By Bec Pauley & Garrett Douglas
October 2025

October is Cybersecurity Awareness Month, and while it may not be a topic that sparks excitement for everyone, it is one that affects us all. Scammers are getting smarter, and we’ve seen first-hand that both our clients and ourselves are being targeted more frequently. This month, we’re breaking down three of the scams we come across most often: how they work, what to watch out for, and the practical steps you can take to stay one step ahead.

Scam 1: Invoice and Payment Redirection Fraud

This one has been hitting our clients hard lately, and it’s alarmingly simple. A genuine supplier email gets intercepted, the bank details on the invoice are swapped out for the scammer’s, and by the time the payment is made, the money has disappeared into the wrong account. Most of the time, scammers don’t even bother with a real email trail; they’ll create a convincing fake invoice that looks like it’s come straight from your supplier.

How the scam works

• Scammers gain access to or imitate a supplier’s email.

• They change the bank account details on an invoice or send a “new account” notice.

• Payment goes to the scammer’s account instead of your supplier.

How to protect yourself

• Treat any change to payment details as suspicious.

• Always verify new bank account information directly with your supplier using a trusted contact number (not the one on the invoice).

• Set up internal procedures for double-checking payments above a certain threshold.

• When you or one of your team members is paying invoices, take a moment to double-check the details; small changes in bank account numbers or email addresses are often the biggest red flags.

What to do if it happens to you

• Contact your bank immediately — the sooner you act, the better the chance of stopping or recovering the payment.

• Let your supplier know so they can check their own systems.

• Report the incident to Scamwatch and follow their guidance on what steps to take next.

• Review your internal processes to avoid recurrence.

Scam 2: Business Name Renewal Notices

This one is sneaky because it plays on something every business owner has to do: keep their business name registration current. We’ve seen clients receive official-looking letters or emails reminding them to renew their business name, but here’s the catch - they aren’t from ASIC. Instead, they come from private companies offering to “handle the renewal for you,” usually at double the actual cost.

Now, to be clear, there are some legitimate third-party providers who can manage renewals on your behalf, but unless you’ve specifically engaged one, you should expect renewal notices to come directly from ASIC.

How the scam works

• Scammers (or over-priced operators) use publicly available data about your business name expiry to send you a renewal notice.

• The notice often looks formal and may even use ASIC’s logo, layout or language — though sometimes, it will state specifically “this is not a letter from ASIC.”

• You are directed to a website or payment link where you’ll be charged well above the official ASIC fee.

• At best, you’ve just overpaid. At worst, you’ve given your details to a dodgy operator who could interfere with your registration.

How to protect yourself

• Know what to expect - ASIC sends renewal notices about 30 days before expiry. If a letter arrives outside that window, treat it with suspicion.

• Check the sender - ASIC emails will always come from a .gov.au address, and letters will clearly state they are from ASIC.

• Know the real fees - currently, it costs $45 for one year or $104 for three years to renew directly with ASIC. Anything significantly higher is a red flag.

• Renew directly - the safest option is always through ASIC Connect on their website. If you want someone else to manage renewals, make sure it’s a provider you’ve chosen and authorised.

• Stay organised - mark your renewal dates in your calendar so you’re not caught off guard by unexpected notices.

What to do if it happens to you

• Don’t panic - your business name is likely still valid, but you’ve probably overpaid.

• Contact ASIC to check the status of your registration and confirm that it’s in your name.

• If you suspect the operator was fraudulent (not just expensive), report the incident to Scamwatch and follow their guidance on what steps to take next.

• Review who is responsible for renewals in your business and tighten your process to avoid recurrence.

Scam 3: Phishing Scams

Phishing scams come in many forms, but the goal is always the same - to trick you into handing over money, login details, or personal information. A recent example we’ve seen involved an email that looked like it came from a trusted source, offering a “$10 ticket” to enter a cash prize draw. The catch? To buy the ticket, the recipient was asked to enter a verification code — which actually authorised a much larger transaction.

How the scam works

• Scammers send emails or texts claiming you’ve won something, need to confirm your account, or can enter a competition.

• The message may ask you to click a link, make a small payment, or enter a verification code.

• Once you act, scammers use that access to complete large unauthorised transactions or steal your information.

How to protect yourself

• If you didn’t enter a prize or request a code, treat any such message as suspicious.

• Never enter verification codes unless you initiated the process yourself (e.g. logging into online banking).

• Avoid clicking links in unexpected emails or texts - go directly to the official website instead.

• Check sender details closely - scam emails often come from addresses that look almost right, but not quite.

What to do if it happens to you

• Call your bank immediately to stop or reverse any suspicious transactions.

• Change your online banking and email passwords straight away.

• Report the incident to Scamwatch and follow their guidance on what steps to take next.

• Keep copies of the message and any payments in case you need them for follow-up.

Staying One Step Ahead

Scams are becoming more sophisticated, and even the most vigilant business owners can get caught off guard. The good news is that a few simple habits go a long way in protecting yourself:

• Use strong, unique passwords and turn on multi-factor authentication.

• Don’t click on links or open attachments from unexpected emails.

• When money or personal details are involved, take a moment to double-check before you click, pay, or share. A quick phone call to your bank or a supplier, could save you a lot of money and stress.

• If you think you’ve been caught in a scam, don’t wait, contact your bank straight away and report it to Scamwatch so they can help and warn others.

Remember, scammers thrive on urgency and fear. Trust your instincts, take a moment to pause when something feels off, and use these tips to keep your information and your hard-earned cash where it belongs - with you.

Division 296 Super Tax

The Government has announced important revisions to the proposed Division 296 superannuation tax, confirming that unrealised gains will no longer be taxed under the new model. This follows significant feedback from industry and the community on the fairness and practicality of the original proposal.

Under the updated framework, from 1 July 2026, a tiered tax rate will apply only to realised earnings on large superannuation balances:

• Balances between $3 million and $10 million – earnings taxed at 30%

• Balances above $10 million – earnings taxed at 40%

Crucially, the tax will apply only to future realised earnings, addressing one of the most contentious aspects of the original plan. Unrealised gains — such as increases in the value of assets that have not been sold — will no longer be included in the calculation, ensuring that taxpayers are not taxed on paper gains.

While this announcement is a welcome refinement, it’s important to note that these measures have not yet been legislated. The Government expects to introduce legislation in 2026, following further consultation with industry and stakeholders.

We will continue to monitor developments and provide updates as legislation progresses.

Talk to us about super planning!