Payment redirection scams, also known as business email compromise scams, were the most financially damaging scams for Australian businesses in 2020 according to the ACCC’s Targeting Scams report.
In a payment redirection scam, scammers impersonate a business or its employees via email and request an upcoming payment be redirected to a fraudulent account.
Scammers will target new or junior employees, as they are less likely to be familiar with the businesses finance processes.
Scammers are also intercepting business emails with invoices attached and changing the BSB and account number before onforwarding to the intended recipient.
What are the red flags?
Before making a payment, always check the invoice details and verify their legitimacy by contacting the supplier especially if you notice any of the following red flags:
It was sent from a different email address than usual. Unfortunately, scammers will often use phishing tools to gain access to legitimate business email accounts, so it is important to be alert for anything else unusual including:
- The invoice itself is of low quality or contains spelling or grammatical errors.
- The account details or how to pay instructions are different
To verify any changes, make sure you use an existing phone number known to you. Do not use the phone number supplied on the invoice as this may have also been altered.
It is important to follow your normal payment procedures, even if the request appears to come from a manager or valued customer.
And in all cases, if you believe you’ve been a victim of a scam, contact your bank as soon as possible and make a report on the Scamwatch or the Australian Cyber Security Centre websites.