How to protect your business from remote access scams

A remote access scam is when a cyber criminal convinces you to download an app or software which allows them to access your device remotely. Remote access scams pose a serious threat to businesses. In 2022 there was an 843% increase in reported remote access scams from the previous year. According to the Australian Competition and Consumer Commission (ACCC), the median reported loss for a business as a result of these scams in 2022 was $25,000.^{View Disclaimer 1}

Cyber criminals can gain access of your devices in a range of ways including:

• the cyber criminals may call you impersonating known businesses, telecommunication providers or government agencies and request access to your device to remove a “virus” or “fix an issue”
• cyber criminals can also create realistic looking websites impersonating known businesses. They use these to encourage you to download software by clicking on the website or a link. They can then start a “live chat” to assist you - however doing so can allow them remote access to your device
• in attempts to gain remote access, cyber criminals may convince you to contact them by displaying a pop-up warning on your device alerting you that the device has been compromised. The pop up will urge you to contact the team immediately using the number stated and the operator will ask you to download a software in order to “fix the issue”.

How cyber criminals can use your information

Your device is a key to access all stored information about yourself and your business. This may include your online banking passwords, credit card details, personal and work connections, your business data and other confidential information. Getting access to this information is a lucrative business for cyber criminals. If they can find a weak spot, they may attempt to use it for further malicious activities such as: 

• stealing your identity
• stealing your money
• using your credit card
• stealing your business data
• holding your business data ransom
• infecting your device with malware.

You should not action any request for remote access made by a caller even if they claim to be from your bank or computer service provider.

Case study: customer scam

Bernie’s story

Bernie*, a NAB customer, received a call from someone claiming to represent a well-known technology company. 

“The caller told me that there was a virus on my device, and they needed access to my device to prevent any data loss. The caller sent me a link to download an application and only needed me to approve access in order for them to remove the virus. The caller did not ask for any personal or banking information and the call ended shortly after.”

Bernie called NAB after logging in to their account and noticing there were two transactions, totalling $132, 000 that they didn’t make. Bernie mentioned the issue with their device and the call from the well-known technology company. It was discovered that by providing access to their device, this allowed them to make the transfers.

Regrettably the money could not be recovered, and Bernie was out of pocket for the full amount.

How did the scam unfold?

Bernie was unsure how the caller gained access to internet banking since Bernie had not provided any personal or banking information on the call. Unknown to Bernie, the caller had used remote access control of the device to find the internet banking login credentials. This allowed the cyber criminal to log in to Bernie’s internet banking and make two transfers over a 24 hour period.

*Name and some details have been changed for privacy reasons.