Paul Fuller says his account manager had good reason to trust the voice on the other end of the phone asking for bank details, but handing them over was a mistake that has cost his business almost $1.2 million. Key points Hackers recently stole $1.2 million from a family-owned Grafton business An ex-hacker says small businesses are seen as easy targets A NSW government body warns threats are rapidly evolving and businesses need to be prepared The man on the phone introduced himself as Mike from the National Australia Bank NAB. Mr Fuller’s Grafton-based earthworks business had previously dealt with a Mike from NAB in Coffs Harbour, so no-one was suspicious. “He knew who had been paid the day before in our normal weekly pay run, he knew everyone we paid and the amounts,” Mr Fuller said. “Mike” tricked the accounts manager into giving him access to the business bank accounts. “He said there’d been fraudulent activities and he needed to check things out and, bang, the money is gone.” Mr Fuller said, within minutes, the hacker had drained $1.2 million out of the company’s bank account, nearly ruining the business. “They NAB did get some money back but not nearly as much as went missing,” Mr Fuller said. NAB has since recovered $84,000, but has told Mr Fuller there is no chance of recovering any more. The financial pressure has taken a toll. Mr Fuller said he was struggling to keep the doors open. “Twenty-five families rely on us; I lie awake at night wondering how I’m going to keep going,” he said. Mr Fuller reported the incident to police and the banking ombudsman but held little hope of having any more money returned. “We now have lots more checks in place, including not talking to anyone from the bank except our bank manager,” he said. Mr Fuller warned other businesses to be cautious. “The banks never ring you and ask you those questions, so don’t give out any information to anyone,” he said. Ex-hacker helping businesses protect themselves As a 14-year-old, with a late 90s-era PC and a dial modem, Bastian Treptel hacked into one of the big four banks in Australia and stole the details of 40,000 credit cards. By 17, the police came knocking and he was offered a choice juvenile detention or community work assisting the police to detect cybercriminals. Former cyber hacker Bastian Treptel is now using his knowledge to help businesses to form better cyber defence systems. North Coast Miranda Saunders “I think it was more a bit of an embarrassment for the banks, so they didn’t really want to press charges. It was more the police that went after me,” he said. For the next 14 years, Mr Treptel ran his own company helping other businesses protect themselves. He said hacking was “similar to cancer” in that people did not think it would happen to them. “One in three people are part of a cyber attack,” he said. “People think they’re going to be provided support by the banking system and the government and they’re just not. “Only 4 per cent of Australians are getting their money back.” Why small businesses are increasingly targeted Mr Treptel warned it was easier for hackers to attack small businesses. “They generally have less security, they generally have easy funds to access, they might only have one person to sign at the bank, they use things like mobile phones, identities,” he said. Mr Treptel said hacking had become more sophisticated than most business owners realised. “It used to be that a hacker might target one or two businesses, but now I can use an artificial intelligence-based tool and I can do that to 50 businesses overnight,” he said. He said you did not even need to click on a malicious email or file now. “If you use Outlook as a browser, or even Gmail, it’s got the option to automatically download pictures, if you turn that on, you’re at risk,” he said. “So just by downloading a picture onto your computer, we can get it to run code and that code can infiltrate your computer.” Experts say just by downloading a picture onto your computer, hackers can infiltrate your computer. Reuters Samantha Sais He said AI could then open up every PDF that was thought to be an invoice and simply change the bank account details. Even smart TVs and other devices could be a threat. “Printers, TVs, if you’ve got smart air conditioners ” all these things have an IP address and all of them are an entry into your life and business,” he said. Mr Treptel said two-factor authentication should be used for everything. ID Support NSW, the state government agency that supports victims of identity theft and hacking, said it was important for businesses to improve their cyber security. “[This includes] mandating strong and complex passwords for all accounts, assessing the security of any third-party systems in use, limiting access to sensitive information as well as ensuring only collecting necessary personal information,” a spokesperson said. North Coast ” local news in your inbox Get our local newsletter, delivered free each Friday Your information is being handled in accordance with the Privacy Collection Statement . Email address Subscribe