Australia’s peak independent consumer protection body has revealed businesses have lost $14 million due to payment redirection scams in the past year.
The Australian Competition and Consumer Commission (ACCC) today (Mar 31) also revealed average losses so far in 2021 were more than five times higher compared to average losses during the same period last year.
The staggering losses to Australian businesses have been released via by the ACCC’s Scamwatch website — www.scamwatch.gov.au/ — which provides information to consumers and small businesses about how to recognise, avoid and report scams.
ACCC Deputy Chair Delia Rickard said the total losses were much higher as scams were reported to a range of different organisations.
Ms Rickard said in particular a payment redirection scam — also known as business email compromise scam – the fraudsters impersonate a business or its employees via email and request that money, which usually is owed to the legitimate business, is sent to a fraudulent account.
“Payment redirection scams impact businesses across many industries, including real estate, construction, law, recruitment, and universities,” she said.
“Scammers tend to target new or junior employees, or even volunteers, as they are less likely to be familiar with their employer’s finance processes or the types of requests to expect from their supervisors.
“We recommend organisations ensure their staff are well trained in the company’s payment processes and remain aware of payment redirection scams,” Ms Rickard said.
Payment redirection scams can take several different forms. In some instances, scammers hack into a legitimate email account and pose as the business, by intercepting legitimate invoices and amending the bank details before releasing emails to the intended recipients.
In one instance, a victim lost $16,500 in a single transaction after a scammer used a staff member’s email address to send an invoice to a customer with ‘updated bank details’, redirecting the payment to the scammer’s personal bank account.
Other times, payment redirection is done by spoofing, when scammers impersonate CEOs or other senior managers using a registered email address that is very similar to that of the genuine email address. The scammer will then request that staff transfer funds to them or make a payment to a third party on behalf of the business.
Scamwatch has also received reports of fraudsters posing as staff members, where they request the employee’s salary be paid into the scammer’s bank account.
“An increasing number of reports are coming from sports and community clubs which reported more than $55,000 in losses to payment redirection scams last year. It is likely we will see similar figures this year, with $18,000 already reported lost so far in 2021,” Ms Rickard said.
Scammers posed as the president or treasurer and requested staff to action payments for ‘equipment’ or other business needs, but the money went straight into the scammer’s bank account.
Other businesses or individuals have also inadvertently paid a scammer as a result of a payment redirection scam.
“It can be difficult to recover money lost to a payment redirection scam, so prevention is really important,” Ms Rickard said.