Skip to main content

Scams targeting businesses: EOFY edition

As the end of financial year fast approaches, bringing with it tax-time prep and extra admin, it’s not surprising that some business owners will be juggling more than usual. Sadly, this means that the chances of falling victim to a scam increases.

Scammers and online criminals are well-versed in taking advantage of time-poor people, and this is no different for business owners. In fact, small businesses reportedly lost $13.1 million in 2024*, with the biggest losses coming from businesses in Queensland.

When you are busy, it’s easy to miss the warning signs. That’s why we’ve put together some pointers to help you stay scam aware over the coming months.

Tax-related scams

The end of June brings with it an increased threat of tax refund and tax owed scams. Scammers impersonate the Australian Taxation Office (ATO) in the hope that their communication to you blends in with legitimate communications you’ve received about your tax.

Tax refund scams

Usually in the form of a text message or email, the scammer tells you that you’ve overpaid your taxes and there is a refund waiting for you. To claim the refund though, you first need to pay a transfer or administrative fee.

A scam text message about a tax refund

Tax owed scams

Like the above, this comes in an email or text message. The scammer claims you’ve underpaid your tax and that it must be paid in full, immediately. There will likely be a request for your bank or card details so payment can be taken, but the scammer may also ask you to transfer money or purchase gift cards.

Three key things to remember:

  • The real ATO will never send a text message or email with a link in it.
  • The real ATO will never send an email with an attachment.
  • When the real ATO does contact you, the communication will ask you to call them directly using the number on their website or by logging into your MyGov account.

If in doubt, stop, think and call the ATO directly to check the validity of the message.

Scams aimed at businesses

It’s not just at tax time that you need to be scam aware. There are scams circulating throughout the year specifically targeting small and medium businesses, and two of the most common are email compromise scams and false billing scams.

Business email compromise (BEC) scams

A scammer impersonates a legitimate business or an employee by hacking the email account and then requests a payment from you. This payment is usually flagged as overdue but could also be a totally fake transaction. Another version is ‘payment redirection’ where you’ll be told to use “new” bank details when making future payments.

Protect your business, your employees and yourself:

  • Ask yourself if the communication makes sense and matches other messages you have received from that same business.
  • Verify payment requests or updated account details with the supplier directly.
  • Review your own email security and enforce strong passwords, multi-factor authentication and implement rules to filter out malicious emails.

False billing and refund scams

These types of scams take advantage of busy business owners or their staff.

A false billing scam could be an email telling you that your website domain name is about to expire. It could be an invitation to list your business on a trade directory or comparison website, or even a phone call from someone confirming details of an advertisement booking or an order you’ve placed.

False refund scams see scammers contacting businesses and claiming an overpayment has been made into the business’s bank account and demanding a refund. This overpayment is usually because of a “technical error” or is blamed on a customer.

Protect your business, your employees and yourself:

  • Keep records of subscription expiry dates, and double check supplier details before paying any invoices or giving out information.
  • Always verify payment settlement and amounts before processing refunds, and only ever return money to the payment method it came from – never through transfers to alternative accounts or via gift cards.
  • Don’t be pressured into acting quickly – scammers love to use a sense of urgency to get what they want, so take your time before acting.

Stop, check, protect

Criminals scam Australian businesses for millions of dollars every year, so whatever the time of year, it pays to be scam aware. Keep up-to-date with current scam threats by visiting the ScamWatch and National Anti-scam Centre websites, and remember to STOP, CHECK, PROTECT.

Important information

Banking and Credit products issued by Police & Nurses Limited (BCU Bank).

Any advice does not take into account your objectives, financial situation or needs. Read the relevant terms and conditions, before downloading apps or acquiring any product, in considering and deciding whether it is right for you. The Target Market Determinations (TMDs) are available on our website or upon request.

*National Anti-Scam Centre report on scams data and activity 2024, March 2025