumbing Services is one small business that recently faced an attempted scam. Staff were contacted by scammers posing as genuine business partners and convinced to provide remote access to their computers. This action exposed the business to significant financial risk without their knowledge.

During the incident, ANZ's Falcon fraud detection technology identified suspicious activity as the business attempted a large overseas funds transfer. The ANZ Fraud Detection team intervened immediately, contacting Benton's Plumbing Services while staff were still engaging with the scammers via live chat, and successfully stopped any financial loss from occurring.

Benton's Plumbing Services' Chief Financial Officer, Aleks Nawrocki, commented, "Our team experienced a very significant scam near miss that was averted by the diligence of the ANZ team. The ANZ team was extremely quick and efficient, and the scam was thankfully, identified and prevented.

"Since the incident, our team has been more scam aware and confident in identifying when something doesn't feel right. It is extremely reassuring to know that we have been protected by the ANZ team and want to encourage other businesses just like us to operate with caution."

These types of scams are becoming increasingly sophisticated, often involving attempts to mimic supplier emails or communications. ANZ's advice for avoiding such threats includes being cautious about telephone or email requests to update banking details, confirming changes through phone calls rather than emails, and implementing two-person authorisation processes for sensitive or large payments.

Preventive steps

ANZ advises that banks will never ask for sensitive authentication details such as passwords, PINs or one-time codes. If requests of this nature are received, staff should end the interaction immediately. In addition, reviewing and updating internal procedures on payment authorisation and ensuring staff are aware of policies is critical for security.

Businesses are encouraged to continuously educate their teams about the signs of scams and the steps to take if suspicious activity is identified. According to ANZ, "Stop. Check. Protect" represents a practical approach, requiring all business owners and employees to stop before reacting, check correspondence for red flags, and take protective actions, including contacting suppliers directly when in doubt.

Information and educational resources on cybersecurity and fraud prevention are available for businesses through ANZ's online hubs and webinars. ANZ's customer protection teams and advanced technologies provide continuous support and active fraud monitoring.