Cyber criminals in Africa and Eastern Europe are among those targeting Australian businesses as police manage to recoup $45 million from online thieves.
The money, which the Australian Federal Police (AFP) has returned to businesses in the past three years, represents almost half of cyber criminals' haul from scamming businesses via email in 2021/22 alone.
That year, businesses reported losing more than $98 million - or an average loss of $64,000 per successful breach - to email compromise scams, whereby criminals either hack into a legitimate email account or use a fake email account to steal money.
Cyber criminals were able to hack into businesses' email accounts and alter the bank and contact details on invoices before they were sent on to customers, the AFP said.
They also impersonated the business to start a fake transaction with a customer, redirect salaries into their own bank accounts or trick workers into revealing sensitive business information.
Cybercrime operations commander Chris Goldsmid said local criminals and criminal groups along with those in Africa and Eastern Europe were among the thieves targeting Australian businesses.
"Businesses, especially mum-and-dad businesses, are the engine room of Australia. Business owners work hard and the AFP is working hard to protect them from the cyber criminals looking for an easy pay day,'' Commander Goldsmid said.
"Cybercrime is the break-in of the 21st Century ... and for many in the community it is reimagining what a crime scene looks like."
Businesses that managed to get back some or all of their stolen money generally used the Australian government's cyber crime reporting tool, ReportCyber, and contacted their banks within 24 hours of realising they'd been stolen from, Commander Goldsmid said.
The AFP on Sunday released 11 videos explaining how Australians could avoid cyber crimes ahead of Cyber Security Awareness Month in October.
The videos also explained what people should do if they were targeted, with Commander Goldsmid urging businesses to immediately report cyber crimes, make their accounts secure and notify any third parties who could also be duped because of an attack.
Businesses should put limits on their levels of access to minimise the risk of falling victim to crimes, and avoid opening links or attachments in suspicious emails, Commander Goldsmid said.
The AFP works with Australia's big four banks as part of its Joint Policing Cybercrime Coordination Centre in a bid to thwart cyber criminals' attacks.