Australian businesses have lost more than $14 million to payment redirection scams in one year, with one victim losing $16,500 in one transaction.
In payment redirection scams, scammers pose as a business or employee in an email and ask that money is sent to a fraudulent account, normally by claiming that their payment details have changed.
The Australian Competition and Consumer Commission (ACCC) sounded the alarm on the scams on Tuesday, warning that the losses in 2021 are more than 500 per cent higher than the same period in 2020.
In one scam, the victim lost $16,500 after the scammer used another staff member’s email address to issue an ‘invoice’ with ‘updated’ bank details.
“Payment redirection scams impact businesses across many industries, including real estate, construction, law, recruitment, and universities,” ACCC deputy chair Delia Rickard said.
“Scammers tend to target new or junior employees, or even volunteers, as they are less likely to be familiar with their employer’s finance processes or the types of requests to expect from their supervisors.”
In other instances, scammers pretend to be CEOs or senior managers. They use email addresses that appear to be genuine and request staff transfer funds across to either them or a third party.
“An increasing number of reports are coming from sports and community clubs which reported more than $55,000 in losses to payment redirection scams last year. It is likely we will see similar figures this year, with $18,000 already reported lost so far in 2021,” Rickard added.
Money lost to payment redirections cams is difficult to recover. “Prevention is really important,” she said.
“Don’t deviate from your organisation’s payment procedure, even if the request you have received appears to come from your CEO or a senior manager.”
She said it’s critical that even if the request appears urgent to still take the time to consider the legitimacy of the email and the request, before moving any money.
“Whenever there is a request to change payment details, always check with the organisation using stored contact details, rather than those in the requesting communication.”
Australians who believe they have become a victim of a scam are urged to contact their bank immediately and to report the cyber crime at cyber.gov.au.