(Australian Associated Press)
Australian businesses lost more than $14 million in payment redirection scams last year.
The Australian Competition and Consumer Commission says the average losses reported to Scamwatch this year are more than five times higher than the average losses in the same period last year.
And the total losses would be much higher as scams are reported to a range of different organisations.
In a payment redirection scam, scammers impersonate a business or its employees via email to request that money – which usually is owed to the legitimate business – be sent to a fraudulent account.
“Payment redirection scams impact businesses across many industries, including real estate, construction, law, recruitment, and universities,” ACCC Deputy Chair Delia Rickard said on Tuesday.
Scammers often targeted new or junior employees, or even volunteers, as they were less likely to be familiar with their employer’s finance processes or the types of requests to expect, she said.
Organisations should ensure staff were trained in the company’s payment processes, Ms Rickard said.
In some instances, scammers hack into a legitimate email account and pose as the business, by intercepting legitimate invoices and amending the bank details before releasing emails to the intended recipients.
In one instance, a victim lost $16,500 in a single transaction after a scammer used a staff member’s email address to send an invoice to a customer with ‘updated bank details’, redirecting the payment to the scammer’s personal bank account.
Other times, payment redirection is done by spoofing, when scammers impersonate CEOs or other senior managers using a registered email address that is very similar to that of the genuine email address.
The scammer will then request that staff transfer funds to them or make a payment to a third party on behalf of the business.
Scamwatch has also received reports of scammers posing as staff members, where they request the employee’s salary be paid into the scammer’s bank account.
“An increasing number of reports are coming from sports and community clubs which reported more than $55,000 in losses to payment redirection scams last year. It is likely we will see similar figures this year, with $18,000 already reported lost so far in 2021,” Ms Rickard said.
Scammers posed as the president or treasurer and requested staff to action payments for ‘equipment’ or other business needs, but the money went straight into the scammer’s bank account.
Other businesses or individuals have also inadvertently paid a scammer as a result of a payment redirection scam.
“It can be difficult to recover money lost to a payment redirection scam, so prevention is really important,” Ms Rickard said.