What is Invoice Fraud? What Tradies can do to Avoid It!

G’day, Legends👍

In the trade business, we’re all about getting the job done, right? But there’s one area you might not pay enough attention to until it hits us hard: cybersecurity. I came across an article written by the ABC that’s all too common yet eye-opening. In the post by consumer affairs reporter Amy Bainbridge and Loretta Florance, a family building business losing a hefty $51,000 to scammers through what’s known as a business email compromise (BEC) scam. It’s a stark reminder of the digital age dangers lurking behind our daily grind.

The Underbelly of Our Digital Toolbox

Let’s face it, many of us tradies are so laser-focused on the physical job at hand that the digital side becomes an afterthought. But this story underscores how vulnerabilities in IT systems—think using the same passwords for everything, skimping on antivirus protection, or being unaware of cookie hacking—can open the door wide to cybercriminals. These aren’t sophisticated hackers using high-tech gadgets; they’re opportunists exploiting basic security lapses.

Common Hacking Techniques Every Tradie Should Know

While we’re on the topic, let’s hammer down on five types of common hacking methods that could threaten our digital worksites:

1. Phishing Attacks: This is like bait fishing but in the cyber sea. Scammers send emails or texts that look legit, maybe like they’re from your bank or a supplier, tricking you into giving away personal info or clicking on a malicious link. Always double-check the sender’s details and never share sensitive info via email or SMS.
2. Password Attacks: Using the same password for everything? That’s like having one key for your ute, tool box, and house. Once a hacker has it, they’ve got access to everything. Use complex, unique passwords for different accounts to keep your digital doors locked tight.
3. Malware: This is a nasty software that can get installed on your device without you knowing, often through dodgy downloads or email attachments. It can spy on your actions, steal data, or even lock you out of your systems. Ensure your antivirus software is up to date and be cautious about what you download.
4. Man-in-the-Middle (MitM) Attacks: Imagine sending a text to your mate, but someone else intercepts it mid-way, reads it, and then sends it on. That’s MitM. It can happen over unsecured Wi-Fi networks, like at your local café. Avoid conducting business or sending sensitive info over public Wi-Fi.
5. Cookie Theft: Not the chocolate chip kind, unfortunately. Cookies are tiny bits of data websites use to track your browsing. Hackers can steal these to gain access to your online sessions, impersonating you to carry out fraudulent activities. Keep your browser and security software updated to guard against this.

The Devil’s in the Details

The scam was shockingly simple. An invoice, just a regular Word document (or even a PDF), was intercepted and altered with different banking details. Why so easy? Well, it lacked the digital safeguards that are second nature in modern invoicing software. This brings me to a crucial point: platforms like Xero, QuickBooks, and TradeMagnet aren’t just about keeping your books tidy. They’re fortified against such frauds with system-based notifications and secure, traceable invoice delivery methods that are a nightmare for any would-be scammer.

Armoring Up: Practical Tips for the Tradie

So, how do we strap on our digital tool belts and safeguard our hard-earned cash? Here are some tips:

1. Invest in Secure Invoicing Software: Ditch the email attachments for invoicing. Software like Xero, QuickBooks, or TradeMagnet sends invoices directly through their systems, adding a layer of security that’s tough to crack.
2. Double-Check Bank Details: Received an invoice with new banking details? Make a call to verify. It might seem a tad old-school, but a quick chat can save you from a world of financial pain.
3. Stay Informed and Educated: The digital world evolves faster than a teanager. Keeping abreast of the latest scams and security tips is as crucial as knowing the difference between a Phillips head and a flathead screwdriver.
4. Clear Your Browsing Data: Make a habit of clearing your browsing data. Most importantly you cookies. Not only can this assist in any issues you might be having with your browser but it can help[ prevent cookie hacking. I suggest doing this at least once a month.
5. Bulk Up Your Cybersecurity: This means unique passwords for each account (and no, “password123” doesn’t count), investing in solid antivirus software, and keeping an eye out for phishing scams. Remember, a strong gate keeps the digital dick-heads out.

My Digital Guard Dog: Norton Antivirus Protection

Over the past 6 years I’ve been using Norton Anti-Virus, and I love it!

Norton offers bloody heaps of features designed to protect your devices from viruses, malware, spyware, and even those stupid phishing attempts that try to reel you in with fake emails or texts. But it’s also about maintaining your digital privacy. With stuff like a secure VPN for when you’re on public Wi-Fi, firewall protection that monitors incoming and outgoing network traffic, and parental controls to keep the leaches safe online, Norton has got all bases covered.

One of my favourite features, is the password manager. Mate, I’m not shitting you when I say, I have a lot of passwords, my last count was 470! Now, I don’t suspect you are going to have that many, but the one’s you have, you want to keep safe.

The Norton Password Manager isn’t just a vault; it’s a smart system that picks up on new passwords as you create them, offers to save them, and then stores them securely. This means that every time I sign up for a new service or change a password, Norton’s there to make sure it’s kept safe and sound. And with the extension for your browser, it’s seamless to use, autofilling your login details when you revisit sites so you don’t have to remember every single one.

But it doesn’t stop at your desktop. The mobile app ensures that you have access to all your passwords even when on the job site, making it easy to log into supplier sites or loging into Trade Magnet (Haha, see hwat I did there). This level of convenience and security, means you can focus on the physical work without worrying about my digital safety.

Wrapping It Up

Fortunately, in Australia we have a fairly robust banking system and many victims of fraud find themselves compensated. That said, relying on post-fraud compensation is like wearing a hardhat after the hammer’s dropped on your head—it’s about prevention, not just cure.

“relying on post-fraud compensation is like wearing a hardhat after the hammer’s dropped on your head”

David List – LIST Media

This story isn’t just a cautionary tale; it’s a call to action for tradies to don our digital hardhats. The balance between manual expertise and digital vigilance is where we’ll find our strongest defense against the cyber shadows targeting our industry. Let’s not give these scammers a crack to slip through. By arming ourselves with knowledge, secure practices, and a bit of tech-savvy, we can keep our focus on the job at hand, and know that our digital backs are covered.

So next time you’re about to send off that invoice or make a payment, take a moment to ensure everything’s locked down tight, to keep those scamming dick-head outs.