Businesses urged to watch out for email invoicing scams

Businesses urged to watch out for email invoicing scams

Scamwatch, the competition regulator's website highlighting business scams, is calling on businesses to urgently review how they verify and pay accounts and invoices as reports of business email compromise (BEC) scams have grown by a third this year.

"This is a very sophisticated scam, which is why many businesses only realise they've been caught out once it's too late," ACCC Deputy Chair Delia Rickard says.

BEC scams occur when a hacker gains access to a business's email accounts, or 'spoof' a business's email so their emails appear to come from the company. The hacker then sends emails to customers claiming that the business's banking details have changed and that future invoices should be paid to a new account.

These emails look legitimate as they come from one of a business's official email accounts. Payments then start to flow into the hacker's account.

In other variations of the scam, the hacker will send an email internally to a business's accounts team, pretending to be the CEO, asking for funds to be urgently transferred to an off-shore account. Hackers can also request salary or rental payments be directed to a new account.

Scamwatch has even received reports of the hackers intercepting house deposits that have been sent to conveyancers, real estate agents or law firms.

"It's a scam that targets all kinds of businesses, including charities and local sporting clubs. There is a misconception these scams target just small business, however the largest amount of reports and losses came from medium sized businesses, including one that lost more than $300,000," Ms Rickard says.

Businesses have reported losses to these scams totalling $2.8 million to Scamwatch in 2018. However, this represents only a fraction of total losses to this variety of scam across Australia. BEC scams cause businesses significant financial harm, accounting for 63 per cent of all business losses reported to Scamwatch. The average loss is nearly $30,000.

"Effective management procedures can go a long way towards preventing scams, so all businesses should firstly be aware these scams exist and that their staff know about them too," Ms Rickard said.

"They should consider a multi-person approval process for transactions over a certain dollar threshold and keep their IT security up-to-date with anti-virus and anti-spyware software and a good firewall.

"Businesses should also check directly with their supplier if they notice a change in account details. It's vital businesses don't do this just by return email or using other contact details provided. Find older communications to ensure you have the right contact details or otherwise independently source them, so they can be sure they're not contacting the scammer," Ms Rickard said.

Businesses affected by BEC scams should contact their financial institution immediately and consider professional IT advice to ensure their email systems and data are secure from hackers.

Businesses can report scams to www.scamwatch.gov.au

Never miss a news update, subscribe here. Follow us on Facebook, LinkedIn, Instagram and Twitter.

Business News Australia

Enjoyed this article?

Don't miss out on the knowledge and insights to be gained from our daily news and features.

Subscribe today to unlock unlimited access to in-depth business coverage, expert analysis, and exclusive content across all devices.

Support independent journalism and stay informed with stories that matter to you.

Subscribe now and get 50% off your first year!

SMEs urged to consider business insurance to mitigate financial risks
Partner Content
A single “bad luck” incident could cause financial disaster for many Australian sma...
Advertisement

Related Stories

Samuel Gordon takes top honour at 2024 Gold Coast Young Entrepreneur Awards

Samuel Gordon takes top honour at 2024 Gold Coast Young Entrepreneur Awards

From high school dropout to leading buyer’s agent, Australian...

Square Peg and Atlassian co-founder Farquhar back AI startup Lorikeet in $5m seed round

Square Peg and Atlassian co-founder Farquhar back AI startup Lorikeet in $5m seed round

Sydney-based customer-experience startup Lorikeet has raised $5 mil...

Digital agency Social Garden grows its e-commerce focus with acquisition of The Natives

Digital agency Social Garden grows its e-commerce focus with acquisition of The Natives

Digital marketing agency Social Garden has acquired fellow Melbourn...

ANZ agrees to fork out $99m for two class actions as Westpac and Macquarie continue the fight

ANZ agrees to fork out $99m for two class actions as Westpac and Macquarie continue the fight

ANZ Banking Group (ASX: ANZ) has agreed to pay out a total of $99 m...