Australians are being warned to watch out for fake email invoices. Scamwatch has urged individuals to check payment details directly with a business before paying an emailed invoice, following a rise in losses to payment redirection scams.
According to Scamwatch, Australians had reported losing $16.2 million to payment redirection scams last year. Although, the total number of reports had decreased by 28%, the total amount lost had increased by 3%, meaning that significantly more money per scam was lost last year compared to 2022.
ACCC Deputy Chair Catriona Lowe said, “Scammers are sophisticated criminals and are becoming more targeted in how they exploit Australian consumers and businesses. These criminals are posing as genuine businesses that a consumer has recently dealt with, sending fake invoices with altered payment details so that the money ends up with the scammer.”
The most common industries traditionally targeted by this scam are the real estate, legal, and construction sectors. Car dealerships, travel companies and their customers have also been targeted more recently according to Scamwatch.
How this scam works and what to look out for
Payment redirection scams, or invoice scams, are a type of impersonation scam that involve criminals posing as a real business that a consumer has recently dealt with.
Fake invoice scams can be difficult to identify. Here’s how it works:
- You receive an email invoice from a business you've been dealing with. It might look just like other emails from them and may appear in the same email or conversation history.
- The email comes from the real business email address, because scammers have accessed their systems - or the business email address has slightly changed, this can be as little as one letter.
- Scammers have changed the payment details on the invoice, directing your money to a fraudulent account. The fake invoice looks real and may have the business logo and ABN.
- If you reply to the email to ask about the payment details, the scammer will respond, 'explaining' the change.
- Using the payment details on the fake invoice, you pay the money.
- Your payment goes through, but your money goes to the scammer's account - not the real business you think you've paid.
- You don't notice that anything is wrong. Then the real business contacts you, asking for the money you've unknowingly paid to the scammers.
The fake invoice should be compared against a real business email or invoice. A fake invoice has different payment or banking details, or a different BSB and account number to the real business.
(Source: ACCC)
How to protect yourself
- Ask yourself ‘who’s really there?’
- If you are suspicious, don’t act straight away, confirm the authenticity of emails by contacting the business via phone rather than email.
- Independently verify payment details by contacting the business directly.
- Carefully examine email addresses for any subtle differences that may indicate fraudulent activity.
- Avoid using phone numbers provided in suspicious emails; rely on verified contact details, sourced independently.
- Be cautious of invoices and emails that mimic legitimate businesses, as scammers can replicate logos and details.
What to do if you have encountered a scam
If you believe you may have been a victim or lost money to a scam, it’s important to notify your financial institution as soon as possible.
Australian Mutual Bank members can contact our Fraud Team by calling 13 61 91 or by emailing info@australianmutual.bank.
Seek support from IDCARE (a free government-funded service) who can help you develop a response plan to limit the damage. IDCARE will never contact you out of the blue.
Help others by reporting the scam to Scamwatch.
If you or someone you know has been impacted and may need ongoing help, there are support services available. These avenues of support are available to help, listen and believe.
For more advice on how to avoid scams and what to do if you or someone you know is a victim of a scam, see our Security Advice section or visit the Scamwatch website.
Sources: