Am I a target? Understanding cyber risks

By Rob McKie - August 14, 2018

Cybercriminals don’t discriminate, with attacks aimed to exploit vulnerabilities in the cyber-security protocols, practices and policies of all organisations.

However, among the most commonly affected are small and medium enterprises, which often lack the level of sophistication required to combat even the most basic of threats.

In particular, internal finance divisions – the functional area where invoices and payments are channelled, the division responsible for your money – are frequently targeted, with scams fooling even the most seasoned of finance professionals. While vigilance is critical, it’s no longer sufficient to protect your organisation from cyber theft.

According to the Australian Cybercrime Online Reporting Network (ACORN), in 2017 false billing was among the top-three scams in Australia, representing an annual increase of 324% and responsible for $22.1 million in false transfers according to Scamwatch. Pitcher Partners believes this is just the tip of the iceberg.

Below are two prominent scams to be aware of.

Payment redirection scams

Using information obtained directly by hacking you, or indirectly by hacking your supplier’s computer systems, a scammer poses as a regular supplier, informing you their banking details have changed. These requests often appear genuine, including branding and templates that make it difficult to distinguish from a legitimate request.

The scammers provide new bank account details, requesting future payments to be processed accordingly. In more sophisticated instances, scammers may intercept legitimate invoices in email transit, replacing them with an invoice with altered account details. Unfortunately, this type of scam is often only detected when the supplier requests overdue payment.

Perhaps more worrying is when personnel from your organisation are hacked and their email account used to submit illegitimate invoices with scammers’ account details to accounts payable. Sophisticated scammers may even state in the email that the change of bank details has been checked and validated. While it sounds like the plot of a movie, it’s a reality for a growing number of organisations today.


Keyloggers are most often used for the sole purpose of stealing usernames and passwords, and other confidential information. With your bank access details, cybercriminals can create or alter payment requests or even authorise transactions.

But how do they get access to your system in the first place? This can occur by simply clicking a link or opening a malicious document or website that contains malware. Documents may appear legitimate as though produced by an accounting package such as MYOB, Xero or Quickbooks. While this type of threat has implications for all personnel within an organisation, scammers often target generic accounts payable mailboxes and accounts payable staff, making it important to remain aware and vigilant.


To protect your firm, suppliers, clients and personnel, Pitcher Partners recommends developing and implementing a cybersecurity policy encompassing protocols, procedures, monitoring and training to reduce the likelihood of cyberattacks penetrating your systems.

A robust approach to cybersecurity involves planning, ongoing training, maintenance, monitoring and more. For guidance or assistance with your unique cybersecurity needs contact Pitcher Partners for a confidential discussion.

Learn how to protect your organisation from cybercrime with these expert tips. Click here.

Contact our experts

Other articles


Top of Page


Rob Southwell

Rob Southwell's picture


Managing Partner and Partner – Private Business and Family Advisory

> View profile

Nigel Fischer

Nigel Fischer's picture


Managing Partner - Private Business and Family Advisory

> View profile

Michael Minter

Michael Minter's picture


Managing Partner

> View profile

Leon Mok

Leon Mok's picture


Managing Director

> View profile

Brendan Britten

Brendan Britten's picture


Managing Partner and Executive Director/Partner- Business Advisory and Assurance

> View profile

Ben Brazier

Ben Brazier's picture


Managing Principal

> View profile

Partnership fraud


Paperwork and independent advice saves partnerships from fraud

Discover more

Kia Ora Horse Stud


Pitcher Partners fills a Financial Manager gap to keep the business on track

Discover more

Fuel Injection Company Administration


A fuel injection company began life as an Australian public company before being acquired by a UK publicly listed company while in the research and development stage of a “green...

Discover more

@PitcherPartner LEADERSHIP | Client care is more important than ever as businesses & individuals navigate these challenging times.…