The Australian Competition and Consumer Commission (ACCC) has raised the alarm for citizens to be vigilant and confirm payment information directly with businesses prior to executing payments for emailed invoices.
The warning comes amid an escalating trend in financial losses attributed to payment redirection scams.
Over the past year, the sum reported lost by Australians to these scams amounted to $16.2 million. Even though there was a 28% decline in the volume of reports received by Scamwatch, the aggregate financial loss surged by 3% compared to the prior year.
According to ACCC deputy chair Catriona Lowe, the level of sophistication among scammers has increased significantly, with a shift towards more targeted approaches against both Australian consumers and companies.
“These criminals are posing as genuine businesses that a consumer has recently dealt with, sending fake invoices with altered payment details so that the money ends up with the scammer,” she said. “This scam is hard to detect because the scammer will either hack into the email system of the business or impersonate the business’s email address by changing as little as one letter.”
Historically, sectors involving substantial monetary transactions, such as real estate, legal, and construction, have been primary targets for the scams. However, recent reports to Scamwatch have highlighted that automotive dealerships and travel agencies, along with their clientele, are now also being preyed on.
See LinkedIn post here.
In a proactive measure, the National Anti-Scam Centre convened a forum with industries frequently targeted by these scams, sharing insights and reports from Scamwatch with law enforcement bodies to foster a collective response to these fraudulent activities.
Lowe offered guidance to both individuals and businesses to undertake due diligence by verifying payment details through direct communication with the respective companies, employing contact information acquired independently.
“If you receive an invoice via email, take the time to call the business on a number you have found yourself to confirm that the payment details are correct,” she said.
The operation of the scam involves receiving what appears to be a legitimate invoice from a known business, leading to a payment under the assumption it is legitimate. The scam is executed by gaining access to or altering the business’s email account, thus modifying the invoice’s payment details to divert funds to the scammer.
To safeguard against such scams, the ACCC emphasised caution before making payments:
Additionally, incidents involving compromised systems should be reported to cyber.gov.au.